Container-managed security for Java web applications

Web applications often need to provide security on application access (authentication) and on page access control rules (authorization). It can take a lot of time to implement these requirements from scratch to produce a secure application, but thanks to the Java Servlet specification, such common security requirements can be handled at the container level. This article explains how to apply container-managed security in Apache Tomcat in a Java web application for authentication and authorization:
Read the full article.

JSF Exception Handling

Everyone who develops Java EE web applications needs to pay attention to exception handling. When a program encounters an error, developers can display friendly messages for end users, which increases their trust in the application. Also, by adding adequate exception handling, you can troubleshoot and debug application defects. Since version 2.0 the JavaServer Faces framework has supported an exception handling mechanism to provide a centralized place for handling exceptions in JSF applications. In this article, I explain how to utilize the JSF exception handling mechanism using a practical example. I published this article in Wazi:

The effective Java logout servlet code

What is the issue?

You may face an issue when you try to write your own Servlet logout code as follows:

protected void doGet(HttpServletRequest request,
		HttpServletResponse response) throws ServletException, IOException {

	response.sendRedirect(request.getContextPath() + "/login.jsp");

The issue in this code is that after it runs on the web container, You may find that the user session is not cleared completely in IE (However, on Safari, Chrome, and Firefox, it may work fine). i.e) You can access pages that requires a user authentication after running this logout code in IE.

Why do we have this issue?

Well, this issue is related to the caching of the pages in the Internet Explorer.

How to solve this issue?

You need to prevent the page caching from the HTTP response as follows:

protected void doGet(HttpServletRequest request,
		HttpServletResponse response) throws ServletException, IOException {

	response.setHeader("Cache-Control", "no-cache, no-store");
	response.setHeader("Pragma", "no-cache");

	response.sendRedirect(request.getContextPath() + "/login.jsp");

After writing the first two headers response lines, your logout will work in all the browsers.

Getting the path of WEB-INF folder from a Java Servlet

You may need to get the path of the WEB-INF folder from your Java Servlet for reading custom configuration files or writing temporary files or doing other related work. In order to get the path of the WEB-INF folder (or its sub folders) from your Java Servlet service methods, you can do this by using the getRealPath() API in the ServletContext interface as follows:

String path = getServletContext().getRealPath("/WEB-INF");

If we have for example a folder called xyz under the WEB-INF folder, we can get its path as follows:

String path = getServletContext().getRealPath("/WEB-INF/xyz");

Error 500: java.lang.NoClassDefFoundError:

You may face this error when you are working with Apache commons file upload.

Error 500: java.lang.NoClassDefFoundError:

In order to solve this error, you need to include the Apache commons IO jar in the lib folder of your web application. You can download this jar from:

Java Web Development Introductory Course For Beginners Slides

I had written a set of slides to be an introduction for guys who wish to start writing web applications with Java.

These slides cover the following topics in a simple way:

1. The Servlet Model.

2. Web Applications Structure.

3. The Web container Model.

4. JSP.

5. JSP Standard Actions, EL.

6. JSTL.

7. Classic Tag Libraries.

You will find samples for each lesson in the zip file. I wish you will learn from this course.