qiyadeng

简单标签初始化过程：
START tag handler instance created --> setJspContext is called --> setter for attribute is called
--> setJspBody is called --> doTag is called -->END

HttpServletResponse.sendRedirect() 之后保持session(不支持cookies)
By enconding the redirect path with HttpServletResponse.encodeRedirectURL() method

There are only 3: page, taglib and include.

The HttpSessionAttributeListener interface can be implemented in order to get notifications of changes to the attribute lists of sessions within this web application.

The HttpSessionBindingListener interface causes an object to be notified when it is bound to or unbound from a session.

The HttpSessionListener interface notifies any changes to the list of active sessions in a web application

The HttpSessionActivationListener interface notifies objects that are bound to a session may listen to container events notifying them that sessions will be passivated and that session will be activated.

The ServletContextAttributeListener interface receive notifications of changes to the attribute list on the servlet context of a web application

Java code in the scriptlet is validated during the compilation phase of the servlet life-cycle.

During the page translation phase of a JSP page life-cycle, the JSP page is parsed and a Java file containing the corresponding servlet is created. The servlet created will contain the declared jspInit() overriding the default jspInit() method which is declared in a vendor-specific JSP page base class.

JSP declaration tag can contain an uninitialised variable declaration.

authentication techniques that are based on builtin mechanisms of HTTP:BASCI ,DIGEST

The following is the sequence of things that happen when you invalidate a session:
1. Container calls sessionDestroyed() on all HttpSessionListeners configured in web.xml (in the order they are declared in web.xml). Notice that although the method name is sessionDestroyed, the session is not destroyed yet. It is about to be destroyed.
2. The container destroys the session.
3. The container calls valueUnbound() on all the session attributes that implement HttpSessionBindingListner interface.

<security-constraint>
　　　<web-resource-collection>
　　　　<web-resource-name>SalesInfo
　　　　<url-pattern>/salesinfo/*
　　　　<http-method>GET 
                //可以0到多個,當0個時，代表外界沒有人可以用http的方法存取設限的資料(其餘方法如forward,include可被內部程式叫用)
　　　
　　　<auth-constraint>
　　　　<role-name>manager　　　　
                //可以0到多個或是設成"*",當設成"*"時所有人都可以存取,當設成，沒有人可以存取
　　　
　　　<user-data-constraint>
　　　　<transport-guarantee>NONE/CONFIDENTIAL/INTEGRAL
                //NONE implies HTTP；CONFIDENTIAL,INTEGRAL imply HTTPS
　　　

Only the following directives are valid for tag files:
taglib, include, tag, attribute, variable.

The following are the implicit objects availble to EL in a JSP page:
. pageContext - the PageContext object
. pageScope - a Map that maps page-scoped attribute names to their values
. requestScope - a Map that maps request-scoped attribute names to their values
. sessionScope - a Map that maps session-scoped attribute names to their values
. applicationScope - a Map that maps application-scoped attribute names to
their values
. param - a Map that maps parameter names to a single String parameter value (obtained by calling ServletRequest.getParameter(String name))
. paramValues - a Map that maps parameter names to a String[] of all values for that parameter (obtained by calling ServletRequest.getParameterValues(String name))
. header - a Map that maps header names to a single String header value (obtained by calling ServletRequest.getHeader(String name))
. headerValues - a Map that maps header names to a String[] of all values for that header (obtained by calling ServletRequest.getHeaders(String))
. cookie - a Map that maps cookie names to a single Cookie object. Cookies are retrieved according to the semantics of HttpServletRequest.getCookies(). If the same name is shared by multiple cookies, an implementation must use the first one encountered in the array of Cookie objects returned by the getCookies() method. However, users of the cookie implicit object must be aware that the ordering of cookies is currently unspecified in the servlet specification.
. initParam - a Map that maps context initialization parameter names to their String parameter value (obtained by calling  ServletContext.getInitParameter( String name))

It is very important that you understand what methods of the following interfaces are invoked in which situation.
HttpSessionActivationListener: Objects that are bound to a session may listen to container events notifying them that sessions will be passivated and that session will be activated. NOT configured in web.xml.
HttpSessionAttributeListener: This listener interface can be implemented in order to get notifications of changes to the attribute lists of sessions within this web application. Configured in web.xml.
HttpSessionBindingListener: Causes an object to be notified when it is bound to or unbound from a session. NOT configured in web.xml.
HttpSessionListener: Implementations of this interface are notified of changes to the list of active sessions in a web application. Configured in web.xml.

isRequestedSessionIdFromCookie method checks whether the requested session id came in as cookie

getAuthType() method of HttpServletRequest returns name of the authenticating scheme used to protect the servlet