CS4010 Mid-Term Examination

 

1.     (15 pts.} I opened dateIPServlet in Firefox and saw the text below:

    


Reloading the Firefox tab, I saw:



What Apache-Firefox TCP/IP interactions am I observing and how does the data I see confirm this?

Answer:
An Apache-Firefox session consists of a Request and a Response. The Request is to a well-known port and involves a handshake in which the Server receives a Client socket to respond to. After the Server responds it closes the socket. The new request requires a new handshake, hence a new Response socket.

 

 

2.     (10 pts.) What is a Cross-Site Scripting (XSS) Attack and how might JSP Core Tags be used to protect against them?

Answer:
An XSS Attack involves injecting script into a Server Response, causing a Browser to be redirected to a scam page.

3.     (20 pts.) Describe the Servlet life-cycle, in particular the roles of init() , destroy(),  doGet(), and doPost() .  Your descriptions should include the role of Thread s and in the life-cycle.


Answer:
When a Servlet process is started, the init() method is called and Tomcat continues to call on that specific process until Tomcat is restarted or the webapp’s owner touches its web.xml. At that point the destroy() method is called and the process is stopped. doGet(), and doPost() are called by the process’ service() method to respond to Request’s  . Each Request is serviced by a new Thread of the Servlet process.

4.     (15 pts.) Describe the functionality provided by forward() and sendRedirect() in servlet execution. 

Answer:
sendRedirect() forwards a Request in the same scope, however the forward is by a servlet-created URL containing URL specific request parameters. This is particularly useful when one wants to forward a Request off the Tomcat server.

forward()  also forwards requests, however within the webapps running on the Tomcat server. In this case, all existing request and response parameters are also forwarded as well as new ones added by the servlet, an example in class was a studentBean.



5.     (15 pts.) In the following line of JSP what terms might replace <scp> and, in terms of visibility, what would be the resulting scope of thename that is associated with each of the terms?
     <c:set var="thename" scope="<scp>” value="Joe Java" />


Answer:
Application: Begins when a webapp is started and ends when it is shutdown or reloaded
Request:  Begins when an HTTP request is received by a servlet and end when the servlet has delivered the HTTP response.

Session: May span across multiple Requests from the same client. The server and client maintain “session” parameters to match requests in the same session.

Page:    Page scope restricts the scope and lifetime of attributes to the same page where it was created.

 

 

6.     (10 pts.) In class I used the JSP below to produce a line of HTML text.  In general terms, describing the roles of doStartTag() , EVAL_BODY_BUFFERED, and doAfterBody() , How might the Custom Tag definition of SendMail  be rewritten to actually send the body text from Bob to Alice ?

                                        (Hint: Just the strings “Bob” and “Alice” themselves would not be enough)

              <%@ taglib prefix="sendit" uri="WEB-INF/mytags.tld"%>

        <center>

                  <h1><sendit:SendMail from="Bob" to="Alice"> See you tomorrow.</sendit:SendMail></h1>   

    </center>



Answer:
Rather than just names from and to values would be email addresses. doStartTag() would capture those values from tags start for doAfterBody() to process. EVAL_BODY_BUFFERED would capture the tags body, again, for doAfterBody() to process. Finally, besides returning a Response to the requester, it would call

           a “send_mail” method to build and send the desired email.




7.     (15 pts.) What information is provided and functionally specified by the following web.xml Node A and Tag Library Descriptor B.  
                  A

    <servlet>

          <servlet-name>persist</servlet-name>

          <servlet-class>persist</servlet-class>

       <init-param>

        <param-name>mysite</param-name>

        <param-value>hoare.cs.umsl.edu</param-value>

       </init-param>

          <init-param>

        <param-name>thesupport</param-name>

        <param-value>(123) 457-7890</param-value>

        </init-param>

      </servlet>

      <servlet-mapping>

          <servlet-name>persist</servlet-name>

          <url-pattern>/persist</url-pattern>

      </servlet-mapping>

                           B

         <tag>

             <name>student</name>

             <tag-class>mytags.GetStudent</tag-class>

             <body-content>scriptless</body-content>

             <attribute> 

                  <name>name</name> 

                  <required>true</required>

                  <rtexprvalue>true</rtexprvalue>

             </attribute> 

         </tag>

 


Answer:
A provides information about a servlet  named persist that is to be started by Tomcat. The servlet class is persist.class  and it is to be called using the url-pattern /persist  As part of the startup/init, Tomcat is to create two parameters thesupport and mysite with the given values. These parameters are available to all servlet requests.

 

 

B provides information about a custom tag named student. The tag class is GetStudent.class and is found in the mytags package. The tag  body is scriptless, basically text. There is one tag attribute named name it is required and can be a run-time expression.