web.xml configuration
Root label
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:jsp="http://java.sun.com/xml/ns/javaee/jsp" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> <!-- Other contents --> </web-app>
Safety certification label
| element | explain |
|---|---|
| web-resource-collection | The web resource collection element identifies the subset of resources that need to be restricted. In the web resource collection element, you can define URL patterns and HTTP methods. If HTTP methods do not exist, security constraints are applied to all methods. |
| web-resource-name | Is the name associated with the protected resource |
| auth-constraint | The auth constraint element is used to specify the user roles that can access the resource collection. If the auth constraint element is not specified, the security constraint is applied to all roles. |
| role-name | Contains the name of the security role |
<security-constraint>
<display-name>Description name</display-name>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<!-- Four types of certification -->
<!-- BASIC: HTTP standard, Base64 This method is considered the most insecure authentication because it does not provide strong encryption measures -->
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<!-- DIGEST: HTTP Specification, data integrity is stronger, but not SSL Compared to BASIC Authentication, which is a relatively safe authentication. It will request data to pass during authentication MD5 Authentication by encryption -->
<login-config>
<auth-method>DIGEST</auth-method>
</login-config>
<!-- CLIENT-CERT: J2EE Specification, strong data integrity, public key(PKC) This is an authentication method based on client certificate, which is more secure. However, the defect is that it cannot be used on clients without security certificates -->
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
<!-- FORM: J2EE Specification, data integrity is very weak, there is no encryption, and a customized login interface is allowed. This is a basic user-defined form authentication. You can specify the verification form when logging in -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
| parameter | explain |
|---|---|
| BASIC | According to the HTTP specification, Base64 is considered the most insecure authentication because it does not provide strong encryption measures |
| DIGEST | HTTP specification has stronger data integrity, but it is not SSL. Compared with BASIC authentication, it is a relatively secure authentication. During authentication, it authenticates the requested data through MD5 encryption |
| CLIENT-CERT | J2EE specification, strong data integrity, public key (PKC), which is an authentication method based on client certificate, is relatively safe. However, the defect is that it cannot be used on clients without security certificates |
| FORM | J2EE specification, data integrity is very weak, there is no encryption, and a customized login interface is allowed. This is a basic user-defined form authentication. You can specify the verification form when logging in |
Web application icon, name and description
<!-- .gif perhaps .jpg format --> <!-- point out IDE and GUI Tools are used to represent Web Large and small icons for apps --> <icon> <!-- (16x16 (pixels) --> <small-icon>/images/app_small.gif</small-icon> <!-- (32x32 (pixels) --> <large-icon>/images/app_large.gif</large-icon> </icon> <!-- appoint Web The display name of the application, i.e GUI Abbreviations that the tool can display --> <display-name>Tomcat Example</display-name> <!-- Give the relevant explanatory text --> <disciption>Tomcat Example servlets and JSP pages.</disciption>
Initialization process
-
When you start a Web project, a container, such as tomcat, reads the Web Two nodes in the XML configuration file < listener > and < context param >
-
Then the container will create a ServletContext (context), which can be used by the whole WEB project
-
Then the container will convert the read < context param > into a key value pair and give it to ServletContext
-
The container creates a class instance in < listener >, that is, it creates a listener
Note: the class defined by listener can be customized, but it must inherit ServletContextListener
-
There will be a contextInitialized(ServletContextEvent event) initialization method in the listening class. In this method, you can use event getServletContext(). Getinitparameter ("contextConfigName") to get the value set by context param
-
There must also be a contextDestroyed(ServletContextEvent event) destruction method in this class, which is used to release resources before closing applications, such as closing database connections
After you get the value of context param, you can do some operationsNote that your WEB project has not been fully started and completed at this time. This action will be earlier than all servlets
-
Container for web The loading process of XML is context param > > listener > > filer > > servlet
Context param
Parameters within the scope of application are stored in servletcontext
<context-param> <param-name>contextConfigName</param-name> <param-value>contextConfigValue></param-value> </context-param>
effect
-
This element is used to declare context initialization parameters within the application scope (the whole WEB project)
Param name sets the parameter name of the context. Must be a unique name
Param value the value of the parameter name set
use
- On page
${initParam.contextConfigName} - In Servlet
String param = getServletContext().getInitParameter("contextConfigName");
filter
<filter>
<filter-name>OutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>testName</param-name>
<param-value>testValue</param-value>
</init-param>
<init-param>
<param-name>...</param-name>
<param-value>...</param-value>
</init-param>
<!-- filterConfig.getInitParameter("testName"); -->
</filter>
<filter-mapping>
<filter-name>OutFilter</filter-name>
<url-pattern>/Check.do</url-pattern>
<!--
Exact match:/index.jsp
Directory matching:/com/*
Extended matching:*.do
Match all:/*
-->
<!-- <dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher> -->
</filter-mapping>
| element | explain |
|---|---|
| <filter><\filter> | Set a filter |
| <filter-name><\filter-name> | Used to specify a name for the filter. The content of this element cannot be empty |
| <filter-class><\filter-class> | The fully qualified class name used to specify the filter |
| <init-param><\init-param> | Used to specify initialization parameters for the filter Its child element < param name > specifies the name of the parameter and < param value > specifies the value of the parameter In the filter, you can use the FilterConfig interface object to access the initialization parameters |
| <filter-mapping><\filte-mapping> | Element is used to set the resources intercepted by a Filter |
| < filter name > < \ filter name > child element | The registration name used to set the filter The value must be the name of the filter declared in the < Filter > element |
| < URL pattern > < \ URL pattern > child element | Set the request path intercepted by the filter (URL Style associated with the filter) |
| <servlet-name><servlet-name> | Specifies the name of the Servlet intercepted by the filter |
| < dispatcher > child element | Specifies how the resources intercepted by the filter are called by the Servlet container It can be one of REQUEST, INCLUDE, FORWARD and ERROR. The default is REQUEST The user can set multiple < dispatcher > sub elements to specify the Filter to intercept multiple calls to resources |
-
Values that can be set by < dispatcher > sub elements and their meanings
-
REQUEST: when the user directly accesses the page, the Web container will call the filter. If the target resource is accessed through the include() or forward() method of RequestDispatcher, the filter will not be called
-
INCLUDE: this filter will be called if the target resource is accessed through the include() method of RequestDispatcher. In addition, the filter will not be called
As long as it is embedded through < jsp: include page = "xxx.jsp" / >, each embedded page will go through the specified filter once
-
FORWARD: if the target resource is accessed through the forward() method of RequestDispatcher, the filter will be called. Otherwise, the filter will not be called
Only when the current page is forwarded through request forwarding, the specified filter will be taken
-
ERROR: if the target resource is called through the declarative exception handling mechanism, the filter will be called. In addition, the filter is not called
listener
<listener>
<listerner-class>com.listener.MyListener</listener-class>
</listener>
servlet
Basic configuration
<servlet>
<!-- <description>describe</description>
<display-name>Description name</display-name> -->
<servlet-name>TestServlet</servlet-name>
<servlet-class>com.my.controller.TestServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/testServlet</url-pattern>
</servlet-mapping>
Advanced configuration
<servlet>
<!-- <description>This is a text description about myservlet</description>
<display-name>myServlet</display-name>
<icon>...</icon> -->
<servlet-name>TestServlet</servlet-name>
<servlet-class>com.my.controller.TestServlet</servlet-class>
<init-param>
<param-name>testName</param-name>
<param-value>testValue</param-value>
</init-param>
<!-- stay servlet of
this.getInitParameter("testName") -->
<load-on-startup>0</load-on-startup>
<run-as>
<description>Security role for anonymous access</description>
<role-name>tomcat</role-name>
</run-as>
<security-role-ref>
<description>...</description>
<role-name>...</role-name>
<role-link>...</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/testServlet</url-pattern>
</servlet-mapping>
| element | explain |
|---|---|
| <servlet><\servlet> | Data used to declare a servlet |
| <servlet-name><\servlet-name> | Specifies the name of the servlet |
| <servlet-class><servlet-class> | Specifies the class name of the servlet |
| <jsp-file></jsp-file> | Specify the full path of a JSP page in the web site Servlet class and JSP file can only exist |
| <init-param><init-param> <param-name></param-name> <param-value></param-value> | Used to define parameters. There can be multiple init params Parameters within the scope of servlet can only be obtained in the init() method of servlet In the init() method of the servlet, pass this Getinitparameter ("testName") get |
| <load-on-startup></load-on-startup> | The load on startup element marks whether the container should load the servlet at startup (instantiate and call its init() method). Its value must be an integer indicating the order in which the servlet should be loaded Specifies the order in which servlets are loaded when the Web application starts When the value is negative or undefined: the servlet container will load the servlet the first time a Web client accesses it When the value is positive or zero: the servlet container loads the servlets with small values first, and then loads other servlets with large values in turn When the values are the same, the container will choose its own order to load. |
| <run-as><run-as> | Specifies the running identity used to execute the Web application. It contains an optional description and the name of the security role |
| <security-role-ref><\security-role-ref> | Used to link the security role name defined by < security role > to an alternate role name hard coded in servlet logic This additional layer of abstraction allows the servlet to be configured at deployment time without changing the servlet code |
| <servlet-mapping></servlet-mapping> | It is used to define the URL corresponding to the servlet and contains two sub elements |
| <servlet-name></servlet-name> | Specifies the name of the servlet |
| <url-pattern></url-pattern> | Specify the URL corresponding to the servlet |
- The three tags of description, display name and icon must be in the order from description to display name and then to icon, otherwise an error will be reported
Session timeout configuration (in minutes)
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<!-- The setting value is-1 Indicates that the session will never time out -->
MIME type configuration
<mime-mapping>
<extension>htm</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>doc</extension>
<mime-type>application/msword</mime-type>
</mime-mapping>
Specify welcome profile page configuration
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
</welcome-file-list>
Configuration error page
<!-- Configure by error code error-page -->
<error-page>
<error-code>404</error-code>
<location>/jsp/NotFound.jsp</location>
</error-page>
<!-- Configure by exception type error-page -->
<error-page>
<exception-type>java.lang.NullException</exception-type>
<location>/jsp/error.jsp</location>
</error-page>
<!-- When the system occurs java.lang.NullException(In case of null pointer exception), jump to the error handling page error.jsp -->
jsp-property-group
<jsp-config>
<jsp-property-group>
<!-- Group Import jsp file -->
<url-pattern>*.jsp</url-pattern>
<!-- set up jsp The header of the web page with the extension.jspf -->
<include-prelude>/WEB-INF/jspf/first.jspf</include-prelude>
<!-- set up jsp The end of the page with the extension.jspf -->
<include-coda>/WEB-INF/jspf/end.jspf</include-coda>
</jsp-property-group>
</jsp-config>
TLD configuration
<jsp-config>
<taglib>
<!-- Describe a relative web.xml Document location URI,Used to identify Web Tag libraries used in applications -->
<!-- If URI And JSP On page taglib Used in instructions URI Use this if the string matches taglib -->
<taglib-uri>http://jakarta.apache.org/tomcat/debug-taglib</taglib-uri>
<!-- be relative to Web The file location of the tag library descriptor in the application root directory -->
<taglib-location>/WEB-INF/pager-taglib.tld</taglib-location>
</taglib>
</jsp-config>
Get parameters in configuration file
- servlet
import javax.servlet.ServletConfig;
public void init(ServletConfig config) throws ServletException {
super.init(config);
// getInitParameter of ServletConfig is used to obtain parameters
String testName = config.getInitParameter("testName");
}
- struts
try {
javax.servlet.ServletConfig config = this.getServlet().getServletConfig();
System.out.println("--" + config.getInitParameter("testName"));
} catch (Exception e) {
e.printStackTrace();
}
- jsp
String testName = new String(application.getInitParameter("testName"));