JEE Web Fundamentals Training

JEE Web Fundamentals is a five-day hands-on JEE / Java EE training course geared for experienced Java developers new to JEE, who need to get up and running with essential dynamic web development skills. Created in collaboration with several leading JEE / Java EE s authors and industry experts, this comprehensive course teaches students how to design and program servlets and JSPs, including all the important concepts and hands on labs that will have you building working server-side applications in no time flat. This course provides core JEE knowledge and skills that can be used as the foundation for developing production-quality web applications to a basic level.

Servlets and JavaServer Pages are key server-side Java technologies for building web applications. Servlets are programs that run on a web server; they can respond to client requests and create dynamic content. Java Servlets allow flexible generation of dynamic content without the limitations of CGI-based applications or those created in a web server-specific manner. The JavaServer Pages (JSP) technology allows one to separate static from dynamic content while harnessing the power of Java Servlets.

New enhancements in JEE 5 simplify web application develop, supporting the use of annotations, dependency injection, and a Common Expression Language (for use with both JSPs and JSF). One of the most significant enhancements to JEE 5 is EJB 3.0 and the inclusion of the Java Persistence API (JPA).

Students who attend JEE Web Fundamentals will leave the course armed with the required skills to design and build scalable, secure, maintainable web applications - leveraging Trivera Technologies' extensive experience in the delivery of scalable enterprise applications with complex web interfaces based on JEE technologies.

Throughout this training, you will be confronted with common web application design problems and given the tools you will need to solve them, such as JEE design patterns. You will also be exposed to a range of JEE and web technologies such as Servlets, JSPs, EJBs, JNDI, XML, and advice on when and how to use them.

Students will also learn about the capabilities of servlets, their advantages, servlet architecture, and session management. Developers will also learn about JSP syntax, deployment, and application models, how to use Java as a scripting language, how to use custom tags, and how to build robust and capable web applications using Servlets and JSP. The course begins with a discussion of web application architecture. A major part of the course is spent on Servlets and JavaServer Pages (JSP). It then covers interacting databases using JDBC, Java's database access technology. The course includes an introduction to Web Services. The course concludes with an examination of JEE and web application security providing students with an understanding of the importance of defensive coding practices. Throughout the course, students will create code for an online store. Students will learn not only specific topics and APIs but also how to fit the pieces together into a complete application.

Topics covered include:

• JEE Application Architecture
• JDBC (Java Database Connectivity)
• Servlets
• Java Server Pages (JSP), EL, and JSTL
• JavaServer Faces
• EJB3 and Persistence
• Messaging
• Web Services
• JEE Security
• Web Application Security
• Please note that the course can be tailored to include other APIs of interest - please inquire for details and options.

Working in a dynamic, lab-intensive hands-on coding environment students will learn to:

• Design and build web applications from both business and technical requirements
• Build web interfaces with JSPs and Servlets, using the latest technologies in JEE 5.
• Write maintainable web applications that separate HTML and Java
• Understand the design and development of web applications using Servlets and JSPs
• Work JEE's version of dependency injection
• Make Servlets cooperate and share data
• Store and process session information
• Deal with concurrency issues
• Understand and create JavaServer Pages (JSPs)
• Link Servlets and JSPs
• Use the built in JSP objects
• Embed JavaBeans in a JSP
• Use JavaBeans in a JSP
• Use servlets and JSP together
• Access databases with JDBC
• Understand and work with JEE 5 persistence options, including JPA
• Work with new annotations included in JEE 5
• Expose web components as web services
• Recognize basic web security vulnerabilities and implement effective defenses

The course provides a solid foundation in basic terminology and concepts, extended and built upon throughout the engagement. Processes and best practices are discussed and illustrated through both discussions and group activities.

Attending students will be led through a series of advanced topics comprised of integrated lectures, extensive hands-on lab exercises, group discussions and comprehensive demonstrations. Please see below for additional information about the hands-on lab work.

Session JEE Application Architecture

• What is JEE?
• Common Themes In JEE Framework
• JEE Containers and Components
• Servlets
• Java Server Pages (JSP)
• EJBs and Web Services
• JEE Containers
• JEE Application Modules
• The JEE 1.5 Specification
• JEE Platform Roles
• Annotations
• Dependency Injection

• JEE and the Web
• Adding JSPs to Separate Presentation
• Eliminating Java code from view
• The Model 2 Architecture
• Using EJBs
• JEE Infrastructure Supporting Web Applications Lesson Review

Session Web Applications

• JEE Application Modules
• The Truth about Archives
• Enterprise Application Archive (EAR)
• Enterprise JavaBean Archive (JAR)
• JEE Application Client (JAR)
• Resource Adapter Archive (RAR)
• Web Application Archive (WAR)
• Directory Structure

• Mapping an HTTP Request to a Resource
• The web.xml File
• Structure
• Declaring Servlets and JSPs
• Servlet Mapping
• Servlet Init Parameters
• Web Application init Parameters
• Welcome Page
• Error Page

Session Developing Servlets

• Servlet Overview
• Life Cycle of Servlets
• Servlet Lifecycle is Handled by Web Container
• HttpServlet
• Writing the init Method
• HttpServlet doXXX Methods
• Writing a Simple HTTP Servlet
• HttpServletRequest Methods
• ServletResponse
• HttpServletResponse
• Servlet I/O Classes
• Return a Status Code
• Building the Output Document
• Sending Binary Content

• Form Processing with Servlets
• HTML Form
• LoginServlet doPost

• Request Dispatcher
• Forward the processing
• Passing Processing on and Getting it Back
• Servlet Runs Within Web Container Environment
• Several Options for Receiving Data
• Init Parameters and Attributes
• ServletConfig; ServletContext
• Servlet Variables are Scoped
• HTTP Request Information
• Several Options for Sharing Data
• configuration and Context
• Servlet Variables
• HttpServlet Request
• Threading and Data
• Threading and Data 2

• Output Buffering
• Setting Status Codes; Setting Headers
• sendRedirect
• Disabling Client Caching
• Supporting Persistent Connections
• Setting Content Length
• Dynamic Content Pushing

• Session Management
• Tracking Problem - Stateless HTTP
• Data Problem - Session Data
• Solving the Tracking Problem
• Cookies
• Cookie Behavior; Retrieving Cookies
• servlet to set Cookies
• Servlet to Show Cookies
• URL Rewriting
• Solving the Data Problem
• Web Container Manages Session Instances
• Sessions with Cookies
• Cookie-Based Sessions
• Basic Session Implementation
• Cookie Detection is not Standardized
• Getting Rid of Http Sessions
• Session with URL Rewriting

• Event Listener Model
• Life Cycle Events in a Web-Application
• Declare the Listener
• Type of Events
• Context Listeners; Session Listeners
• Session Listeners for Session-Objects

Session Filters

• What is a Filter
• Single Filter
• Filter Objects
• doFilter Method
• init Method
• Filter Life Cycle
• Cascading Filters

• Request Wrapper
• Process the Request
• Examples of Request Filters
• Filter the Response
• Response Wrapper

Session Developing JavaServer Pages

• Separating Presentation from Model
• Java Server Page (JSP): An Extension of Servlet
• Lifecycle of a JSP
• Example JSP
• JSP Syntax Consists of Three Types
• JSP Scripting: Declarations; Expressions; Scriptlets & Directives
• The session Attribute
• The errorPage/isErrorPage Attribute
• JSP Actions
• JSP Actions: Include/Forward
• Typical JSP Access Model
• JSP Action: useBean
• Implicit Objects
• JSPs or Servlets?
• The web.xml in JEE 5
• JSP Format Rules
• JSP Error Pages

• Implicit Objects
• Page Object; Config Object
• Request Object; Response Object
• Out Object
• Output Buffer
• Session Object
• Application Object
• PageContext Object
• Attributes
• Session Attributes
• Exception Handling

• The Expression Language
• The Expression Language
• Enable/Disable EL
• Variables
• Literals and Operators in the JSP EL
• Implicit Objects in JSP EL
• Reserved Words
• EL Functions
• Developing the Function
• Declaring the Function in the TLD
• Using the Function
• Pre-Built EL Functions

Session JSTL

• Introduction to JSTL
• Expression Language (EL) in JSTL
• Review of JSP Bean Tags
• Tag Collaboration
• JSTL Core
• <c:choose> <c:when> <c:otherwise>
• <c:if>; <c:import>; <c:forEach>; <c:forTokens>; <c:out>; <c:param> ; <c:catch>; <c:redirect>; <c:remove>; <c:set>;
• Using c:set to pass HTML
• <c:url>

Session JavaServer Faces

• JSF User Interface
• Managed Beans
• Managed Properties
• Navigation Rules
• Navigation Cases
• Outcomes
• JSF Tag Libraries

Session Database Integration: JDBC and JEE

• JDBC Versions
• The JDBC API
• JDBC in JEE
• Programming with DataSources
• JNDI names
• DataSource Programming Best Practices

• Structured Query Language (SQL)
• Statements & Statement
• PreparedStatements
• PreparedStatement
• ResultSet
• Executing Inserts, Updates, and Deletes
• Mapping SQL Types to Java Types
• CallableStatement

• Data Access Object (DAO)
• DAO Structure
• DAO Example: ProductDAO
• The DAOFactory
• Complete UML Diagram
• Using the ProductDAO

Session Persistence and EJB3

• Entities and Metadata
• Entity Manager
• Finding Entities
• Deploying and Runtime Issues
• Implementation Options

• Defining Enterprise JavaBeans
• JavaBeans™ vs EJBs
• EJB Architecture Overview
• EJB Container & Types of EJBs
• Session Beans
  • Stateful and Stateless
  • Lifecycle
• Message-Driven Bean
  • Messaging Constructs
  • Lifecycle
  • Unique Aspects of MDBs

• Entity Beans and POJOs
• Entity Bean Lifecycle
• Entity Manager and Entities
• CRUD Operations with Entities
• ORM Options

• Transaction Definitions
• The ACID Transaction Properties
• Transaction Lifecycle
• Overview of a Transactional System
• JEE Transaction Support

Session Additional JEE Components

• Java Message Service (JMS)
• When is Messaging Used?
• Two Messaging Models
• More On Publish/Subscribe
• Logical View of Publish/Subscribe
• More On Point-to-Point (P2P)
• Logical View of Point-To-Point
• Message Servers
• JavaMail; JavaMail Architecture
• XML
• An XML Document
• JEE and XML

• What are Web Services?
• Web Services Architecturally
• XML and Web Service APIs
• Binding Using JAXB
• Web Service Interoperability - JAX-WS
• Web Services for JEE - WSEE
• Servlets as Web Services
• EJBs as Web Services
• Routing SOAP requests to an EJB

Session Security in JEE

• Typical JEE App Server Security Services
• Java 2 Platform Security Model
• Java 2 Security in JEE
• JAAS Authentication: Who are you?
• JEE Security Overview
• Authorization: Are you allowed access?
• High-Level Trace of JEE Authorization
• Deployment Descriptors Play a Large Role
• Declaring Secure Resources
• Declaring the security roles
• Typical JEE App Server Security Services
• Security on the Web; Secure Web Traffic
• SSL In Action
• Responsibilities For Security
• CMS: Declaring HTTPS
• Authentication Challenge Mechanisms

• Attacks are Constant and Changing
• Open Web Application Security Project
• Assets are the Targets
• The Context for Defensive Coding
• Attackers Not Hackers
• Cross-Site Scripting (XSS): Description
• Defending Against XSS Attacks
• SQL Injection: Description; Example & Drill Down
• Defending Against SQL Injection Attacks

• Unvalidated Input: Description
• Protecting a Web Resource
• Defending a Web Application
• Defending a Web Application/Resource
• Responding to Error State
• Best Practices for Untrusted Data
• Additional Types of Attacks

Upcoming Dates & Locations