If you have this listener: <Listener className=”org.apache.catalina.core.AprLifecycleListener” SSLEngine=”on”/> on your server.xml, remove it and try. You can not use a keystore if you are using the APR connector
The difference between the two tags is that the way they work. Well, I will say an example so that you can imagine it better. Assume you have two pages, pageA, and pageB. In pageA you wrote the include tag. In this case the control was in pageA til you called the include tag. At … Read more
No, the Servlet API doesn’t provide a way. You really have to get hold of them all with help of a HttpSessionListener. You can find several examples in the following answers: How to find HttpSession by jsessionid? How to find number of active sessions per IP? How to check Who’s Online? How to invalidate another … Read more
url-pattern is used in web.xml to map your servlet to specific URL. Please see below xml code, similar code you may find in your web.xml configuration file. <servlet> <servlet-name>AddPhotoServlet</servlet-name> //servlet name <servlet-class>upload.AddPhotoServlet</servlet-class> //servlet class </servlet> <servlet-mapping> <servlet-name>AddPhotoServlet</servlet-name> //servlet name <url-pattern>/AddPhotoServlet</url-pattern> //how it should appear </servlet-mapping> If you change url-pattern of AddPhotoServlet from /AddPhotoServlet to /MyUrl. … Read more
Use quotes: resp.addHeader(“Content-Disposition”, “inline; filename=\”” + fileName + “\””);
The session management (client identification, cookie handling, saving session scoped data and so on) is basically already done by the appserver itself. You don’t need to worry about it at all. You can just set/get Java objects in the session by HttpSession#setAttribute() and #getAttribute(). Only thing what you really need to take care of is … Read more
Most of the time I test Servlets and JSP’s via ‘Integration Tests’ rather than pure Unit Tests. There are a large number of add-ons for JUnit/TestNG available including: HttpUnit (the oldest and best known, very low level which can be good or bad depending on your needs) HtmlUnit (higher level than HttpUnit, which is better … Read more
Data sent over SSL (HTTPS) is fully encrypted, headers included (hence cookies), only the Host you are sending the request to is not encrypted. It also means that the GET request is encrypted (the rest of the URL). Although an attacker could force a client to respond over HTTP, so it is highly recommended to … Read more
Multi-threading can be used in Web Apps mainly when you are interested in asynchronous calls. Consider for example you have a Web application that activates a user’s state on a GSM network (e.g activate 4G plan) and sends a confirmatory SMS or email message at the end. Knowing that the Web call would take several … Read more
As @martin and this answer explained, it is complicated. There is no bullet-proof way of getting the client’s ip address. The best that you can do is to try to parse “X-Forwarded-For” and rely on request.getRemoteAddr(); public static String getClientIpAddress(HttpServletRequest request) { String xForwardedForHeader = request.getHeader(“X-Forwarded-For”); if (xForwardedForHeader == null) { return request.getRemoteAddr(); } else … Read more