111-GF. Developing Java Web Applications
Version 5.0

Book cover

Gives the experienced Java programmer a firm understanding of web application development in the Java Enterprise environment. Students learn the Servlets, JSP, and JSTL standards and how to mesh them into an effective methodology for building maintainable model/view/controller web applications. Students also work with relational databases and are exposed to practicalities of using both JDBC- and JPA-based persistence tiers. The course also introduces security concepts and provides exercises in both declarative and programmatic approaches to authentication and authorization for Java web applications.


  • Java programming experience is required; Course 103, "Java Programming," is excellent preparation.
  • Exposure to HTML and web page design are beneficial but not necessary.

Learning Objectives

  • Understand the value of web applications to an IT enterprise, and the importance of the Java EE platform in enabling web development.
  • Build servlets to respond to HTTP requests.
  • Build JavaServer Pages to define HTTP responses.
  • Combine servlets and JSPs in a model/view/controller architecture to maximize efficiency and maintainability of application code.
  • Define HTML forms and process form input.
  • Store and retrieve information at request, session, and application scope.
  • Make effective use of HTTP sessions as managed by the Java EE web container.
  • Use the JSP Standard Tag Library to implement appropriate presentation logic in a JSP.
  • Take full advantage of the relationship of servlets and JSPs to the Java EE web container using configuration, context, and lifecycle techniques.
  • Manage persistent data from web applications by working with persistence tiers, JDBC, and/or JPA.
  • Implement and configure servlet filters.
  • Declare security policies for web applications, and use programmatic authorization where appropriate.

Timeline: 5 days.

Server Support: GlassFish

  • This version of the course works with the GlassFish server. Our Java EE courses are available in variants that support various server products, including Tomcat, GlassFish, JBoss, and WebLogic. For more details, and to find a desired server-specific version of a course, see our server-support matrix.

IDE Support: Eclipse Indigo

  • In addition to the primary lab files, an optional overlay is available that adds support for Eclipse Indigo. Students can code, build, deploy, and test all exercises from within the IDE, and take advantage of built-in editors, integrated debugging, and wizards for JSF applications, XML files, JSPs, and more. See also our orientation to Using Capstone's Eclipse Overlays.

Chapter 1. Overview of Java EE Web Applications

  • The World Wide Web
  • HTTP
  • HTML and XML
  • CSS
  • Dynamic Web Applications
  • The Java EE Platform
  • Java EE Servers and Portability
  • Servlets
  • JavaServer Pages
  • JSTL
  • Web Archives and Enterprise Archives
  • Model/View/Controller
  • Forms
  • Sessions
  • Context and Lifecycle
  • Databases
  • Security
  • Filters
  • JavaServer Faces

Chapter 2. Servlets

  • The HTTP Message Model
  • The Servlets API "Kernel"
  • HttpServlet
  • Request and Response Objects
  • Mapping URLs
  • Attributes and Scopes
  • Forwarding and Redirecting

Chapter 3. JavaServer Pages

  • Dynamic Web Pages
  • Relationship to Servlets
  • Directives
  • The Unified Expression Language
  • Page Scope
  • Implicit Objects
  • <jsp:useBean> and "Model 1"
  • MVC and "Model 2"
  • JSP Documents

Chapter 4. Working with Forms

  • HTML Forms
  • Submit Method: GET vs. POST
  • Reading Single-Value Components
  • Reading Multi-Value Components
  • Reading Button Input
  • Input Validation

Chapter 5. Sessions

  • Sessions over HTTP
  • HttpSession
  • Session Scope
  • Session Pitfalls

Chapter 6. The JSP Standard Tag Library

  • Custom Tags
  • The JSTL Libraries
  • The Core Library
  • Iterating Over Collections
  • The Formatting Library
  • Formatting Dates and Numbers
  • Working with Maps
  • Conditionals
  • Loops
  • Variables
  • Importing Documents

Chapter 7. Custom Tags

  • Custom Tag Libraries
  • Tag Library Architecture
  • Implementing in Java or JSP
  • Correct Use of Scopes
  • Invoking Presentation Logic
  • Reusing Presentation Fragments
  • Classic Tag Handlers
  • Simple Tag Handlers
  • Tag Files

Chapter 8. Context and Lifecycle

  • Containers and Components
  • Context and Lifecycle Interfaces
  • Initialization and Context Parameters
  • Loading Resources
  • Lifecycle Methods
  • Lifecycle Annotations
  • Context Listeners
  • JNDI and the Component Environment
  • Dependency Injection

Chapter 9. Working with Databases

  • Persistence Challenges
  • Persistence Strategies
  • JDBC
  • DriverManager
  • DataSource
  • Data Access Objects
  • JNDI Quirks and Portability Issues
  • JPA
  • Entity Annotations
  • Entity Managers
  • Persistence Units
  • Working with Persistent Data
  • Processing Tables
  • Limiting Query Scope

Chapter 10. Filters

  • Servlet Filters
  • Uses for Filters
  • Implementation
  • Deployment
  • Configuration and Context

Chapter 11. Security

  • Threats to Enterprise IT
  • Web Applications as Prime Targets
  • Container Services
  • Authentication for Web Applications
  • Authorization
  • HTTP BASIC Authentication
  • HTTP DIGEST Authentication
  • Declaring Security Constraints
  • Abstract Roles, Concrete Realms
  • Configuring User Realms
  • Custom Error Pages
  • Frustrations with BASIC and DIGEST
  • Doing It Yourself
  • FORM Authentication
  • Programmatic Security
  • Beyond Container-Based Security
  • OWASP and the Top 10

System Requirements

Hardware Requirements (Minimum) Dual-core 1.8 MHz, 4 gig RAM, 10 gig disk space.
Hardware Requirements (Recommended) Dual-core 2.8 MHz, 8 gig RAM, 10 gig disk space.
Operating System Tested on Windows 7. Course software should be viable on all systems which support a Java 6 Developer's Kit.
Network and Security Limited privileges required -- please see our standard security requirements.
Software Requirements All free downloadable tools.