How to build WAR file for Jakarta EE Servlet Container?

By I Wayan Saryada in Servlet 0 Comment

To build a WAR file for your Jakarta EE servlet application, the steps will vary depending on the build tool you are using. In this post I will show you how to use Apache Maven, build it in the IDE, or create it manually. Here’s how you can build a WAR file:

1. Using Maven

Maven is a widely used build tool in Java projects. If your project uses Maven, follow these steps:

a) Add WAR Packaging to pom.xml

Your pom.xml file should include these configurations:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>org.kodejava</groupId>
    <artifactId>helloworld-servlet</artifactId>
    <version>1.0</version>
    <packaging>war</packaging> <!-- Specify that the packaging is WAR -->
    <name>HelloWorldServlet</name>

    <dependencies>
        <!-- Jakarta Servlet dependency -->
        <dependency>
            <groupId>jakarta.servlet</groupId>
            <artifactId>jakarta.servlet-api</artifactId>
            <version>6.1.0</version>
            <scope>provided</scope> <!-- mark as provided since the container will provide the API -->
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <!-- WAR Plugin -->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-war-plugin</artifactId>
                <version>3.4.0</version>
                <configuration>
                    <failOnMissingWebXml>false</failOnMissingWebXml> <!-- Optional for Servlet 3.0+ -->
                </configuration>
            </plugin>
        </plugins>
    </build>
</project>

b) Directory Structure for WAR Projects

Ensure your project follows the standard Maven directory structure:

src/
└── main/
    ├── java/                     --> Your Java source files
    │   └── org/kodejava/servlet/HelloWorld.java
    ├── resources/                --> (Optional) Resource files
    └── webapp/                   --> Web application files
        ├── WEB-INF/              --> Configuration files
        │   └── web.xml           --> web.xml file (if required)
        └── index.html            --> Static files (Optional)

Important Notes:

  • webapp/WEB-INF/ is the location for configuration files. For modern servlets with annotations like @WebServlet, a web.xml file may not be required.
  • Additional static resources (like HTML, CSS, or JS files) can be placed under webapp/.

c) Build the WAR File

Run the following Maven command:

mvn clean package

Once the build is successful, the WAR file will be generated in the target/ directory, named as <artifactId>-<version>.war.

For instance: target/helloworld-servlet-1.0.war

2. Using an IDE (IntelliJ IDEA, Eclipse)

Some IDEs let you build a WAR file without using Maven explicitly. For IntelliJ IDEA:

a) Configure Your Project as a WAR

  1. Open your project in IntelliJ.
  2. Go to File > Project Structure > Artifacts.
  3. Click on the + button and choose Web Application: Archive > From Modules with Dependencies.
  4. Select your module and specify the location of your web and META-INF folders.
  5. Apply and save changes.

b) Build the WAR File

  1. Go to Build > Build Artifacts > Build.
  2. The WAR file will be created in the specified output folder.

3. Manually Create a WAR

If you’re not using a build tool and want to manually create a WAR file:

a) Prepare the Required Directory Structure

Manually create a structure similar to this:

project/
└── WEB-INF/
    ├── web.xml           --> Optional (for configurations)
    └── classes/          --> Compiled `.class` files (Java code goes here)
        └── org/kodejava/servlet/HelloWorld.class

Copy all your .class files, resources, and configuration files into their respective folders.

b) Create the WAR File

Navigate to the folder containing the root project directory and run:

jar -cvf HelloWorldServlet.war *

This command will package your project into a .war file.

By following any of these methods, you’ll have a .war file ready for deployment in your Tomcat 11 server.

How do I create a basic servlet using the HttpServlet class?

By I Wayan Saryada in Servlet 0 Comment

To create a basic servlet using the HttpServlet class in Jakarta Servlet API, follow these steps:

Steps to Create a Basic Servlet:

  1. Create a Java Class Extending HttpServlet:
    • Your servlet class should extend the HttpServlet class provided in the Jakarta Servlet API.
  2. Define Servlet Annotations or Configuration:
    • Use the @WebServlet annotation to define the servlet and map it to a URL pattern. Alternatively, you can configure it in the web.xml file if annotations are not used.
  3. Override doGet or doPost Methods:
    • Override doGet for handling GET requests and doPost for POST requests (based on the type of request you expect).
  4. Set the Content Type in Response:
    • The response content type can be set using response.setContentType().
  5. Write the Response to Output:
    • Use a PrintWriter object received from response.getWriter() to write the response content.

Code Example:

Here’s a sample implementation for a basic servlet:

package org.kodejava.servlet;

import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

import java.io.IOException;
import java.io.PrintWriter;

@WebServlet(name = "HelloWorldServlet", urlPatterns = {"/hello", "/helloworld"})
public class HelloWorld extends HttpServlet {

   @Override
   protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
      response.setContentType("text/html");

      PrintWriter writer = response.getWriter();
      writer.println("<html>");
      writer.println("<head><title>Hello World Servlet</title></head>");
      writer.println("<body>Hello World! How are you doing?</body>");
      writer.println("</html>");
      writer.close();
   }
}

Explanation of Code:

  1. @WebServlet Annotation:
    • name: Specifies the servlet name.
    • urlPatterns: Maps the servlet to specific URL patterns (in this example, /hello).
  2. doGet Method:
    • Handles GET requests sent to /hello.
    • Sets the content type for the response to text/html so that the client knows the returned content is HTML.
    • Dynamically writes an HTML page to the response using the PrintWriter.
  3. Response Lifecycle:
    • Any request to http://<server>:<port>/hello is routed to the doGet method based on the @WebServlet mapping.

Deploying the Servlet in Jakarta EE:

  • Place your servlet class in the Java package structure under src/main/java.
  • Ensure your project is configured to use a Jakarta Servlet container like Apache Tomcat or Jakarta EE compatible application server.
  • Deploy the .war file or run directly if your IDE supports it.

To build the .war file you can follow in steps in this post: How to build WAR file for Jakarta EE Servlet Container?.

Maven dependencies

<dependency>
    <groupId>jakarta.servlet</groupId>
    <artifactId>jakarta.servlet-api</artifactId>
    <version>6.1.0</version>
    <scope>provided</scope>
</dependency>

Maven Central

How do I create a servlet filter to make secure cookies?

By I Wayan Saryada in Servlet 0 Comment

The CookieFilter class in this example is a servlet filter. Servlet filters in Java web applications are used to perform tasks such as request/response modification, authentication, logging, and more. In the context of managing cookies, a CookieFilter can be used to intercept requests and responses to handle cookie-related operations, such as setting secure attributes on cookies or checking cookie values for authentication purposes.

Here’s an example of how you can implement a CookieFilter class in Java:

package org.kodejava.filter;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

@WebFilter("/*")
public class CookieFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        // Initialization code, if needed
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 
            throws IOException, ServletException {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;

        // Check if a session exists
        HttpSession session = httpRequest.getSession(false);
        if (session != null) {
            // Example: Set secure attribute on session cookie
            sessionCookieSecure(httpRequest, httpResponse);
        }

        // Continue the request chain
        chain.doFilter(request, response);
    }

    @Override
    public void destroy() {
        // Cleanup code, if needed
    }

    private void sessionCookieSecure(HttpServletRequest request, HttpServletResponse response) {
        // Assuming the session cookie name
        String cookieName = "JSESSIONID"; 
        Cookie[] cookies = request.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (cookie.getName().equals(cookieName)) {
                    // Set the secure attribute on the session cookie
                    cookie.setSecure(true);
                    // Update the cookie in the response
                    response.addCookie(cookie); 
                    break;
                }
            }
        }
    }
}

In this example:

  • The CookieFilter class implements the Filter interface, which requires implementing methods like init, doFilter, and destroy.
  • Inside the doFilter method, it checks if a session exists for the incoming request.
  • If a session exists, it calls the sessionCookieSecure method to set the secure attribute on the session cookie.
  • The sessionCookieSecure method iterates through cookies in the request, finds the session cookie (e.g., JSESSIONID), and sets its secure attribute to true.

You can modify this filter implementation based on your specific cookie management requirements, such as setting secure attributes on specific cookies or performing additional cookie-related tasks.

How do I configure secure cookies using web.xml?

By I Wayan Saryada in Servlet 0 Comment

To configure secure cookies using web.xml, you typically need to set the secure attribute on your cookie definitions. This ensures that the cookie is only sent over HTTPS connections, enhancing security by protecting sensitive information from being transmitted over unencrypted channels. Here’s how you can do it:

1. Define Your Servlet Filter (Optional but Recommended):

If you don’t have a servlet filter for managing cookies, you can create one. This filter can intercept requests and responses to handle cookie-related operations.

<filter>
    <filter-name>CookieFilter</filter-name>
    <filter-class>org.kodejava.servlet.CookieFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>CookieFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

Replace org.kodejava.servlet.CookieFilter with the actual class that implements your cookie handling logic.

2. Configure Secure Cookie in web.xml:

Inside your web.xml, you can define cookie configurations using <session-config> and <cookie-config> elements.

<session-config>
   <cookie-config>
      <!-- Recommended to prevent client-side script access -->
      <http-only>true</http-only>
      <!-- Set all cookies to be secure -->
      <secure>true</secure>
    </cookie-config>
</session-config>
  • <secure>true</secure>: This line ensures that all cookies are marked as secure, meaning they will only be sent over HTTPS connections.
  • <http-only>true</http-only>: This line makes cookies accessible only through HTTP headers, preventing client-side scripts (like JavaScript) from accessing them. It adds another layer of security against certain types of attacks.

3. Deploy and Test:

After making these changes, deploy your web application and test it over HTTPS. Verify that cookies are being set with the secure flag by checking your browser’s developer tools (usually under the “Application” or “Storage” tab).

By following these steps, you can configure secure cookies in your Java web application using web.xml.

Notes: Setting the secure attribute in web.xml configures the default behavior for cookies created by the servlet container. However, for custom cookies that your application creates programmatically, you need to explicitly call setSecure(true) on the Cookie object to make them secure.

How to create JSP error page to handle exceptions?

By I Wayan Saryada in JSP 0 Comment

In this example you will learn how to handle exceptions in JSP page. JSP have a build-in mechanism for error handling which is a special page that can be used to handle every error in the web application. To define a page as an error page we use the page directive and enable the isErrorPage attribute by setting the value to true.

Here is an example of a JSP error page:

<%@ page contentType="text/html;charset=UTF-8" %>
<%@ page isErrorPage="true" %>
<!DOCTYPE html>
<html lang="en">
<head>
    <title>Error Page</title>
</head>
<body>
<h1>An error has occurred.</h1>

<div style="color: #F00;">
    Error message: <%= exception.toString() %>
</div>
</body>
</html>

We have defined the error page. The next steps is how to tell other JSP pages to use the error page to handle errors when uncaught exception occurred. To do this we again use the page directive. Set the errorPage attribute of this directive to point to the error page. For instance in the example below we set it to errorPage.jsp.

If we try to access the errorTest.jsp as shown in the snippet below. It will throw an exception because we try to convert an invalid string into a number. Because we are not handling the error in the page the error page will come up and show the exception messages.

<%@ page contentType="text/html;charset=UTF-8" %>
<%@ page errorPage="/errorPage.jsp" %>
<html lang="en">
<head>
    <title>My Sample Page</title>
</head>
<body>
<h1>This page throws an error:</h1>

<%
    int number = Integer.parseInt("Hello, World!");
%>
</body>
</html>
JSP Error Page Demo

JSP Error Page Demo