The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Corrected".
The following errata were submitted by our customers and approved as valid errors by the author or editor.
| Version |
Location |
Description |
Submitted By |
Corrected |
| Printed |
Page 186
Attributes are not Parameters - 4th row 3rd column |
Replace the existing text in the 4th/3rd cell with:
ServletContext.getInitParameter(String name)
ServletConfig.getInitParameter(String name)
ServletRequest.getParameter(String name)
Also, for consistency replace the existing text in the 4th/2nd cell with:
ServletContext.getAttribute(String name)
HttpSession.getAttribute(String name)
ServletRequest.getAttribute(String name)
|
Anonymous |
Jul 2008 |
| Printed |
Page 186
|
Attributes are not Parameters - 4th row 3rd column; Method to get should mention getParameter(String name) for getting request parameters. It has mentioned only getInitParameter(String name) which is applicable only for getting context and servlet init params.
Replaced the existing text in the 4th/3rd cell with:
ServletContext.getInitParameter(String name)
ServletConfig.getInitParameter(String name)
ServletRequest.getParameter(String name)
Also, for consistency replaced the existing text in the 4th/2nd cell with:
ServletContext.getAttribute(String name)
HttpSession.getAttribute(String name)
ServletRequest.getAttribute(String name)
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 217
Answer to Question 1 |
Answer states B and C are correct when associated comment (correctly) states (only) answer B is correct.
Note from the Author or Editor:
Uncheck C
|
Anonymous |
Jul 2008 |
| Printed |
Page 217
Answer to Question 1. |
Answer states B and C are correct when associated comment (correctly) states (only) answer B is correct.
Unchecked C
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 222
Question 15, Answer C |
Answer C implies that if I use a ServletRequest and ServletContext obtain a RequestDispatcher for a resource, then the path to the resource will be different (i.e. will change). This is not correct if the argument to both getRequestDispatcher calls begins with a forward slash, which means relative to the context root in both cases. It is correct to say the paths can be different, but it is not a mandatory condition.
Note from the Author or Editor:
Change option C text from "to will change" to "to may change"
|
Anonymous |
Jul 2008 |
| Printed |
Page 222
Question 15, Answer C |
Answer C implies that if I use a ServletRequest and ServletContext obtain a RequestDispatcher for a resource, then the path to the resource will be different (i.e. will change). This is not correct if the argument to both getRequestDispatcher calls begins with a forward slash, which means relative to the context root in both cases. It is correct to say the paths can be different, but it is not a mandatory condition.
Changed option C text from "to will change" to "to may change"
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 222
Question 14 Answer for ServletContext |
HFSJ 2nd Edition Third Indian Reprint 2008
I downloaded the Servlet 2.4 api's. Navigate to ServletContext, it doesn't list getContextPath() as one of the methods for ServletContext.
So getContextPath should not be listed against ServletContext.
Note from the Author or Editor:
VALID
Remove "getContextPath" from the center cell of this grid.
|
Kamal Tripathi |
Oct 2009 |
| PDF |
Page 249
2nd Answer's Result (Last paragraph) of Chapter 6 |
IllegalStateException is thrown before it reach the isNew() method on session. Since session.setMaxInactiveInterval(0) will cause the session invalidated immediately, the next line of code session.getAttribute("foo") method will throw IllegalStateException before it reach session.isNew() method.
Note from the Author or Editor:
VALID
Remove the line of code that reads "String foo = (String) session.getAttribute("foo");
On pg 249: also remove that line
|
Lee Kian Giap |
Oct 2009 |
| PDF |
Page 255
The last line of the page is incomplete, seems incomplete, like this 'The se' |
The last line in my PDF version of this book is
'chance to get themselves ready for access. The se'
I check the next page (pg.256), there's no continuation for the last line in pg. 255, so it seems to me, that there's incomplete sentence in the last line of pg. 255.
Thank you in advance for checking and correcting this small typo (or formatting issue ?).
Note from the Author or Editor:
Drop the last sentence fragment: "The se"
|
Anonymous |
Oct 2009 |
| Printed |
Page 256
Bang box titled "You do NOT configure session binding listeners in the DD! |
Change the title to "You do NOT configure ALL session listeners in the DD!"
Change the "HttpSessionActivationListener" to "HttpSessionAttributeListener" in the text.
|
Anonymous |
Jul 2008 |
| Printed |
Page 256
Bang box titled "You do NOT configure session binding listeners in the DD! |
Changed the title to "You do NOT configure ALL session listeners in the DD!"
Changed the "HttpSessionActivationListener" to "HttpSessionAttributeListener" in the text.
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 265
Bottom "handwritten" note |
"It returns the old value, not the new one."
I can't find any definite statement in the spec regarding the result of HttpSessionBindingEvent.getValue() for each of the events.
But I tested on Tomcat 5.5.27, Tomcat 6.0.18 and Glassfish V2 UR2 Final Build.
The result are consistent for these containers and the statement "returns the old value" is mostly WRONG:
attributeAdded(): value is new value (rather than old value == null)
attributeReplaced(): value is always the NEW value
valueUnbound(): "this" is always the old value. event's value is null iff the attribute has been replaced, or the old value if the attribute has been removed.
attributeRemoved(): indeed the event's value is the OLD value (rather than null)
Who the heck should memorize that?
Here's the sequence that I tested (set/removeAttribute statement plus generated events):
session.setAttribute("dog", new Dog(1)):
Dog{no=1}.valueBound: event.getValue()=Dog{no=1}
AttributeListener.attributeAdded: event.getValue()=Dog{no=1}
session.setAttribute("dog", new Dog(2)):
Dog{no=2}.valueBound: event.getValue()=Dog{no=2}
Dog{no=1}.valueUnbound: event.getValue()=null
AttributeListener.attributeReplaced: event.getValue()=Dog{no=2}
session.removeAttribute("dog"):
Dog{no=2}.valueUnbound: event.getValue()=Dog{no=2}
AttributeListener.attributeRemoved: event.getValue()=Dog{no=2}
Note from the Author or Editor:
VALID
The spec says "Returns the value of the attribute that has been added, removed or replaced. If the attribute was added (or bound), this is the value of the attribute. If the attribute was removed (or unbound), this is the value of the removed attribute. If the attribute was replaced, this is the old value of the attribute."
This is about as succinct as I think it could be said. So...
The complete handwritten note should be rewritten as: "The getValue() returns the object value of the attribute that triggered the event. If the attribute was added (or bound), this is the value of the attribute. If the attribute was removed (or unbound), this is the value of the removed attribute. If the attribute was replaced, this is the old value of the attribute."
|
Anonymous |
Oct 2009 |
| Safari Books Online |
279
15 th question |
For the question no 15, you people have given 'A' and 'C' are the correct answers. But in the reality when we try to implement this scenario(like creating a class which extends HttpSessionAttributeListener and another class which extends HttpSessionBindingListener.Declared session time out in DD then we added logs in each Listener class, once session invalidated after the time specified in DD, the log is showing clearly that it has called the sessionDestroyed(), valueUnbound() and also attributeRemoved() methods).
This states that option 'E' also correct answer. Please check this.
Sorry if i'm wrong.
Note from the Author or Editor:
This is a little tricky. Yes, it is true that all attributes are removed when a session is terminated (and thus the attributeRemoved() method is called); it is not the intent of the question. Likewise, option C should not be selected.
|
uday kumar maddigatla |
|
| Printed |
Page 310
url-pattern tag |
The jst-file tag contains "TestInit.jsp" but the url-pattern tag contains "TestInif.jsp", which appears to be a typo.
Note from the Author or Editor:
VALID
Change the 12th line of the first code example to:
<url-pattern>/TestInit.jsp</url-pattern>
|
Anonymous |
Jul 2008 |
| Printed |
Page 310
url-pattern tag |
Line 12 of code
the url-pattern tag contains "TestInif.jsp", which appears to be a typo.
Changed "TestInif.jsp" to "TestInit.jsp"
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 310
Declaration code example at the bottom, 5th line |
This is invalid code in a JSP:
ServletContext ctx = getServletContext();
The spec only guarantees that the JSP implementation class implements JspPage which extends Servlet, but _not_ GenericServlet (which implements ServletConfig and contains the implementation of getServletContext())."
So the correct line would be
ServletContext ctx = sConfig.getServletContext();
(The original code does indeed work on Tomcat, but that's merely an implementation side effect.)
Note from the Author or Editor:
VALID
Make the recommended change.
|
Anonymous |
Oct 2009 |
| Printed |
Page 355
last paragraph |
The final sentence states, "...the class must be a subclass...". I know this is splitting hairs, but since were are talking about types (e.g. interface), I believe, "...the class must be a subtype...", would be semantically (more) correct.
Note from the Author or Editor:
MOSTLY VALID, BUT SUBTYPE MIGHT BE A SUB-INTERFACE WHICH IS *NOT* VALID IN THIS CONTEXT.
Change last sentence to "So that means that /class/ must be a concrete implementation of the /type/."
|
Anonymous |
Jul 2008 |
| Printed |
Page 355
last paragraph |
The final sentence states, "...the class must be a subclass...". I know this is splitting hairs, but since were are talking about types (e.g. interface), I believe, "...the class must be a subtype...", would be semantically (more) correct.
MOSTLY VALID, BUT SUBTYPE MIGHT BE A SUB-INTERFACE WHICH IS *NOT* VALID IN THIS CONTEXT.
Changed last sentence to "So that means that /class/ must be a concrete implementation of the /type/."
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 358
first paragraph |
The second sentence states there are 3 code examples but only 2 examples are provided.
Note from the Author or Editor:
VALID
Change "three" to "two" in the fourth line.
|
Anonymous |
Jul 2008 |
| Printed |
Page 358
first paragraph |
The second sentence states there are 3 code examples but only 2 examples are provided.
Changed "three" to "two"
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 412
Subheader "The included header that USES (...)" |
The page shows a code that uses a jsp standard action to include a file named "Header.jsp", but "Header.jspf" is mentioned in the following subtitle:
"The included header that USES the new param ("Header.jspf")"
Remove the trailing "f" from "Header.jspf".
Note from the Author or Editor:
VALID
Delete the 'f' character on the end of "Header.jspf"
|
Anonymous |
Oct 2009 |
| PDF |
Page 420
Answer for the number 1 exercise |
"<jsp:useBean id=”person” type=”foo.Employee” scope=”request” >
<jsp:setProperty name=”person” property=”name” value=”Fred” />
</jsp:useBean >
Name is: <jsp:getProperty name=”person” property=”name” />
Look at this standard action:
What happens if the servlet code looks like: 1
foo.Person p = new foo.Employee();
p.setName(“Evan”);
request.setAttribute(“person”, p);
ANSWERS
FAILS at request time! The “person” attribute is stored at request
scope, so the <jsp:useBean > tag won’t work since it specifies only a
type."
The answer is wrong since the attribute scope is defined as request in the <jsp:useBean>. The correct would be "Prints Name is Evan."
Note from the Author or Editor:
VALID
This exercise has dogged us from the beginning. It will be complete replaced in the next edition.
|
Anonymous |
|
| Printed |
Page 437
Question 17 |
Regarding the usage of the dot "." operator, the last comment on page 370 states, "If the object is a
bean but the named property doesn't exist, then as exception is thrown? However, the answer to question
17 on page 437 does not reflect this as being true as 17-C is not checked.
Note from the Author or Editor:
Add a checkmark on Option C
|
Anonymous |
Jul 2008 |
| Printed |
Page 437
Question 17 |
Regarding the usage of the dot "." operator, the last comment on page 370 states, "If the object is a
bean but the named property doesn't exist, then as exception is thrown? However, the answer to question
17 on page 437 does not reflect this as being true as 17-C is not checked.
Added a checkmark on Option C
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 443
Last paragraph |
Two references are made to escapeXML. The correct parameter name is escapeXml.
Note from the Author or Editor:
Yes, replace "escapeXML" with "escapeXml"
|
Anonymous |
Oct 2009 |
| PDF |
Page 445
First Paragrah, second example |
Hello,
On page 445 that discusses how null values are rendered, there is a problem with the second example. The example indicates that for JSP expressions if the variable is null, the output will contain nothing:
Quote:
"A JSP expression tag prints nothing if user is null:
<b>Hello <%= user %>.</b>
Renders as <b>Hello .</b>"
Although this is true for ELs, it is not this way for JSP expressions. For the given example, the output will be "Hello null."
Best Regards,
Horatiu
Note from the Author or Editor:
VALID
The second box should contain the text "<b>Hello null.</b>"
|
Anonymous |
Oct 2009 |
| Printed |
Page 484
3rd Paragraph |
The fourth sentence states "The Container could care less...". While I understand this atrocious grammar has become commonplace with lazy-speak, it should be written correctly.
This should be corrected to "The Container couldn't care less...".
Note from the Author or Editor:
OK
Start the fourth sentence as "The Container couldn't care less..."
|
Anonymous |
Oct 2009 |
| Printed |
Page 491 & 495
Question 1, option D |
Option D references tag files which aren't mentioned until the next chapter and the role of TLDs in Tag files isn't explored until page 509.
Note from the Author or Editor:
VALID
Drop Option D here and on pg 495.
|
Anonymous |
Oct 2009 |
| Printed |
Page 508
Paragraphs 2 & 3 |
The discussion on scripting in Tag files is very confusing. The first sentence of the third paragraph reads "In fact, Tag File bodies are never allowed to have scripting, so it's not an option."
Using the term 'Tag File bodies' makes it sound like you mean you can not use scripting in the *.tag file, instead of the body of the tag reference in the JSP that uses the tag.
Note from the Author or Editor:
OK
For clarification the first sentence in the third paragraph should start with "In fact, the bodies of Tag File tags are never..."
|
Anonymous |
Oct 2009 |
| Printed |
Page 533
second line |
(also in PDF)
The second line begins with: areevaluated when
A space is missing: are evaluated
|
David Balažic |
Oct 2009 |
| Printed |
Page 565
Top of Page |
The chart is labeled "Lifecycle METHODS for Classic tag methods". I found this very confusing and the instructions were not helpful.
It all became very clear when I turned the page and the answer chart was labeled "Lifecycle RETURN VALUES for Classic tag methods".
Note from the Author or Editor:
Agreed. In the next printing we should provide the answers for a few of the cells in the chart as a starting point.
|
Anonymous |
|
| Printed |
Page 579 & 590
Question 2 Option E. |
jsp:invoke is Option E for Question 2. I can not find where jsp:invoke is mentioned in the book, especially in Chapter 10, which is the chapter this test is covering.
If it is in the book and I just missed it, sorry.
Note from the Author or Editor:
VALID
The jsp:invoke std action is not mentioned in the book so no question should refer to it.
Drop Option E on this page and pg 590.
|
Anonymous |
Oct 2009 |
| Printed |
Page 582
Chapter 10, Question 6 |
Chapter 10 - Question 6 - findAncessorWithClass().
This method is just barely touched on on page 574, without giving too much more than a signature and a brief description of what it does.
Furthermore, the last sentence on page 574 states "You will not be tested on any details of using findAncessorWithClass(). All you need to know for the exam is that it exists!".
Given this, question 6 is pretty detailed.
Maybe this question was a leftover from the first edition.
Note from the Author or Editor:
VALID, the book does not cover this method in the level of detail needed for this question.
Drop this item here and on pg 593.
|
Anonymous |
|
| Printed |
Page 586 & 597
Question 14 Option E |
Chapter 10 - Question 14 - Option E.
getAttributesScope("key") is not mentioned in the book. Chapter 8 does have a note to visit the API to see the getters for PageContext, but does not state that all of the getters should be memorized.
In short, the questions in this book should only cover information presented in this book. The exam is a different animal, but book questions should only test on book information.
Note from the Author or Editor:
VALID
Remove Option E from this question here and on pg 597.
|
Anonymous |
Oct 2009 |
| Printed |
Page 622
2rd paragraph, line 3 |
(and PDF)
The third line in the second paragraph and with: configur
It should be : configure
|
David Balažic |
Oct 2009 |
| Printed |
Page 684
Bottom |
Bottom of page 684:
"NOTE: although not guaranteed by the spec, in practice virtually every Container uses SSL for guaranteed transport, which means that both INTEGRAL and CONFIDENTIAL do the same thing—either one gives you
both confidentiality and integrity. Since you can have only one <user-data-constraint> per <security-constraint>, some people recommend you use CONFIDENTIAL, but again, it will probably never matter in practice, unless you move to a new (and unusual) Container that doesn’t use SSL."
The last sentence should be changed to more clearly indicate that you are talking about a container that doesn't use SSL for guaranteed transport, not a container that doesn't use SSL at all.
SSL is required by the spec, although you don't mention that specifically anywhere but test on it in question 14 on page 834.
Note from the Author or Editor:
SURE
Change the end of the last sentence to "to a new Container that doesn't use SSL for guaranteed transport."
|
Anonymous |
|
| Printed |
Page 793
Question 3, answer A |
Answer A is not correct because the class does not need to have a size member. Is does need to have a setter method.
Note from the Author or Editor:
VALID
Rewrite Option A as "The class should have a setter method called setSize." With 'setSize' in bold Courier.
Make the same change on pg 829.
|
Anonymous |
|
| Printed |
Page 794, 830
Question 4 |
The sample code in question, set the attribute in request scope. And equivalent code snippet answers are given as C & D. But those two answers create the attribute in page scope (default scope), but not in request scope. scope = 'request' is missing in those two answers.
Note from the Author or Editor:
This is correct. The text [scope="request"] must be added to the open jsp:useBean tag for *all* options (not just C&D, because this is really an invariant to the question). Make this change on pg 794 as well.
|
Anonymous |
Jul 2008 |
| Printed |
Page 794
|
This is correct. The text [scope="request"] must be added to the open jsp:useBean tag for *all* options (not just C&D, because this is really an invariant to the question). Make this change on pg 794 as well.
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 814
Question 47 |
The answers currently referenced are B and E.
For E to be correct, ServletOutputStream needs to be in the javax.servlet package (not java.io).
I would think answer C is also correct because the question asks which types "can be used" and a ServletOutputStream is-an java.io.OutputStream.
Note from the Author or Editor:
Change option C to "javax.servlet.OutputStream" and change option E to "javax.servlet.ServletOutputStream".
These changes make option E valid and option C invalid, as it should be.
|
Anonymous |
Jul 2008 |
| Printed |
Page 814
Question 47 |
The answers currently referenced are B and E.
For E to be correct, ServletOutputStream needs to be in the javax.servlet package (not java.io).
I would think answer C is also correct because the question asks which types "can be used" and a ServletOutputStream is-an java.io.OutputStream.
Change option C to "javax.servlet.OutputStream" and change option E to "javax.servlet.ServletOutputStream". These changes make option E valid and option C invalid, as it should be.
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 819, 855
Q55, line 02. |
HFSJ 2nd Ed., printed March 2008
At page 819 and 855 the lines
02. String TITLE = "Welcome to my page";
are wrong, correct are
02. String GREETING = "Welcome to my page";
Note from the Author or Editor:
VALID
Change all occurrences of "TITLE" with "GREETING"
Also on pg 855.
|
Anonymous |
|
| Printed |
Page 824
Question 66 |
There are no answers given.
Note from the Author or Editor:
VALID
Copy the Options on pg 860 but remove the checkmarks and hand-written comments to the empty space at the bottom of pg 824.
|
Anonymous |
|
| Printed |
Page 830
Quesiton 4 |
The sample code in question, set the attribute in request scope. And equivalent code snippet
answers are given as C & D. But those two answers create the attribute in page scope (default scope), but not in request scope. scope = 'request' is missing in those two answers.
This is correct. The text [scope="request"] must be added to the open jsp:useBean tag for *all* options (not just C&D, because this is really an invariant to the question). Make this change on pg 794 as well.
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 831
Question 6 |
Answers are B and E.
Option C is also correct, but it's not selected as an answer.
Note from the Author or Editor:
Add a checkmark to option C
|
Anonymous |
Jul 2008 |
| Printed |
Page 831
Question 6 |
Answers are B and E.
Option C is also correct, but it's not selected as an answer.
Added a checkmark to option C
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 833
Question 11, answer B |
Answer B states that multiple instances of <auth constraint> can exist within <security constraint>. This is not true.
Note from the Author or Editor:
VALID
Option B is incorrect and should not be checked.
|
Anonymous |
|
| Printed |
Page 833
Question 11 |
Answers given are A,B,D,E,F
But, options B and F should not be correct.
- Only one instance of <auth-constraint> will exist within one <security-constraint> tag. The deployment descriptor DTD has the following definition for <security-constraint> as per servlet spec is <!ELEMENT security-constraint (web-resource-collection+, auth-constraint?, user-data-constraint?)> - This tag implies that authorization, data integrity and confidentiality security features are all declared for the wen application. And not authentication. Authentication is declared using the <login-config> tag. As per the servlet spec - The login-config element is used to configure the authentication method that should be used, the realm name that should be used for this application, and the attributes that are needed by the form login mechanism. <!ELEMENT login-config (auth-method?, realm-name?, form-loginconfig?)>
Note from the Author or Editor:
Remove the checkmark from options B and F
|
Anonymous |
Jul 2008 |
| Printed |
Page 833
Question 11 |
Answers given are A,B,D,E,F
But, options B and F should not be correct.
- Only one instance of <auth-constraint> will exist within one <security-constraint> tag. The deployment descriptor DTD has the following definition for <security-constraint> as per servlet spec is <!ELEMENT security-constraint (web-resource-collection+, auth-constraint?, user-data-constraint?)> - This tag implies that authorization, data integrity and confidentiality security features are all declared for the wen application. And not authentication. Authentication is declared using the <login-config> tag. As per the servlet spec - The login-config element is used to configure the authentication method that should be used, the realm name that should be used for this application, and the attributes that are needed by the form login mechanism. <!ELEMENT login-config (auth-method?, realm-name?, form-loginconfig?)>
Removed the checkmark from options B and F
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 834
Question 14 |
I could not find that:
- The book states that a Java EE container must support HTTP cookies.
- The book states that a Java EE container must support SSL.
Note from the Author or Editor:
VALID
This question is based on information that is not presented in the book nor is on the SCWCD exam. It should be rewritten.
|
Anonymous |
|
| Printed |
Page 834
Question 14 Option C |
Option B: "Java EE containers must support URL rewriting." This option is shown as being false and the following note "-Option B URL rewriting is almost always used as the fallback when cookies are not available, but it's NOT a requirement for containers."
From the text:
Page 237
URL rewriting: something to fall back on
"If the client won’t take cookies, you can use URL rewriting as a backup. Assuming you do your part correctly, URL rewriting will always
work..."
Page 239
Q: Is URL rewriting handled in a vendor-specific way?
A: Yes, URL rewriting is handled in a vendor-specific way. Tomcat
uses a semicolon “;” to append the extra info to the URL. Another
vendor might use a comma or something else."
Servlet Spec 2.4:
SRV.7.1.3 URL Rewriting
URL rewriting is the lowest common denominator of session tracking. When a client will not accept a cookie, URL rewriting may be used by the server as the basis for session tracking. URL rewriting involves adding data, a session ID, to the URL path that is interpreted by the container to associate the request with a session. The session ID must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid. Here is an example of a URL containing encoded path information:
http://www.myserver.com/catalog/index.html;jsessionid=1234
Conclusion: Option B is correct.
Note from the Author or Editor:
The mock exam question 14 on pg 834 is formally correct because the Servlet spec says "URL rewriting may be used by the server". The use of the word "may" means that URL rewriting is not required by the spec.
The content on pg 237 should be rewritten to make it clear that URL rewriting "will NOT always work" if the Container does not support it. This is unfortunately because most modern Containers *do* support it; so I would rather not muddy the message of this section of the book.
Instead, i would recommend that we change to the wording of Option B to read "Java EE container may support URL rewriting" and check it. Likewise on pg 798.
|
Anonymous |
|
| Printed |
Page 839
Question 22 |
Option A is "Only HTTP GET is idempotent." The answer note states "-Option A: if a form doesn't explicitly declare a method, GET is assumed." This note actually applies to Option B.
Note from the Author or Editor:
VALID
Change "Option A" to "Option B" in the note and move it down to point to Opt B.
|
Anonymous |
|
| Printed |
Page 841
Answers for question 36 |
The wrong answers are ticked for the question. The explanations correctly state that A,B,and D add something to the list, making it NOT empty.
This will cause the 'when' clause to execute and not the 'otherwise'. Therefore answers C and E should be ticked not B and D.
Note from the Author or Editor:
VALID
These options should be checked: C and E.
|
Anonymous |
|
| Printed |
Page 841
Question 26 |
Only books.clear(); and books = null; will cause the text within the c:otherwise tag to display.
Therefore answers C and E are correct instead of answers B and D.
Note from the Author or Editor:
VALID
Instead of B and D, C and E should be checked.
|
Anonymous |
Jul 2008 |
| Printed |
Page 841
Question 26 |
The options marked are B and D.
Clearly, those two will not satisfy empty operators and will execute the code inside the <c:when> tag. Shouldn't the answers be C and E which staisfies the empty operator and hence will execute the code inside <c:otherwise> tag? the hand written comments correctly mentions that E will satisfy empty operator.
Instead of B and D, C and E should be checked.
Placed checkmarks in C & E and deleted checkmarks from B & D
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 843
Question 30 |
The followint snipet is from the question.
234. <auth-constraint>
235. <role-name>student</role-name>
236. </auth-constraint>
And the second security constraint contains:
251. <auth-constraint/>
Answer D (the selected answer)
D: If the second <auth-constraint> tag is removed, the constrained
resource can be accessed by both roles.
Is wrong and answer F:
F: If the second <auth-constraint> tag is removed, the constrained
resource can be accessed only by student users.
Is the correct answer.
The book is wrong.
Note from the Author or Editor:
VALID
Remove the checkmark from Option D and put it on Option F.
|
Anonymous |
|
| Printed |
Page 845
Question 34 |
Answers given are B and D. I agree structure is valid with index.html being under WEB-INF directory.But, since the question also asks about changes necessary to make resources accessible, shouldn't option C also be an answer? THE WORDING OF THE STEM FORCES OPTION C TO BE VALID
Note from the Author or Editor:
Add a checkmark to option C.
Change the note for option C to "Option C: index.html must be outside of the WEB-INF/ directory to be accessible."
|
Anonymous |
Jul 2008 |
| Printed |
Page 845
Question 34 |
Answers given are B and D. I agree structure is valid with index.html being under WEB-INF directory.But, since the question also asks about changes necessary to make resources accessible, shouldn't option C also be an answer? THE WORDING OF THE STEM FORCES OPTION C TO BE VALID
Added a checkmark to option C.
Changed the note for option C to "Option C: index.html must be outside of the WEB-INF/ directory to be accessible."
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 846
Question 37 answer E |
Question 37 states:
You are tasked with adding several security features to your company’s Java EE web application. Specifically, you need to create several classes of users and based on a user’s class, you need to restrict them to use only some of the application’s pages. In order to restrict access, you must determine that users are who they say they are.
Which are true? (Choose all that apply.)
A. If you need to verify that users are who they say they are, you must use the application’s deployment descriptor to implement that requirement.
B. Java EE’s authorization capabilities should be used to determine that users are who they say they are.
C. In order to help you determine that users are who they say they are, you can use the deployment descriptor’s <login-config> tags.
D. In order to help you determine that users are who they say they are, you can use the deployment descriptor’s <user-data-constraint> tags.
E. Depending on the approach you use, determining that users are who they say they are might require including a "realm".
Answer E is one of the correct answers, but the book never discusses how to include a realm in order to provide the authentication necessary. Realm is shown in several examples and is defined as an overloaded term in security, but nothing is ever discussed about including realm-name in the web.xml login-config.
Note from the Author or Editor:
Agreed, option E is a vendor-specific feature and not part of the SCWCD exam and not covered in the book.
Remove option E here and on pg 810.
|
Anonymous |
|
| Printed |
Page 847
Question 39 - Answer D |
The question reads:
Given req is a reference to a valid HttpServletRequest, and:
13. String[] s = req.getCookies();
14. Cookie[] c = req.getCookies();
15. req.setAttribute("myAttr1", "42");
16. req.setAttribute("myAttr2", 42);
17. String[] s2 = req.getAttributeNames();
18. String[] s3 = req.getParameterValues("attr");
Which lines of code will not compile? (Choose all that apply.)
A. line 13
B. line 14
C. line 15
D. line 16
E. line 17
F. line 18
The soultion says that Answer D is not correct. "-Option D: setAttribute() takes a String and an Object, and as of Java 5, 42 can be boxed to an Object."
While this may be true for Java 5, this exam does not test on Java 5 as noted on page xxviii of the book:
"About the SCWCD (for Java EE 1.5) exam
The updated SCWCD exam is called “Sun Certified Web Component Developer for the Java Platform, Enterprise Edition 5” (CX-310-083), but don’t get confused by the title. The updated exam is still designed for Java EE v1.4 and for the servlet v2.4 and JSP v2.0 specifications."
Which means autoboxing does not exist and Answer D IS correct. Line 16 will not compile.
Note from the Author or Editor:
Agreed. Drop option D and line 16 from the question here and on pg 811
|
Anonymous |
|
| Printed |
Page 848
Question 41 |
Options C is wrong. It seems to have back-quote and then single-quote around the word personalChecking.
C. <c:if test="${account[`personalChecking']}">Checking
that fits your lifestyle.</c:if>
The beginning and ending quotes are supposed to be the same no matter where they are nested. It should be single-quoted in both places before and after the word personalChecking.
Note from the Author or Editor:
Yes, the back-quote should be changed to a single-quote.
Furthermore, there should be an additional open-paren in the Java code of the IF-stmt in the stem of the question.
|
Anonymous |
|
| Printed |
Page 850
Question 47 |
The getOutputStream method returns a javax.servlet.ServletOutputStream. The java.io.ServletOutputStream mentioned in answer E does not exists.
Note from the Author or Editor:
VALID
Change "java.io" in Option E to "javax.servlet"
Also on pg 814.
|
Anonymous |
|
| Printed |
Page 850
Question 47 |
The answers currently referenced are B and E.
For E to be correct, ServletOutputStream needs to be in the javax.servlet package (not java.io).
I would think answer C is also correct because the question asks which types "can be used" and a ServletOutputStream is-an java.io.OutputStream.
Note from the Author or Editor:
VALID
Change option C to "javax.servlet.OutputStream" and change option E to "javax.servlet.ServletOutputStream". These changes make option E valid and option C invalid, as it should be.
Make these changes also on pg 814.
|
Anonymous |
Jul 2008 |
| Printed |
Page 850
Question 47 |
The answers currently referenced are B and E.
For E to be correct, ServletOutputStream needs to be in the javax.servlet package (not java.io).
I would think answer C is also correct because the question asks which types "can be used" and a ServletOutputStream is-an java.io.OutputStream.
Change option C to "javax.servlet.OutputStream" and change option E to "javax.servlet.ServletOutputStream". These changes make option E valid and option C invalid, as it should be.
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 851
Answers for question 49 |
Again, wrong answer ticked. It should be D not C because 'jsp' is a reserved keyword. Explanation are again correct, just the tick is the wrong box.
Note from the Author or Editor:
VALID
Move the checkmark to option D
|
Anonymous |
Jul 2008 |
| Printed |
Page 851
Question 49 |
Answer given is C. Whereas the answer should be D. Handwritten comment agrees with this statement.
Moved the checkmark to option D
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 857
Question 60 Option D |
Question 60:
When comparing servlet initialization parameters to context initialization parameters, which are true for both? (Choose all that apply.)
D. Both can be directly accessed from a JSP.
Option D is marked as not true with the following explanation:
"-Option D: only context params can be directly accessed from JSPs."
JSP's have a config impicit object which can be used to access the init params for it's ServletConfig. ServletConfig.getInitParameter(String).
Option D IS correct as written.
Note from the Author or Editor:
Option D should be rewritten as "Both can be directly accessed from a JSP using the Expression Language."
This change must also be done on pg 821.
|
Anonymous |
|
| Printed |
Page 863
Question 69 |
This is to dispute earlier errata regarding question 69.
The question states:
Your web application has a valid dd with a single <security-constraint> tag.
Within this tag exists:
- a single http method that declares GET
All of the resources in your application exist within directory1 and
directory2 and the only defined roles are BEGINNER and EXPERT.
If you want to restrict BEGINNERs from using resources in directory2, which are true about the url and role tag(s) you should declare? (Choose all that apply.)
A. A single url tag should declare directory1 and a single role tag should declare EXPERT.
B. A single url tag should declare directory2 and a single role tag should declare EXPERT.
C. A single url tag should declare directory1 and a single role tag should declare BEGINNER.
D. A single url tag should declare directory2 and a single role tag should declare BEGINNER.
E. One url tag should declare ANY and its role tag should declare EXPERT, and another url tag should declare directory2 and its role tag should declare BEGINNER.
F. One url tag should declare both directories, and its role tag should declare EXPERT, and another url tag should declare directory1 and its role tag should declare BEGINNER.
None of these will do what is wanted. Here's why....
Since <http-method>GET</http-method> is used, only the GET method will be constrained. ALL OTHER METHODS WILL BE UNCONSTRAINED, FOR EVERYONE.
If Option B is chosen, EXPERT will be the only role allowed to perform GET requests on directory2, but everyone else (BEGINNER & EXPERT) will be able to perform POST, TRACE, PUT, etc.
If the question were more specific in asking what could be done to prevent BEGINNERs from performing GET requests on directory, then Option B would be the correct choice.
As it is written, there are no correct answers to this question.
Note from the Author or Editor:
Yes, you are right but the intent of the question is clear just not explicit. The last sentence of the stem should by rewritten as:
"If you want to restrict BEGINNERs from retrieving static resources..."
NOT:
"If you want to restrict BEGINNERs from using resources..."
because the word "use" is too loose.
|
Anonymous |
|
| Printed |
Page 863
Question 69 |
Answer D is not correct. Answer B is correct.
Note from the Author or Editor:
VALID
Answer is D, which is wrong because that allows the BEGINNERs to access resources in directory2. B should be the answer.
Move the checkmark to option B
|
Anonymous |
Jul 2008 |
| Printed |
Page 863
Question 69 |
Answer is D, which is wrong because that allows the BEGINNERs to access resources in directory2. B should be the answer.
Moved the checkmark to option B
--------------------------------------------------------------------
|
Anonymous |
Jul 2008 |
| Printed |
Page 877 and 878
|
Text from crosswords is cut off.
Note from the Author or Editor:
Made changes to ensure all text prints.
|
Anonymous |
Jul 2008 |
| Printed |
Page 877 and 878
|
Text from crosswords was cut off. Made changes to ensure all text prints.
|
Anonymous |
Jul 2008 |
