Java EE technology-compliant containers are required to provide a mechanism by which a deployer can learn what JAR files containing resources and code are available for the Web application. Providing such the mechanism is recommended, but not required for the containers that are not part of Java EE technology-compliant implementation. The containers should provide a convenient procedure for editing and configuring library files or extensions.

Java EE defines a naming environment that allows applications to easily access resources and external information without explicit knowledge of how the external information is named or organized. As servlets are an integral component type of Java EE technology, provision has been made in the Web application deployment descriptor for specifying information allowing a servlet to obtain references to resources and enterprise beans. The deployment elements that contain this information are:

• env-entry
• ejb-ref
• ejb-local-ref
• resource-ref
• resource-env-ref
• service-ref

The developer uses these elements to describe certain objects that the Web application requires to be registered in the JNDI namespace in the Web container at runtime. The requirements of the Java EE environment with regard to setting up the environment are described in Chapter 5 of the Java EE Specification. Servlet containers that are part of a Java EE technology-compliant implementation are required to support this syntax. Consult the Java EE 5 Specification for more details. This type of servlet container must support lookups of such objects and calls made to those objects when performed on a thread managed by the servlet container. This type of servlet container should support this behavior when performed on threads created by the developer, but are not currently required to do so. Such a requirement will be added in the next version of this specification. Developers are cautioned that depending on this capability for application-created threads is not recommended, as it is non-portable.

Deployment Descriptor Elements:The following additional elements exist in the Web application deployment descriptor to meet the requirements of Web containers that are JSP pages enabled or part of a Java EE application server. They are not required to be supported by containers wishing to support only the servlet specification:

• jsp-config
• Syntax for looking up JNDI objects (env-entry, ejb-ref, ejb-local-ref, resource-ref, resource-env-ref)
• Syntax for specifying the message destination (message-destination, message-destination-ref)
• Reference to a Web service (service-ref)

Packaging and Deployment of JAX-WS Components:Web containers may choose to support running components written to implement a
Web service endpoint as defined by the JAX-RPC and/or JAX-WS specifications. Web containers embedded in a JavaEE conformant implementation are required to support JAX-RPC and JAX-WS web service components. This section describes the packaging and deployment model for such JAX-RPC and JAX-WS Web component implementations.

Rules for Processing the Deployment Descriptor:The containers and tools that are part of Java EE technology-compliant implementation are required to validate the deployment descriptor against the XML schema for structural correctness. The validation is recommended, but not required for the web containers and tools that are not part of a Java EE technology compliant implementation.

The servlet container is a part of a Web server or application server that provides the network services over which requests and responses are sent, decodes MIME-based requests, and formats MIME-based responses. A servlet container also contains and manages servlets through their lifecycle.

A servlet container may place security restrictions on the environment in which a servlet executes. In a Java Platform, Standard Edition (J2SE, v.1.3 or above) or Java Platform, Enterprise Edition (Java EE, v.1.3 or above) environment, these restrictions should be placed using the permission architecture defined by the Java platform. For example, high-end application servers may limit the creation of a Thread object to insure that other components of the container are not negatively impacted. J2SE 5.0 is the minimum version of the underlying Java platform with which servlet containers must be built.

The ServletContext interface defines a servlet’s view of the Web application within which the servlet is running. The Container Provider is responsible for providing an implementation of the ServletContext interface in the servlet container. Using the ServletContext object, a servlet can log events, obtain URL references to resources, and set and store attributes that other servlets in the context can access. A ServletContext is rooted at a known path within a Web server. For example, a servlet context could be located at http://www.mycorp.com/catalog. All requests that begin with the /catalog request path, known as the context path, are routed to the Web application associated with the ServletContext.

• Scope of a ServletContext Interface
• Initialization Parameters
• Context Attributes
• Resources
• Multiple Hosts and Servlet Contexts
• Reloading Considerations

Currently, many browsers do not send a char encoding qualifier with the Content-Type header, leaving open the determination of the character encoding for reading HTTP requests. The default encoding of a request the container uses to create the request reader and parse POST data must be “ISO-8859-1” if none has been specified by the client request. However, in order to indicate to the developer in this case the failure of the client to send a character encoding, the container returns null from the getCharacterEncoding method. If the client hasn’t set character encoding and the request data is encoded with a different encoding than the default as described above, breakage can occur. To
remedy this situation, a new method setCharacterEncoding(String enc) has been added to the ServletRequest interface. Developers can override the character encoding supplied by the container by calling this method. It must be called prior to parsing any post data or reading any input from the request. Calling this method once data has been read will not affect the encoding.

Filters are Java components that allow on the fly transformations of payload and header information in both the request into a resource and the response from a resource.A filter is a reusable piece of code that can transform the content of HTTP requests, responses, and header information. Filters do not generally create a response or respond to a request as servlets do, rather they modify or adapt the requests for a resource, and modify or adapt responses from a resource. Filters can act on dynamic or static content. For the purposes of this chapter, dynamic and static content are referred to as Web resources. Among the types of functionality available to the developer needing to use
filters are the following:

• The accessing of a resource before a request to it is invoked.
• The processing of the request for a resource before it is invoked.
• The modification of request headers and data by wrapping the request in customized versions of the request object.
• The modification of response headers and response data by providing customized versions of the response object.
• The interception of an invocation of a resource after its call.Actions on a servlet, on groups of servlets, or static content by zero, one, or more filters in a specifiable order.

When building a Web application, it is often useful to forward processing of a request to another servlet, or to include the output of another servlet in the response. The RequestDispatcher interface provides a mechanism to accomplish this.

The application events facility gives the Web Application Developer greater control over the lifecycle of the ServletContext and HttpSession and ServletRequest, allows for better code factorization, and increases efficiency in managing the resources that the Web application uses.

Web applications are created by Application Developers who give, sell, or otherwise transfer the application to a Deployer for installation into a runtime environment. Application Developers need to communicate to Deployers how the security is to be set up for the deployed application. This is accomplished declaratively by use of the deployment descriptors mechanism.