Saturday, 15 August 2015

OCEJWCD Preparing the exam - My experience

OCEJWCD (SCWCD) - 1Z0-899 - Web Component Developer Certification

 In this post I will try to summarize how I have completed this certification.

 I had been preparing the certification since February. I sat the exam at the end of July, which means seven months preparing the exam. I have to say that it was far away of being full time, because generally I used free time in the weekends and sometimes some hours during the week. There were months I was more focused and others that hardly I could find time. I had previous experience in web applications but it was not an excuse I needed to study and practice.

 Materials:

  • Book HeadFirst Servlets & JSP (O'Reilly). Authors: Bryan Basham, Kathy Sierra & Bert Bates.
  • Servlets 3.0 specification (JSR-000315)
  • Whizlabs: OCEJWCD practice test. These test include: Diagnostic test, Practice test(I,II,III) and Final test.

*Note: Initially I was planning to use Enthuware (because is a good relation quality-price, and many people in javaRanch recommends it), but finally I have been using Whizlabs because I had access provided by my company, which is a good point. 
Using whizlabs  you connect to a web platform and you can take the tests (5 mock tests in total, test by section and reporting result). I have to say this platform also helped me a lot in practicing OCPJP7 exam.

 - Reading the book the first time:
Reading a chapter carefully until completion, and after that trying to do the questions suggested in the book at the end (generally 6-10 mock questions). Evaluate the errors and read carefully the explanations.
This task was completed intermittently, in several weeks.
The approximately grade of advance was 1 topic per week.
I realized that when I was completing the last sections I hardly remember some details for the firsts chapters, so the most sensible was to start again, so...

- Reading the book the second time:
I started to read the book again. This time I took notes in a notebook, something useful for a quick refresh. This time the reading was more fluent and help me to consolidate concepts.
This time I started to use Whizlabs mock exams by section at the same time I was advancing in studying.

- Further resources
new features included in Servlets 3.0 (annotations, asynchronous application, web fragments) are not included in the book. 

 - Trying full mock tests from Whizlabs:
Between June and the beginning of July I completed Dignostic Test, Test1, Test2, Test3.

 - Reading the book third time:
This time was a reading marathon. I re-read the entire book in one weekend(15 days before the exam).

 - The last week:
I took again the demo test from Enthuware.  (I took the same by February the first time), because I wanted to compare results and progression. The score was good.
I completed the last Mock Test from Enthuware (good result). I focused in the question I failed, and I review the content.
I also reviewed my notes and summaries.

- The big day: 
I had the exam at 10.30, it is recommend to arrive to the Pearson Vue test center with enough time in advance, so I arrived at 10.00. After waiting I was conducted to the exam area. You have to sign a paper and also provide a proof of identity (passport). Then you are taken a picture (not the best face before the exam :) ). 

 The exam: I found a different range of questions in terms of difficulty. Some of them quite obvious an other very complex. 
The good thing is that there is plenty of time to finish the exam (not like OCPJP7 that makes time a very important factor). I had enough time to review carefully full exam and also I had time left. 

 I found it difficult (but much less than OCPJP7). 

 I could check the results after 30 minutes approximately. I received a mail from Oracle, and then I could connect to Oracle CertView page and see the results. I was very nervous because I was not entirely happy with my performance during the exam. Fortunately I passed, not a very impressive result but very happy for passing (it is a big relief).
- Retrospective I can see the improvement after studying.

I decided to start publishing little summaries, diagrams and little pieces of code about the topics in the exam. I hope the posts can be useful but they are far away to be a complete guide to pass the exam. I think is a good way to see if you know the objectives of the exam. For example the book head first is structured in a different way of the current exam for OCEJWCD6

 But independently of a test score I feel I have progressed a lot in web knowledge. I have learnt a lot of new things I did not know, even with experience in web applications. That is why my experience with certifications is positive because helps you to make a studying target, and the result is always rewarding.

 In my opinion the actual value resides in the time spent reading, practicing and enjoying around areas specific in technology; not in the certification itself. Is a good way to be up to date and to refresh knowledge. I think also you can gain confidence as developer.

 My next certification in mind.....probably Oracle certified Expert, Java EE6 Enterprise JavaBeans Developer.

I wish you all the best if you decide to prepare this certification and I hope any of these posts can be useful for you.

OCEJWCD (SCWCD) - 1Z0-899 - Web Component Developer Certification
Posted by at No comments:
Labels: , , ,

Saturday, 25 July 2015

OCEJWCD-12.Web application security

OCEJWCD (SCWCD) - 1Z0-899 - Web Component Developer Certification

 12.1. Understand the role of the container in security

 -Authentication
-Authorization
-Confidentiality
-Data integrity

 The security should be declared in the deployment descriptor (it is possible to use annotations too).

 <security-constraint>

   <web-resource-collection>
    <web-resource-name>EditPage</web-resource-name>
    <url-pattern>/DemoServlet/Edit/*</url-pattern>
    <http-method>POST</http-method>
  </web-resource-collection>

   <auth-constraint>
    <role-name>Admin</role-name>
    <role-name>User1</role-name>
  </auth-constraint>

 </security-constraint>

 When <role-name>*</role-name> or no auth constraint defined all roles have access to the resources described.

 When <auth-constraint/> no roles have access.

 12.2. Describe and implement four authentication models

  • BASIC Data is encoded in base64(not encrypted).
  • DIGEST Data is encrypted (not SSL) but no all JEE containers support it.
  • CLIENT-CERT Using Public key certificates. Clients need to have a certificate to use it.
  • FORM Creating a custom login form. Data are sent in http request with no encryption

The authentication type is declared in DD
<login-config>
  <auth-method>FORM</auth-method>

 In the Form authentication type the loginPage should be defined (using these three fields: j_security_check, j_username, j_password

 <form method="POST" action="j_security_check">
  <input type="text" name="j_username">
  <input type="password" name="j_password">
  <input type="submit" value="Enter">
</form>

 12.3. Force the use of encryption between a web application and the client browser.

 Annotation ServletSecurity.TransportGuarantee
-NONE
-CONFIDENTIAL: All user data must be encrypted by the transport (typically using SSL/TLS).

 @ServletSecurity(@HttpConstraint(transportGuarantee =  TransportGuarantee.CONFIDENTIAL))

 12.4. Understand the role of JAAS in pluggable/extensible authentication for web applications

 JAAS can be used for two purposes:
  • for authentication of users, 
  • for authorization of users to ensure they have the access control rights required to do the actions performed.
More details about how to athenticate a subject (user or service):

 OCEJWCD (SCWCD) - 1Z0-899 - Web Component Developer Certification
Posted by at No comments:
Labels: , , ,

Tuesday, 21 July 2015

OCEJWCD .- 11. Asynchronous web applications

OCEJWCD (SCWCD) - 1Z0-899 - Web Component Developer Certification

 11.1. Understand the interactions that are essential to asynchronous web pages

In asynchronous processing the web container can continue serving other requests without waiting for a response from a resource (the thread is not blocked).

11.2. Understand the role of AJAX-style client side programming
AJAX Asynchronous JavaScript and XML
Exchanges data with the server, and updates parts of a web page without reloading the whole page.

 XMLHttpRequest
var xmlhttp = new XMLHttpRequest();

 Send request to a server
- open(method, url, async) - -> the url can be txt xml, asp, php files in the server
- send(), send(string) -- > in post request

 xmlhttp.open("GET", "hello.txt", true);
xmlhttp.send();

 Get a response from a server

 xmlhttp.responseText
xmlhttp.responseXML

 onReadyStateChange Event

 xmlhttp.onreadystatechange=function()
  {...
-xmlhttp.readyState, when is 4 is OK
-xmlhttp.status, when is 200 is OK

11.3. Implement asynchronous servlets using the facilities of Java EE6

Annotations:
asyncSupported can be used with @WebServlet or @WebFilter
Example:
  @WebServlet(url="/foo" asyncSupported=true)

AsyncContext

Is obtained by the ServletRequest methods
  startAsync(servletRequest, servletResponse) or startAsync()
Example:
AsyncContext aCtx = req.startAsync(req, res);

Methods to dispatch the request back to the container:
AsyncContext.dispatch(), AsyncContext.dispatch(path), or AsyncContext.dispatch(servletContext, path) 
Example:
ctx.dispatch("/render.jsp");

 AsynchronousListener

AsyncListener interface defines a Listener that will be notified in the event that an asynchronous operation initiated on a servlet request.
http://docs.oracle.com/javaee/6/api/javax/servlet/AsyncListener.html

Methods:
  • onComplete(event)
  • onError(event)
  • onStartAsync(event)
  • onTimeOut(event)
Example:
req.addAsyncListener(new AsyncListener() {...

Asynchronous application example in:

OCEJWCD (SCWCD) - 1Z0-899 - Web Component Developer Certification
Posted by at No comments:
Labels: , , ,

Sunday, 12 July 2015

OCEJWCD-10.More options for the Model

OCEJWCD (SCWCD) - 1Z0-899 - Web Component Developer Certification

 10.1. Understand the roles of JDBC and JPA

 JDBC is Java DataBase connectivity, the traditional mechanism to access relational database from Java. 
-There are 4 categories of JDBC drivers.
-Provides an implementation of independent generic database access methods.
-Optimizing network resources using connection pooling and distributed transactions.

 From JavaEE 5 JPA (Java Persistence Application) low level details are hidden when implementing persistence layer. 
There are several implementations of JPA : Hibernate(JBoss), OpenJPA. The standard implementation for Oracle is Toplink.

Persistence mechanism:
  • POJO objects
  • Metadata mapping : XML has connection details and table mappings. Also there is an option of using annotations.
  • EntityManager connect metadata and database (request, synchronizing data).

 10.2. Understand the many elements that make up the model

Handling remote objects:
  • JNDI - Java Naming Directory Interface. Locate remote objects.
  • RMI - Remote Method Invocation. Process to communicate objects across the network (low level network IO operations).

10.3. Understand fundamentals of connecting to a database using JDBC or JPA

 The optimal solution is to use a connections pool, every time a request is received, it uses a connection from the pool. The pool is managed by the JavaEE server.

 The configuration about pool connections is declared in deployment descriptor.
Assigning name in JNDI (java name directory interface), allows locate service by name.

Configuring datasource in deployment descriptor (web.xml) example:
<resource-ref>
  <res-ref-name>jdbc/New</res-ref-name>
  <res-type>javax.sql.DataSource</res-type>
  <res-auth>Container</res-auth>
  <res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>

 Configuring datasource with annotations, example:
@Resource(name = "jdbc/New")
http://docs.oracle.com/javaee/6/api/javax/annotation/Resource.html

Annotations can be defined in a class, method or a field.
Other annotations:
@EJB
@PersistenceContext : to specify the container managed entity manager.

 OCEJWCD (SCWCD) - 1Z0-899 - Web Component Developer Certification
Posted by at No comments:
Labels: , , ,

Sunday, 5 July 2015

OCEJWCD- 9.More controller facilities

OCEJWCD (SCWCD) - 1Z0-899 - Web Component Developer Certification
9.1. Understand the sevlet lifecycle

The lifecycle of a servlet is controlled by the container in with the servlet has been deployed.

1. Creation: If the servlet does not exist
    1.a. Container loads the servlet class.
    1.b. Create instance servlet class 
    1.c. Initialization (init method).
2. Service method invoke.
3. Destroy method - finalizes and remove.

 9.2. Describe and use more advanced elements of the servlets APIs
Table from docs.oracle.com/javaee/6/tutorial/doc/javaeetutorial6.pdf

9.3. Create filter and use them in web applications

 The objective of filters is to intercept request from user (or the response after servlet is completed). Defining URL patterns, the request that matches would be intercept before arriving to the resource (or before arriving the client in the case of intercepting response).

Filter is an interface with the following methods:
  • public void init(FilterConfig filterConfig)
  • public void destroy()
  • public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain). This method should include: chain.doFilter(request,response) the method doFilter() of FilterChain invokes the next filter.

 Filters in DD
<filter>
  <filter-name>NewFilter</filter-name>
  <filter-class>example.NewFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>NewFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

 The mapping can be declared using:
-URLpattern
-Servlet name
Also can be applied for request dispatchers (REQUEST, INCLUDE, FORWARD, ERROR). If the tag <dispatcher> is not present, by default is REQUEST

Filters are invoked in the order they are defined in the deployment descriptor (first mathing by URL pattern and then matching servlet-name).

 Example of a filter for authentication:

Annotations
@WebFilter:
@WebFilter(filterName = "NewFilter",
urlPatterns = {"/*"},
initParams = {
@WebInitParam(name = "user", value = "guest")})

Filter utilities:
-Authentication, authorization, 
-Request/response compression
-Launch triggers
-Logging
etc.

 OCEJWCD (SCWCD) - 1Z0-899 - Web Component Developer Certification
Posted by at No comments:
Labels: , , ,

Sunday, 28 June 2015

OCEJWCD.- 8.Developing JSP pages using custom tags (part 2)

OCEJWCD (SCWCD) - 1Z0-899 - Web Component Developer Certification
8.4.Write JSP code using several standard tags.

 In the previous sections we have reviewed the uses of standard tags. There is the option of defining custom tags, when JSTL and standard actions are not enough.

 -Using tag files ( implement tag functionality in a JSP)
-Using tag handlers (implement tag functionality in java class)
  -Simple
  -Classic (previous to JSP2.0)

 Example of tagFile:

 Example of simple tag handler:

 - Class that extends SimpleTagSupport and override doTag() method:

 - Create TLD for the tag:



 - Use the tags in a JSP:

 see the tag file in directive:  <%@ taglib prefix="myTag" tagdir="/WEB-INF/tags" %>
and tag handler in directive: <%@ taglib prefix="simple" uri="simpleTag" %>
Results:
In the example the tag file includes a button and the tag handler adds line with text and a checkbox.

 8.5.List capabilities of JSTL tags.

  • JSTL encapsulates, as simple tags, core functionality common to many JSP applications. A single tag and can be used on multiple JSP containers.
  • JSTL provides support for core iteration and control-flow features, text inclusion, internationalizaton-capable formatting tags, and XML-manipulation tags.
  • JSTL extensibility mechanisms: a framework for integrating custom tags with JSTL tags.

 OCEJWCD (SCWCD) - 1Z0-899 - Web Component Developer Certification
Posted by at No comments:
Labels: , , ,

Monday, 22 June 2015

OCEJWCD.- 8.Developing JSP pages using custom tags (part1)

OCEJWCD (SCWCD) - 1Z0-899 - Web Component Developer Certification
8.1.Relate the JSTL to common job roles in web application development and understand the use of tags in JSP developments.

 The Java Standard Tag Library is a collection of standard custom tags
JSTL have a set of libraries:
- Core library
- Formatting library
- XML library
- SQL library

 8.2.Recognize correct syntax for tags.

  • To escape XML or set to default and attribute

<c:out value="${message} escapeXml="true"/>

<c:out value="${user} default ="usuario1" />
  • Looping

<c:forEach var="item" items="${itemList}">

  ${item}

</c:out>
  • Conditions

<c:if test=${number eq 5}>

  Condition 1 displayed

</c:if>
  • Nested conditions

<c:choose>

  <c:when test....

  </c:when>

  <c:otherwise>

  </c:otherwise>

</c:choose>
  • set variable in a scope or a bean/map attribute:

<c:set var="name" scope="session" value="user1"/> 
*by default page scope

<c:set target="${beanPerson}" property="name" value="user1"/>
*if the bean is null throws an exception
  • include content dynamically that can be external to the container

<c:import url="....>
  • url rewriting and encoding

<c:url value="input.jsp" var="inputURL">

  <c:param name="name" value="${name}"/>

</c:url>
8.3.Configure a JSP to use tags from the JSTL.

 At application level the files: jstl.jar and standard.jar should be in WEB-INF/lib directory.

 In the JSP the following declaration should exist to use JSTL: taglib directive

 <%@taglib prefix="c" uri="http://java.sun.com/jstl/core_rt" %>

 See an example in post ocejwcd-6-more-view-facilities in section  6.5

 OCEJWCD (SCWCD) - 1Z0-899 - Web Component Developer Certification

Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)