Set - 4

Question 16 :

How can I run multiple instances of the same servlet class in the same WebLogic Server instance?

Answer :

If you want to run multiple instances, your servlet will have to implement the SingleThreadModel interface. An instance of a class that implements the SingleThreadModel interface is guaranteed not to be invoked by multiple threads simultaneously. Multiple instances of a SingleThreadModel interface are used to service simultaneous requests, each running in a single thread.
When designing your servlet, consider how you use shared resources outside of the servlet class such as file and database access. Because there are multiple instances of servlets that are identical, and may use exactly the same resources, there are still synchronization and sharing issues that must be resolved, even if you do implement the SingleThreadModel interface.


Question 17 :

How do I restrict access to servlets and JSPs?

Answer :

The Java Servlet API Specification v2.2 allows you to declaratively restrict access to specific Servlets and JSPs using the Web Application Deployment descriptor. Section 13.3.2 of the specification has an example deployment descriptor that uses declarative security. For more information, see Programming WebLogic HTTP Servlets.


Question 18 :

How do I protect WebLogic Server from security attacks from bogus clients using the WL-Proxy-Client-Cert header?

Answer :

The WL-Proxy-Client-Cert header can be spoofed (used) by any client which has direct access to WebLogic Server. WebLogic Server takes the certificate information from that header, trusting that is came from a secure source (the plug-in) and use that information to authenticate the user. In previous releases of WebLogic Server, the default behavior was to always trust that header. Now you need to explicitly define trust of the WL-Proxy-Client-Cert header. A new parameter clientCertProxy allows WebLogic Server to on the implicit trust of the certificate header. If you need an additional level of security, use a connection filter to limit all connections into WebLogic Server (therefore allowing WebLogic Server to only accept connections from the machine on which the plug-in is running).
The clientCertProxy parameter has been added to the HTTPClusterServlet and Web applications.
For the HTTPClusterServlet, add the parameter to the web.xml file as follows:

clientCertProxy
true


For Web applications, add the parameter to the web.xml file as follows:

ServletRequestImpl context-param

weblogic.http.clientCertProxy
true


You can also use this parameter in a cluster as follows:
ClientCertProxyHeader="true"/>


Question 19 :

Which XML parser comes with WebLogic Server 6.1?

Answer :

We bundle a parser, based on Apache's Xerces 1.3.1 parser, in WebLogic Server 6.1. In addition, we include a WebLogic proprietary high-performance non-validating parser that you can use for small to medium sized XML documents. The WebLogic XML Registry allows you to configure the parser you want to use for specific document types.


Question 20 :

Can I use the getAttribute() and setAttribute() methods of Version 2.2 of the Java Servlet API to parse XML documents?

Answer :

Yes. Use the setAttribute() method for SAX mode parsing and the getAttribute() method for DOM mode parsing. Using these methods in a Servlet, however, is a WebLogic-specific feature. This means that the Servlet may not be fully portable to other Servlet engines, so use the feature with caution.