JEE - Spring - Spring Boot Flashcards
What is JEE ?
JEE is Jakarta EE, a java framework to build web applications
What are Key components in JEE ?
*Servlets
*JSP : Java ServerPages
*EJB : Enterprise Java Beans
*JMS : Java Message Service
*JTA : Java Transaction API
*JPA : Java Persistence API
*CDI : Context and Dependency Injection
*JAX-RS : Java API for RESTful Web Services
*JAX-WS : Java API for Web Services
Why we need application servers ?
JEE applications are deployed and run on application servers that support JEE specifications
Give some popular JEE application servers
*Apache Tomcat
*WildFly ( JBoss )
*GlassFish
*WebLogic ( by Oracle )
*WebSphere ( by IBM )
What is servlet ?
*Servlet is a JEE server-side component that handle HTTP requests/responses
*Servlet is a class which extends HttpServlet ,redefine methods like doGet(),doPost(),doPut(),doDelete(),doHead() , and make processes on server side after receiving HTTP requests.
*La méthode doX() est exécutée si la requête HTTP est envoyée avec la méthode X.
____________________________________________
method syntax : doGet(req,resp)
What are Sevlets lifecycle methods ?
*init() : invoked before app start
*service()
*destroy() : invoked before class object destroyed.
What is JSP ?
JSP is a technology that allows embedding java code directly in HTML for generating dynamic content
=> the code in jsp file gets compiled into a servlet by web container ( Tomcat ).
What is JPA ?
JPA is a specification for managing relational data in java apps.It provides an Object-Relational Mapping (ORM) mechanism to map java objects to database tables and vice versa
=> JPA eliminates the need for manual JDBC ( Java Database Connectivity ) code and simplifies database interactions.
=> JPA uses Entity Classes to represent database tables.
=> Common annotations : @Entity, @Id , @OneToMany …
What is JAX-RS ?
Used for creating RESTful WS, works over HTTP and stateless.REST based on HTTP methods ( GET,POST,PUT,DELETE,OPTIONS,HEAD…)
=> supports different data format : XML , JSON…
What is JAX-WS ?
Building SOAP WS. It supports only XML format.
What is Socket ?
Socket is an interface for network communication to receive/send data over network. It is commonly used in a client-server architecture where a client connects to a server with IP address and port number.
TCP sockets provide a reliable communication , while UDP sockets offer faster but less reliable communication
________________________________________
Example of sockets use : web browsers,chat apps, and real-time multiplayer games
What are Socket components ?
*IP Address : usually IPv4 or IPv6
*Port Number : port 80 for HTTP, 443 for HTTPS , 3306 for MySQL
*Protocol : TCP or UDP
What is Communication Process for Client-Server Model ?
*A client specifies IP address and port number.
*Once connection established , client and server can send/receive data through the socket
=>vice versa ( server instead of client ) for steps above
What is HTTP ?
HTTP (HyperText Transfer Protocol) is a protocol to restore data from a server
What is CORS ?
CORS ( Cross-Origin Resource Sharing ) is a security feature implemented by web browsers to prevent malicious websites from making unauthorized requests on a different domain ( origin ) than the one from which the page was served.It is a protocol that allows or restrict resources to be accessed by different origin.
What is Origin in the context of CORS ?
An origin is defined by the combination of:
Protocol (e.g., HTTP, HTTPS)
Domain (e.g., example.com)
Port (e.g., 8080)
Why CORS is needed ?
*Enforce Same-Origin Policy (SOP)
*prevent CSRF (Cross-Site Request Forgery) and XSS (Cross-Site Scripting) attacks
What are common CORS headers ?
*Access-Control-Allow-Origin
*Access-Control-Allow-Methods
*Access-Control-Allow-Headers
*Access-Control-Allow-Credentials
What are common code status ?
1xx: Informational Responses
________________________________________
2xx:Successful Reponses
=>200:OK
=>201:CREATED
_________________________________________
3xx :Redirection Responses
=>301:Moved Permanently
=>302:Found (Moved Temporarily)
________________________________________
4xx:Client Error Reponses
=>400:Bad Request
=>401:Unauthorized
=>403:Forbidden
=>404:Not Found
=>405:Method Not Allowed
=>408:Request Timeout
________________________________________
5xx:Server Error Responses
=>500:Internal Server Error
=>502:Bad Gateway
=>504:Gateway Timeout
What are Cookies ?
Cookie is a small piece of data sent by server and stored on client (browser). The client then send this cookie back to server on subsequent requests to the same domain.
What are Cookies key points ?
*Storage : a cookie is stored on client
*Persistence : a cookie can be persistent (stored for a set of duration) or session-based (deleted after browser closed)
*Data size : Small
*Security : less secure (because it is stored on client side , then exposed )
*Use case : used to store user preferences/identication, tracking, simple data…
What are Sessions ?
Session is a server-side mechanism that is used to store data about client across multiple HTTP requests .Unlike cookies, session data is stored on server side, and the client use a Session ID (stored in cookie) to identify the session.
What are Sessions key points ?
Storage : a session is stored on server side
Persistence : session can last until a user log out or after a period of inactivity
Data Size: Larger
Security : more secure (stored on server , not exposed)
Use cases:Authentication , user data , complex information.
Identification : server identify a session by unique Session ID passed between client and server via cookies or URL parameters.
What is CSRF ?
CSRF (Cross-Site Request Forgery) is a type of web security vulnerability that trick a user on performing unintended actions on web apps in which they are authenticated.It exploits the trust of website on user’s browser,and occurs when attacker gets a user to send malicious requests ( like making transaction ) without their knowledge.
______________________________________
Example of how it works :
Attacker send a malicious form , which victim fill then without knowing (by user) it performs actions like making a transaction.
How we prevent CSRF ?
use CSRF synchronizer Token , which is unique , has a period of validity, generated by server and associated with user session
What is XSS ?
XSS ( Cross-Site Scripting ) is a type of web security vulnerability that allows attacker to use multiple scripts on web pages viewed by user. It is used for stealing sensitive information like login credentials or cookies , performing actions on behalf of the user or redirecting user to malicious websites.
How to prevent XSS ?
*Input validation and sanitization ( prevent special characters like ‘<’ and ‘>’ )
*Use ‘HttpOnly’ and ‘Secure’ flags on cookies
*Avoid embedding javascript code directly on HTML
SOAP VS REST ?
SOAP : is a protocol , use only XML
__________________________________
REST : is an architectural style , use multiple format like XML , JSON …
