JavaEE Tips

Difference between Forward and Redirect


  • forward is performed internally by the servlet
  • the browser is completely unaware that it has taken place, so its original URL remains intact
  • any browser reload will simple repeat the original request, with the original URL
  • When u forward a jsp page from one page to another, the same request object is handling the processing of the request
  • in forward u maintain ur servletcontext
  • Browser url will not change


  • redirect is a two step process, where the web application instructs the browser to fetch a second URL, which differs from the original
  • a browser reload of the second URL will not repeat the original request, but will rather fetch the second URL
  • redirect is always slower than a forward, since it requires a second browser request
  • beans placed in the original request scope are not available to the second request
  • When u do redirect a new servletcontext is started and ur previous servlet context is lost
  • Browser url will change to the new one

In general, a forward should be used if the operation can be safely repeated upon a browser reload of the resulting web page; otherwise, redirect must be used.

HTTP verbs

The method attribute of the FORM element specifies the HTTP method used to send the form to the processing agent. This attribute may take two values: get or post.


  • With the HTTP "get" method, the form data set is appended to the URI specified by the action attribute (with a question-mark ("?") as separator) and this new URI is sent to the processing agent.
  • The "get" method should be used when the form is idempotent (i.e., causes no side-effects). Many database searches have no visible side-effects and make ideal applications for the "get" method.
  • The "get" method restricts form data set values to ASCII characters.
  • With the GET method you are limited as to how much information can be passed.
  • The GET method publicly sends the input to the handling script (which means that, for example, a password which is entered in a form becomes viewable by anyone within eyesight of the Web browser, creating a larger security risk)
  • A page generated by a form that used the GET method can be bookmarked.
  • You should not use Get to update or delete.


  • With the HTTP "post" method, the form data set is included in the body of the form and sent to the processing agent.
  • If the service associated with the processing of a form causes side effects (for example, if the form modifies a database or subscription to a service), the "post" method should be used.
  • Only the "post" method (with enctype="multipart/form-data") is specified to cover the entire [ISO10646] character set.
  • A page generated by a form that used the POST can not be bookmarked!
  • Get request can be seen in the browser url in query string but Post request can not.
  • Post can handle more data but Get is limited in size.


  • Very similar to post and used for overwriting or adding data.


  • is used to issue a request for a resource without actually retrieving it. it is a way to check the existence of a resource or get meta data about it.


  • To see if there are more verbs on the resource

Difference between HTTP parameter and attibute

Request parameters are the result of submitting an HTTP request with a query string that specifies the name/value pairs, or of submitting an HTML form that specifies the name/value pairs. The name and the values are always strings. When you do a post from html, data can be automatically retrieved by using request.getParameter(). Parameters are Strings, and generally can be retrieved, but not set.

Request attributes (more correctly called "request-scoped variables") are objects of any type (No just String) that are explicitly placed on the request object via a call to the setAttribute() method. They are retrieved in Java code via the getAttribute() method and in JSP pages with Expression Language references. Always use request.getAttribute() to get an object added to the request scope on the serverside i.e. using request.setAttribute().getAttribute returns an object but getParameter returns String.

Session Management

User session management can be done in server or/and in client side. Client side session management can be done using html hidden fields or cookies. Both have their own drawbacks and are not recommended.
Session is better to be saved in business tier or integration tier.

View (Presentation) Security

1- Controller based: a controller redirects requests to resources
2- Using taglibs to guard all or portions of a page
3- Applying roles and restrictions in web.xml
4- Placing resources under WEB-INF

Duplicate Form Submissions

Synchronizer Token strategy addresses the problem of duplicate form submissions. A synchronizer token is set in a user's session and included with each form returned to the client. When that form is submitted, the synchronizer token in the form is compared to the synchronizer token in the session. The tokens should match the first time the form is submitted. If the tokens do not match, then the form submission can be disallowed and an error returned to the user. Token mismatch might occur when the user submits a form, then clicks the Back button in the browser and attempts to resubmit the same form. Most of web frameworks have their own way of tackling this issue.

Request Integrity

Suppose we have a bean with properties "name" and "address".
1- We set name = "reza" and address="aus" in request 1
2- In request 2 we set name = "ali" and do not set address but the address property in the bean will still be "aus" Why?

Because the spec says to make no changes to the matching bean property in this case.
So you have to make sure to SET values in every request, in this case to null or "".
Always reset all state in beans between requests

Html Response Codes

  • 2xx Success (200 ok, 204 request ok but no content)
  • 3xx Redirection (301 moved permanently)
  • 4xx Client Error (400 back request, 403 forbidden, 404 not found)
  • 5xx Server Error (500 internal server error, 503 service unavailable)
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License