Copyright: I don’t have anything. This is only my resume to OCMJEA 6 study based on Bambara’s book (an excellent one, if you can, buy it here). All the images are from the book and from Google Images. Personal use only. Sorry for english errors. Sergio Figueras (sergio@yourecm.com).

OCMJEA 6 - Study Book
Java EE 6 Enterprise Architect Certified Master 1Z0-807
5. Web Tier Technologies
552510af62b351b3134c470e_Screen%20Shot%202015-04-08%20at%2008.35.17.png

CERTIFICATION OBJECTIVE 6.01 –Identify the Benefits and Drawbacks of Using URL Rewriting and Cookies to Manage HTTP Session State

1. HTTPSession Object & URL Rewriting

As HTTP protocol is stateless, Java uses HTTPSession object as a session holder. This objects contains a map of property/value that you can get to see attributes hold in session. This is a example of HTTPSession being used:

552516ca62b351b3134c4875_Screen%20Shot%202015-04-08%20at%2008.58.31.png

As we can see, first we get the session from request object, and then we use getAttribute(String attr) method. There’re some Listeners that we can use to see changes in HTTPSession.
 - javax.servlet.http.HttpSessionBindingListener interface: see when some data is added or removed from HTTPSession.
 - javax.servlet.http.HttpSessionActivationListener interface: see when the session is activate or passivate. (passivate means moved from VMs or restored from persistence.)
- Also, they have the max inactive period, which can be recovered using get/setMaxInactivePeriod()
- You can use invalidate() method to invalidate the HTTPSession.

You can map a user to a specific session saving their ID into a cookie. If the user don’t have cookies activated, you can do some URL rewriting and use his ID in URL, something like: http://www.myjeeapp.com/cart?jsessionid=123baacd1.
This is not a good practice because the security of this is not ok. You’re showing the user state on a URL to anyone. By default, the session control is made using cookies. 
If you wanna check if that session is coming from cookies, you can ask with method isRequestedSessionFromCookie()

For example, as WAP (Wireless Application Protocol) doesn't support cookies, and you probably want to add session tracking, you should use <url-session-tracking/> tag on you web descriptor.

CERTIFICATION OBJECTIVE 6.02 – Identify appropriate uses for JSP and Servlet Technology, and JavaServer Faces in a given JavaEE application

1. Web Tier

Are concerns of Web Tier:

5525220462b351b3134c4a0c_Screen%20Shot%202015-04-08%20at%2009.49.11.png

2. Servlet Lifecycle

5525229262b351b3134c4a17_Screen%20Shot%202015-04-08%20at%2009.51.24.png

3. JSP Lifecycle

552523b8b3a186411a4ec039_Screen%20Shot%202015-04-08%20at%2009.56.09.png

4. JSF Lifecycle

5525259869f19db11306c394_Screen%20Shot%202015-04-08%20at%2010.04.37.png

5. MVC

55252a1369f19db11306c443_Screen%20Shot%202015-04-08%20at%2010.23.29.png

CERTIFICATION OBJECTIVE 6.03 - Identify the Benefits of Using an EJB Container with a Web Container instead of a Web Container alone

CERTIFICATION OBJECTIVE 6.04 - Identify the Differences between Client Pull and Server Push Architectures

CERTIFICATION OBJECTIVE 6.05 - Identify the Benefits and Drawbacks of Using a Browser to Access Asynchronous, Lighweight Processes on the Server