Shulou(Shulou.com)06/03 Report--

This article will explain in detail what the basic knowledge of Java code audit is. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

JSP lifecycle

Keywords: Web server, JSP container, JVM (Java virtual machine), servlet

Detailed process:

The client initiates to the Web server

The JSP web page requests the Web server to send the request to the JSP container (middleware)

The JSP engine in the JSP container converts HTTP requests into Servlet

The JSP engine then compiles the Servlet into an executable class class and hands the original request to the Servlet engine

A component of the Web server will call the servlet engine, then load and execute the servlet class. In the process of execution, servlet generates output in HTML format and gives it to the Web server on the response of HTTP.

The Web server returns the response of HTTP to the browser as a static HTML web page

War packet structure

In web.xml, there will be framework information for this project, tripartite software information, such as Spring,Filter filters, etc.

JAVA built-in object

Java built-in objects can be obtained directly for use without new. For example, out.print ()

Request,response,pageContext,session,application,out,config,page,exception

PageContex is convenient to write Java code directly in JSP.

Sharing objects when two pages of application interact

Dangerous function getParameter () # get parameter getcookies () # get session getQueryString () # get SQL statement getHeaders () # get HTTP request header Runtime.exec () # execute system command logger.info () # log output, which can cause the risk of information disclosure

Dangerous keyword: password,upload,download

Noun concept

Servlet:Java Servlet is a program that runs on a Web server or application server. Servlet is a component running on a web server that connects client requests to the server database (or application layer).

Tomcat is a Web application server and a Servlet/JSP container.

Tomcat, as a Servlet container, is responsible for processing the client's request (executing the java program), handing the request to the Servlet and passing the Servlet response to the customer.

Tomcat as a JSP container, …

The difference between Servlet and JSP

Servlet is a Java program executed on the server side, and the Servlet container (that is, the server) is responsible for executing the Java program. JSP (Java Server Page) is a page that is executed by the JSP container.

Servlet is based on Java program, and you need to use out.println function when outputting HTML code, that is to say, HTML; is embedded in Java and HTML page is used in JSP. You can insert Java code directly, that is, Java is embedded in HTML.

Jsp is to write Java code in HTML, servlet is to write HTML in java code.

Tomcat is a container, middleware, and web application server.

Servlet is a component

JSP is a dynamic web technology.

WAR package: a Java project is released to middleware in the form of a War package. If you can get the WAR package and decompile it, you can audit the code.

This is the end of this article on "what are the basics of Java code auditing". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.