MCS-220

SOLVED ASSIGNMENT
2024-25
Course Code
MCS-220
Course Title
Web Technologies
Assignment Number
Maximum Marks
MCA_NEW(II)/220/Assign/2024-25
Weightage
100
Last date of Submission
30%
31 October, 2024 (For July, 2024 Session)
15th April, 2025 (For January, 2025 Session)
This assignment has nine questions of 80 Marks. Answer all questions. Rest 20 marks
are for viva voce. You may use illustrations and diagrams to enhance the explanations.
Please go through the guidelines regarding assignments given in the Programme Guide
for the format of presentation.
(5 Marks)
Q1: (a) What is need of design pattern? Explain the use of Repository Design Pattern
with the help of an example.(5 Marks)
Ans. Need for Design Patterns

Design patterns provide reusable solutions to common software design problems. They serve
as templates that help developers create flexible, scalable, and maintainable software
architectures. Here are some key reasons why design patterns are needed:

1. Standardization: They offer a standard terminology and are specific to particular scenarios.
2. Best Practices: They encapsulate best practices that have been proven effective over time.
3. Efficiency: They can save time by providing tested, proven development paradigms.
4. Maintainability: They enhance code readability and make it easier to maintain and modify
software.
5. Scalability: They provide solutions that can scale with the complexity and size of software
applications.

Page 1 of 59
Repository Design Pattern

The Repository Design Pattern is used to abstract the data layer, enabling the separation of
the data access logic and the business logic. It acts as a mediator between the domain and
data mapping layers, ensuring that the business logic remains clean and focused.

Benefits

1. Decoupling: It decouples the application from the data access code.

2. Testability: It enhances testability by allowing the data access code to be mocked or
stubbed.
3. Centralized Data Logic: It centralizes the data access logic, making it easier to manage and
maintain.
4. Code Reusability: It promotes code reusability by separating data access from business
logic.

Example

Consider a simple example of a repository pattern in a C application for managing `Product`

entities.

1. Product Entity

2. IProductRepository Interface

Page 2 of 59
3. ProductRepository Implementation

Page 3 of 59
4. Using the Repository in Business Logic

Page 4 of 59
Explanation

- Product Entity: Represents the data model.

- IProductRepository Interface: Defines the contract for data operations on `Product`.
- ProductRepository Implementation: Provides the actual implementation of data operations.
- ProductService: Uses the repository to perform business logic operations on `Product`.

By using the Repository Design Pattern, the data access logic is abstracted away, making the
`ProductService` class cleaner and focused solely on business logic. This separation
simplifies testing, maintenance, and scalability of the application.

(b) What is the difference between JAR and WAR files? Describe the process of
creation, deployment and extraction of WAR files.
Ans. Difference Between JAR and WAR Files

JAR (Java ARchive) Files

Page 5 of 59
1. Purpose: JAR files are used to package Java classes, metadata, and resources (like text and
images) into a single file to distribute Java applications and libraries.
2. Structure: Contains compiled Java classes (`.class` files), configuration files, and resources.
It can also include a manifest file (MANIFEST.MF) which provides information about the
files and can specify the main class to run the application.
3. Usage: Primarily used for desktop applications, libraries, and reusable components.
4. Execution: Can be executed directly if it contains an executable main class defined in the
manifest file.

WAR (Web Application Archive) Files

1. Purpose: WAR files are used to package web applications, including Java servlets, JSPs,
HTML, JavaScript, and other resources necessary for web application deployment.
2. Structure: Contains a specific directory structure, including a `WEB-INF` directory which
houses web.xml (deployment descriptor), classes (compiled Java classes), lib (library JAR
files), and other resources.
3. Usage: Specifically used for deploying web applications to a Java EE servlet container or
application server (e.g., Apache Tomcat, JBoss).
4. Execution: Deployed to a servlet container or application server, not executed directly.

Creation, Deployment, and Extraction of WAR Files

Creation of WAR Files

1. Directory Structure: Organize your project with a specific structure:

Page 6 of 59
2. Compile Classes: Ensure all Java classes are compiled and placed in the `WEB-
INF/classes` directory.
3. Package into WAR: Use the `jar` command to package the files:

This command creates a WAR file named `myapp.war` from the contents of the `myapp`
directory.

Deployment of WAR Files

1. Copy WAR File: Copy the WAR file to the webapps directory of your servlet container
(e.g., Apache Tomcat):

2. Automatic Deployment: The servlet container will automatically deploy the WAR file
when it starts or when it detects a new WAR file in the webapps directory.
3. Access the Application: Once deployed, access the application through a web browser at
the appropriate URL, e.g., `http://localhost:8080/myapp`.

Extraction of WAR Files

1. Extract WAR File: Use the `jar` command or any ZIP extraction tool to extract the contents
of the WAR file:

This command extracts the contents of the `myapp.war` file into the current directory.
2. Verify Contents: Check the extracted files to ensure they match the original directory
structure.

Summary

Page 7 of 59
- JAR Files: Used for packaging Java applications and libraries, can be executed directly.
- WAR Files: Used for packaging web applications, deployed to a servlet container.
- Creation: Organize files, compile classes, and package using `jar` command.
- Deployment: Copy WAR file to the webapps directory of the servlet container.
- Extraction: Use the `jar` command or ZIP tool to extract contents.

These processes facilitate the organization, distribution, and deployment of Java applications,
ensuring modularity and ease of use in various environments.

Q2: (a) What is Servlet interface? Differentiate between Generic Servlet and
HTTPServlet? (5 Marks)
Ans. Servlet Interface

The `Servlet` interface defines methods that all servlets must implement. Servlets are Java
classes that run on a server and handle client requests. The `Servlet` interface is part of the
Java Servlet API and provides the foundation for creating servlets.

Methods of the Servlet Interface

1. `init(ServletConfig config)`: Initializes the servlet. Called once when the servlet is first
loaded.
2. `service(ServletRequest req, ServletResponse res)`: Handles client requests. Called for
each request to the servlet.
3. `destroy()`: Called once when the servlet is being taken out of service. Allows for cleanup
activities.
4. `getServletConfig()`: Returns the `ServletConfig` object, which contains configuration
information for the servlet.
5. `getServletInfo()`: Returns a `String` containing information about the servlet, like author
and version.

GenericServlet vs. HttpServlet

GenericServlet

Page 8 of 59
- Inheritance: Directly implements the `Servlet` interface and provides a framework for
handling generic (protocol-independent) requests and responses.
- Usage: Suitable for creating protocol-independent servlets. Not tied to any specific protocol
like HTTP.
- Methods:
- `service(ServletRequest req, ServletResponse res)`: Must be overridden to handle requests.
- Convenience methods: Provides convenience methods for handling initialization (`init`),
destruction (`destroy`), and access to configuration (`getServletConfig`).
- Example:

HttpServlet

Page 9 of 59
- Inheritance: Extends `GenericServlet` and provides methods specifically designed for
handling HTTP requests.
- Usage: Suitable for creating web applications that use the HTTP protocol.
- Methods:
- `doGet(HttpServletRequest req, HttpServletResponse res)`: Handles HTTP GET requests.
- `doPost(HttpServletRequest req, HttpServletResponse res)`: Handles HTTP POST
requests.
- Other methods: Provides methods for other HTTP request types like `doPut`, `doDelete`,
`doHead`, etc.
- Convenience methods: Inherits methods from `GenericServlet` for initialization,
destruction, and configuration access.
- Example:

Page 10 of 59
Page 11 of 59
Key Differences

1. Protocol Handling:
- GenericServlet: Protocol-independent, suitable for any type of protocol.
- HttpServlet: Specifically designed for HTTP protocol, handling GET, POST, and other
HTTP methods.

2. Method Structure:
- GenericServlet: Requires overriding the `service` method to handle requests.
- HttpServlet: Provides specific methods like `doGet` and `doPost` for handling different
types of HTTP requests.

3. Ease of Use:
- GenericServlet: Requires more effort to handle different protocols as it lacks built-in
support for HTTP-specific features.
- HttpServlet: Simplifies web application development with built-in support for HTTP
methods and features.

4. Application:
- GenericServlet: Rarely used for web applications due to lack of HTTP-specific support.
- HttpServlet: Widely used in web application development for handling HTTP requests
efficiently.

Conclusion

The `Servlet` interface lays the foundation for servlets in Java. While `GenericServlet`
provides a protocol-independent base, `HttpServlet` extends it to offer robust support for the
HTTP protocol, making it the preferred choice for web application development.

(b) Briefly explain servlet life cycle. Also, explain the request and response sponse in the
HTTP?
Ans. Servlet Life Cycle

Page 12 of 59
The servlet life cycle defines the process from the creation to the destruction of a servlet in a
web server or application server. It consists of the following phases:

1. Loading and Instantiation: The servlet container loads the servlet class and creates an
instance of the servlet. This happens only once when the servlet is first requested or when the
server starts up.

2. Initialization (`init` method): The `init` method is called once after the servlet instance is
created. The `ServletConfig` object is passed to the `init` method, allowing the servlet to read
its configuration parameters. This method is used for initialization tasks like setting up
database connections or reading configuration files.

3. Request Handling (`service` method): The `service` method is called for each client
request. It determines the type of request (GET, POST, etc.) and calls the corresponding
method (doGet, doPost, etc.).

4. Destruction (`destroy` method): The `destroy` method is called once before the servlet
instance is destroyed. This method is used for cleanup tasks like closing database connections
or releasing resources.

Page 13 of 59
HTTP Request and Response

HTTP Request

An HTTP request is sent by a client to a server to request data or action. It consists of:

1. Request Line: Contains the HTTP method (GET, POST, etc.), the requested resource path,
and the HTTP version.

2. Headers: Provide additional information about the request. Common headers include
`Host`, `User-Agent`, `Accept`, and `Content-Type`.

3. Body: (Optional) Contains data sent to the server, typically used with POST and PUT
methods.

HTTP Response

Page 14 of 59
An HTTP response is sent by the server to the client and consists of:

1. Status Line: Contains the HTTP version, status code, and status message.

2. Headers: Provide additional information about the response. Common headers include
`Content-Type`, `Content-Length`, `Set-Cookie`, and `Cache-Control`.

3. Body: Contains the data returned by the server, such as HTML, JSON, or binary data.

Summary

1. Servlet Life Cycle: Involves loading and instantiation, initialization (`init`), request
handling (`service`), and destruction (`destroy`).

Page 15 of 59
2. HTTP Request: Comprises a request line (method, resource path, HTTP version), headers,
and an optional body.
3. HTTP Response: Comprises a status line (HTTP version, status code, status message),
headers, and a body with the requested data.

Q3: (a) Explain the advantages of Java Server Pages over the servlet. Also, write a JSP
program for Fibonacci Series. (5 Marks)
Ans. Advantages of JavaServer Pages (JSP) Over Servlets

JavaServer Pages (JSP) and servlets are both server-side technologies used for building
dynamic web applications. While both have their own use cases, JSP offers several
advantages over servlets:

1. Ease of Use:
- JSP: Allows embedding Java code directly into HTML using special tags, making it easier
for web designers to create and maintain.
- Servlets: Require writing Java code to generate HTML, which can become cumbersome
and less readable for complex HTML layouts.

2. Separation of Concerns:
- JSP: Encourages the separation of business logic from presentation by allowing the use of
JavaBeans, custom tags, and expression language (EL) for business logic.
- Servlets: Typically mix business logic with presentation logic, making the code harder to
maintain.

3. Development Speed:
- JSP: Faster development cycle due to easier syntax and direct embedding of HTML.
- Servlets: Slower development cycle as developers need to write extensive code for HTML
generation.

4. Automatic Compilation:
- JSP: Automatically compiled by the server into servlets, which means changes can be
made to JSP files without recompiling the entire application.
- Servlets: Require recompilation of the Java code after changes.

Page 16 of 59
5. Readable and Maintainable:
- JSP: Easier to read and maintain for web designers and developers since the HTML is
more visible and less interspersed with Java code.
- Servlets: Harder to read and maintain due to interspersed Java code within HTML
generation logic.

JSP Program for Fibonacci Series

Here's a simple JSP program that generates the Fibonacci series up to a specified number of
terms:

FibonacciSeries.jsp

Page 17 of 59
Explanation

1. Page Directive:
- `<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>` specifies the language as Java, content type as HTML, and
character encoding as UTF-8.

2. HTML Form:
- A form with a text input field for the user to enter the number of terms in the Fibonacci
series and a submit button.

3. JSP Scriptlet:
- A scriptlet to process the form input and generate the Fibonacci series.
- `String termsParam = request.getParameter("terms");` retrieves the number of terms
entered by the user.

Page 18 of 59
 - If `termsParam` is not null, it parses the number of terms and generates the Fibonacci
series.
- The Fibonacci series is generated using a simple loop, and the results are printed out
within a paragraph.

This JSP program illustrates how easily HTML and Java can be combined to create dynamic
web content, showcasing the advantage of JSP over servlets in terms of simplicity and
maintainability.

(b) Explain the various components of JSP with suitable code.(5 Marks)
Ans. Components of JSP

JavaServer Pages (JSP) is a technology that allows for the creation of dynamic web pages
using Java. JSP pages consist of several key components that enable the mixing of HTML
with Java code to create dynamic content. These components include directives, scriptlets,
expressions, declarations, standard actions, and custom tags. Below is an explanation of each
component with suitable code examples.

1. Directives

Directives provide global information about an entire JSP page and control the processing of
the entire page. The most commonly used directives are `page`, `include`, and `taglib`.

- Page Directive: Defines page-dependent attributes like language, content type, error pages,
etc.

- Include Directive: Includes a file during the translation phase.

Page 19 of 59
- Taglib Directive: Declares a tag library that contains custom tags.

2. Scriptlets

Scriptlets contain Java code that is executed every time the JSP page is requested. Scriptlets
are enclosed within `<% %>` tags.

3. Expressions

Expressions are used to output the value of a Java expression directly into the HTML output.
Expressions are enclosed within `<%= %>` tags.

4. Declarations

Declarations declare one or more variables or methods that can be used later in the JSP page.
Declarations are enclosed within `<%! %>` tags.

Page 20 of 59
5. Standard Actions

Standard actions perform various tasks such as forwarding requests, including content, and
handling JavaBeans. They are XML tags defined by the JSP specification.

- `<jsp:include>`: Includes a file at request time.

- `<jsp:forward>`: Forwards the request to another page.

- `<jsp:useBean>`: Finds or instantiates a JavaBean.

Page 21 of 59
6. Custom Tags

Custom tags are user-defined tags that encapsulate reusable functionality. They are defined in
tag libraries and used in JSP pages with the `taglib` directive.

- Custom Tag Library Descriptor (TLD): Defines the custom tags.

- Using Custom Tag in JSP:

Example JSP Page with All Components

Page 22 of 59
Page 23 of 59
Explanation

1. Directives: The page, include, and taglib directives set up the page configuration, include a
header file, and declare tag libraries.
2. Scriptlet: Defines a message variable and prints it to the output.
3. Expression: Outputs the current date.
4. Declaration: Declares a counter variable and a method to increment it.
5. Standard Actions: Includes a footer file and uses a conditional tag from the JSTL core
library.
6. Custom Tag: Uses a custom tag defined in the tag library.

This example demonstrates the various components of JSP, highlighting their usage and
integration to create dynamic and maintainable web pages.

Q4: What do you mean by JDBC? Explain how we retrieve data from database using
suitable JSP program. (5 Marks)
Ans. JDBC (Java Database Connectivity)

JDBC is a Java API that allows Java applications to interact with databases. It provides
methods for querying and updating data in a database. JDBC acts as a bridge between Java
applications and various database management systems (DBMS).

Key Components of JDBC

1. Driver Manager: Manages a list of database drivers. It matches connection requests from
the Java application with the appropriate database driver using communication subprotocols.
2. Driver: Handles the communications with the database server.
3. Connection: Represents a connection to a specific database.
4. Statement: Executes SQL queries against the database.
5. ResultSet: Represents the result set of a query. It provides methods for retrieving and
manipulating data.
6. SQLException: Handles any errors that occur during a database interaction.

Page 24 of 59
Steps to Retrieve Data from a Database Using JSP and JDBC

1. Load the JDBC Driver: Register the JDBC driver.

2. Establish a Connection: Connect to the database using the `Connection` object.
3. Create a Statement: Create a `Statement` or `PreparedStatement` object to execute SQL
queries.
4. Execute a Query: Use the `Statement` object to execute a SQL query and retrieve data in a
`ResultSet`.
5. Process the ResultSet: Iterate through the `ResultSet` to process the retrieved data.
6. Close the Connection: Close the `ResultSet`, `Statement`, and `Connection` objects to
release resources.

JSP Program to Retrieve Data from a Database

Database Table: `students`

Assume we have a database table named `students` with the following structure:

JSP File: `RetrieveData.jsp`

Page 25 of 59
Page 26 of 59
Explanation

1. Page Directive: Imports the `java.sql.` package to use JDBC classes.

2. Database Connection Details: Defines the database URL, username, and password.
3. JDBC Code Block:
- Loads the JDBC driver: `Class.forName("com.mysql.cj.jdbc.Driver")`.
- Establishes a connection: `DriverManager.getConnection(url, user, password)`.
- Creates a statement: `conn.createStatement()`.
- Executes a query: `stmt.executeQuery(sql)`.
- Processes the result set: Iterates through `rs` and outputs the data in an HTML table.
4. Exception Handling: Catches and prints any exceptions that occur.
5. Resource Cleanup: Closes the `ResultSet`, `Statement`, and `Connection` objects in the
`finally` block to ensure resources are released.

Summary

JDBC provides a standardized way to interact with databases in Java. By following the steps
outlined above, we can retrieve data from a database and display it in a JSP page. This

Page 27 of 59
example demonstrates a typical use case of JDBC in a web application, highlighting the
simplicity and power of combining JSP and JDBC for dynamic data retrieval and
presentation.

Q5:What are the Strut2 core components? Explain the working and flow of Struts 2
with the help of suitable diagram (5 Marks)
Ans. Struts 2 Core Components

Struts 2 is a popular Java web application framework that simplifies the development of web
applications by providing a clean MVC (Model-View-Controller) architecture. The core
components of Struts 2 include:

1. Action: Represents the controller in the MVC pattern. Actions are Java classes that handle
user requests, process business logic, and determine the appropriate view to display.

2. Interceptor: Acts as a reusable piece of code that can be executed before and after an action
is executed. Interceptors are used for cross-cutting concerns like validation, file upload,
logging, and more.

3. ValueStack and OGNL (Object-Graph Navigation Language): The ValueStack stores the
data that needs to be presented to the user. OGNL is used to manipulate the data on the
ValueStack.

4. ActionContext and ActionInvocation: ActionContext holds the context information of an

action execution. ActionInvocation represents the state of the action execution and is
responsible for invoking the interceptors and the action.

5. Result: Defines the outcome of an action execution, typically determining which view to
render. Results are usually JSP pages, but they can also be other types of views.

6. Configuration Files: `struts.xml` is the main configuration file where actions, interceptors,
and results are defined.

Working and Flow of Struts 2

Page 28 of 59
The working and flow of Struts 2 can be understood through the following steps and the
accompanying diagram:

1. Client Request: The client sends a request to the server.

2. FilterDispatcher: The request is intercepted by the `FilterDispatcher` (now
`StrutsPrepareAndExecuteFilter`), which initializes the Struts 2 framework and delegates
control to the appropriate action.
3. ActionMapping: The `FilterDispatcher` uses `ActionMapping` to determine which action
class should handle the request.
4. Interceptors: Before the action method is executed, a series of interceptors are applied.
These interceptors can perform tasks such as validation, logging, and file uploads.
5. Action Execution: The action method is invoked to handle the request. The action
processes the request, interacts with the model layer, and returns a result string.
6. Result Processing: Based on the result string, the framework determines the appropriate
view to render (e.g., a JSP page).
7. Response: The view is rendered and sent back to the client as a response.

Struts 2 Flow Diagram

Below is a simplified flow diagram illustrating the Struts 2 architecture:

Page 29 of 59
Example

Here is a basic example to illustrate the Struts 2 workflow:

1. struts.xml

2. HelloWorldAction.java

Page 30 of 59
3. hello.jsp

Explanation

1. Configuration (struts.xml): Defines an action named `helloWorld` that maps to the

`HelloWorldAction` class. When the action returns `success`, the result `/hello.jsp` is
displayed.
2. Action (HelloWorldAction.java): A simple action class that sets a message and returns
`SUCCESS`.
3. View (hello.jsp): A JSP page that displays the message set by the action.

Page 31 of 59
Summary

Struts 2 simplifies web application development by providing a robust MVC framework with
key components like actions, interceptors, ValueStack, and configuration files. The flow of
Struts 2 involves intercepting client requests, mapping them to actions, executing interceptors
and actions, and finally rendering the appropriate view based on the action's result.

Q6: (a)Explain process of creating records using Spring Boot and Hibernate. (5 Marks)
Ans. Creating Records Using Spring Boot and Hibernate

Spring Boot and Hibernate make it easy to create, manage, and persist records in a database.
Here is a step-by-step guide to creating records using these technologies:

Step-by-Step Process

1. Setup Spring Boot Application:

- Create a Spring Boot project using Spring Initializr (https://start.spring.io/) with
dependencies such as Spring Web, Spring Data JPA, and your preferred database (e.g., H2,
MySQL).

2. Configure Database Properties:

- Configure your database connection in `application.properties` or `application.yml` file.

3. Create Entity Class:

- Define an entity class that maps to a database table using JPA annotations.

Page 32 of 59
4. Create Repository Interface:
- Create a repository interface that extends `JpaRepository` to handle CRUD operations.

Page 33 of 59
5. Create Service Class:
- Create a service class to handle business logic.

6. Create Controller Class:

- Create a REST controller to expose endpoints for creating records.

Page 34 of 59
7. Run the Application:
- Run your Spring Boot application. You can do this by running the main method in your
main application class annotated with `@SpringBootApplication`.

Page 35 of 59
8. Test the Endpoint:
- Use a tool like Postman to send a POST request to `http://localhost:8080/students` with a
JSON body to create a new student record.

- You should receive a response with the created student record, including the generated ID.

Summary

1. Setup Spring Boot: Initialize a Spring Boot project with necessary dependencies.
2. Configure Database: Set database properties in `application.properties`.
3. Create Entity: Define a JPA entity class.
4. Create Repository: Create a repository interface extending `JpaRepository`.
5. Create Service: Implement business logic in a service class.
6. Create Controller: Expose endpoints using a REST controller.
7. Run Application: Run the Spring Boot application.
8. Test Endpoint: Use a tool like Postman to test the creation of records.

This process provides a clean and efficient way to handle database operations in a Spring
Boot application using Hibernate.

(b) Explain how testing of custom login form can be performed with the help of an
example. (5 Marks)
Ans. Testing a Custom Login Form

Testing a custom login form involves verifying that the form correctly processes user inputs,
authenticates users, and handles various scenarios such as successful login, incorrect

Page 36 of 59
credentials, and missing input. Here's an example using a Spring Boot application with
integration tests.

Step-by-Step Process

1. Setup Spring Boot Application:

- Create a Spring Boot project with dependencies like Spring Web, Spring Security, and
Spring Boot Test.

2. Create Login Form and Controller:

- Create a simple login form and a controller to handle login requests.

3. Create Security Configuration:

- Configure Spring Security to manage authentication.

4. Write Integration Tests:

- Use Spring Boot Test to write integration tests for the login form.

Example

1. Setup Spring Boot Project

Generate a Spring Boot project from https://start.spring.io/ with the following dependencies:
- Spring Web
- Spring Security
- Spring Boot Test
- H2 Database (optional for testing purposes)

2. Create Login Form and Controller

Page 37 of 59
LoginController.java

Page 38 of 59
3. Create Security Configuration

SecurityConfig.java

Page 39 of 59
4. Write Integration Tests

LoginIntegrationTest.java

Page 40 of 59
Page 41 of 59
Explanation

1. Setup Spring Boot Project:

- Create a Spring Boot project with necessary dependencies.

2. Create Login Form and Controller:

- `LoginController` handles GET and POST requests for the login form.
- `login.html` is a simple HTML form for user input.

3. Create Security Configuration:

- `SecurityConfig` configures Spring Security to use a custom login page and allows access
to it.

4. Write Integration Tests:

- `LoginIntegrationTest` uses `TestRestTemplate` to test the login functionality.

Page 42 of 59
 - `testLoginWithValidCredentials` checks successful login and redirection to the home
page.
- `testLoginWithInvalidCredentials` verifies the error message is shown for invalid
credentials.

Summary

This example demonstrates how to create and test a custom login form using Spring Boot.
The process includes setting up a Spring Boot project, creating a login form and controller,
configuring Spring Security, and writing integration tests to ensure the login form works
correctly.

Q7: Explain how CRUD operations are mapped to SQL statements, with suitable
example.
(5 Marks)
Ans. Mapping CRUD Operations to SQL Statements

CRUD (Create, Read, Update, Delete) operations are fundamental operations used to manage
data in relational databases. These operations are mapped to SQL (Structured Query
Language) statements as follows:

1. Create (INSERT)

SQL Statement: `INSERT INTO table_name (column1, column2, ...) VALUES (value1,
value2, ...);`

Example:

Explanation: The `INSERT` statement inserts new records into a table. It specifies the table
name and columns into which data will be inserted, followed by the corresponding values.

2. Read (SELECT)

Page 43 of 59
SQL Statement: `SELECT column1, column2, ... FROM table_name WHERE condition;`

Example:

Explanation: The `SELECT` statement retrieves data from a table. It specifies the columns to
be retrieved (or `` for all columns), the table name, and optional conditions to filter the
results.

3. Update (UPDATE)

SQL Statement: `UPDATE table_name SET column1 = value1, column2 = value2, ...
WHERE condition;`

Example:

Explanation: The `UPDATE` statement modifies existing records in a table. It specifies the
table name, columns to be updated with new values, and conditions to identify which records
to update.

4. Delete (DELETE)

SQL Statement: `DELETE FROM table_name WHERE condition;`

Example:

Page 44 of 59
Explanation: The `DELETE` statement removes records from a table. It specifies the table
name and conditions to identify which records should be deleted.

Summary

- Create (INSERT): Adds new records to a table.

- Read (SELECT): Retrieves data from a table based on specified criteria.
- Update (UPDATE): Modifies existing records in a table.
- Delete (DELETE): Removes records from a table based on specified criteria.

These CRUD operations are the building blocks of data manipulation in SQL databases,
providing essential capabilities for managing data effectively. Each operation is mapped to
specific SQL syntax that directly interacts with the database to perform the desired action.

08: (a) Write the unit test case to execute it as a user with RequestPostProcessor for the
URL. pattern ""which returns model attribute with key as "message and value as
"Hello World". (5 Marks)
Ans. To write a unit test case using Spring Framework that verifies the behavior of a
controller method returning a model attribute with key `"message"` and value `"Hello
World"`, we can use `MockMvc` and `Mockito` libraries. Here’s how you can create such a
unit test case:

Example Unit Test Case

Assume you have a controller with a method that sets a message attribute and returns a view
name `"hello"`:

Page 45 of 59
Unit Test using JUnit, Mockito, and MockMvc

Here's how you can write a unit test to verify the behavior of the `hello()` method:

Page 46 of 59
Explanation:

1. Setup Method (`setup()`):

- Initializes the `HelloController` and `MockMvc` for testing.

2. `testHelloEndpoint()`:
- Performs a GET request to `/` (root URL).
- Asserts that the response status is OK (`200`).
- Asserts that the returned view name is `"hello"`.
- Asserts that the model contains an attribute named `"message"`.
- Asserts that the value of the `"message"` attribute is `"Hello World"`.

Steps:

1. Create a Test Class: `HelloControllerTest` in the same package as your main application.

Page 47 of 59
2. Inject Mocks: Use `@InjectMocks` to inject the `HelloController`.
3. Initialize MockMvc: Setup `MockMvc` using `MockMvcBuilders.standaloneSetup()`
method.
4. Write Test Method: Use `mockMvc.perform()` to perform a GET request and use
`MockMvcResultMatchers` to assert expected behavior.

Dependencies:

Make sure you have the necessary dependencies in your `pom.xml` or `build.gradle` for
testing:

- For Maven:

- For Gradle:

Summary:

This unit test verifies that when a GET request is made to the root URL ("/"), the
`HelloController` correctly sets the model attribute `"message"` with the value `"Hello

Page 48 of 59
World"`. This approach ensures that the controller behaves as expected and returns the correct
view and model attributes.

(b) What is Role-based Login? Explain how user's access can be restricted using Role-
based Login (5 Marks)
Ans. Role-Based Login

Role-based login is a security concept where access to resources or features within an

application is restricted based on the roles assigned to a user. Each role defines a set of
permissions or privileges that determine what actions the user can perform. This approach
enhances security by ensuring that users only have access to the functionalities necessary for
their role and responsibilities within the application.

Implementation of Role-Based Login

Role-based login can be implemented in web applications using frameworks like Spring
Security in Java. Here’s how it typically works:

1. Define Roles

Roles are defined to categorize users based on their responsibilities. Typical roles might
include `ADMIN`, `USER`, `MANAGER`, etc. Each role is associated with specific
permissions.

2. Assign Roles to Users

Each user is assigned one or more roles based on their job function or level of authority
within the organization. This assignment is usually stored in a database or directory service.

3. Restrict Access Based on Roles

Access to different parts of the application is restricted based on the roles assigned to the
user. This is typically enforced at the controller or service layer of the application.

Page 49 of 59
Example: Spring Security Configuration

In a Spring Boot application, you can configure role-based access control using Spring
Security. Here’s a simplified example:

Explanation:

- `configure(HttpSecurity http)`: Configures security rules. In this example:

- URLs `/admin/` require the role `ADMIN`.
- URLs `/user/` require either `USER` or `ADMIN`.
- All other URLs require authentication (`authenticated()`).

Page 50 of 59
- `configureGlobal(AuthenticationManagerBuilder auth)`: Provides in-memory authentication
(for demo purposes). In a real application, you would typically authenticate against a
database or LDAP.

How It Works:

1. Login Page: Users authenticate through a login form (`/login` in this example).
2. Authentication: User credentials are validated against configured users and roles
(`user`/`password` with `USER` role, `admin`/`password` with `ADMIN` role).
3. Authorization: Upon successful authentication, access to specific URLs (`/admin/` and
`/user/`) is granted based on the user's role.

Benefits of Role-Based Login:

- Granular Access Control: Users have access only to functionalities relevant to their role,
reducing the risk of unauthorized access.

- Security: Role-based access helps enforce the principle of least privilege, where users have
the minimum permissions necessary for their tasks.

- Scalability: Easily scale access control as the application grows by adding new roles or
adjusting permissions.

- Compliance: Helps meet security and regulatory compliance requirements by ensuring

controlled access to sensitive data or operations.

Role-based login is a robust approach to managing user access in applications, ensuring both
security and flexibility in access control management.

09: Write short notes on the following:

(a) JSP Standard Tag Library (JSTL)
Ans. The JSP Standard Tag Library (JSTL) is a collection of custom tags that encapsulate
core functionality common to many JSP applications. It provides a set of tags to simplify the
development and maintenance of JSP pages by reducing the need for Java code embedded
directly into the JSP files. Here's an overview of JSTL and its key components:

Page 51 of 59
Key Components of JSTL

1. Core Tags (`<c:choose>`, `<c:when>`, `<c:otherwise>`, `<c:if>`, `<c:forEach>`, `<c:set>`,

`<c:out>`, `<c:url>`, `<c:param>`, `<c:import>`, `<c:redirect>`, `<c:catch>`, `<c:remove>`):
- `<c:if>`: Conditionally includes content based on a test condition.
- `<c:forEach>`: Iterates over a collection, such as arrays or lists.
- `<c:set>`: Sets a value in a variable or scope.
- `<c:out>`: Outputs the value of an expression.
- `<c:url>`: Creates encoded URLs.
- `<c:param>`: Adds parameters to a URL.
- `<c:import>`: Includes the content of a resource.
- `<c:redirect>`: Redirects to a new URL.
- `<c:catch>`: Handles exceptions.
- `<c:remove>`: Removes a scoped variable.

2. Formatting Tags (`<fmt:formatDate>`, `<fmt:parseDate>`, `<fmt:setLocale>`,

`<fmt:message>`, `<fmt:bundle>`):
- `<fmt:formatDate>`: Formats a date according to a specified pattern.
- `<fmt:parseDate>`: Parses a date from a string input.
- `<fmt:setLocale>`: Sets the locale for formatting tags.
- `<fmt:message>`: Retrieves and formats internationalized messages.
- `<fmt:bundle>`: Defines a resource bundle for internationalization.

Benefits of JSTL

- Reduces Java Code: JSTL tags reduce the need for embedding Java code directly in JSP
pages, promoting a cleaner separation of presentation logic from business logic.

- Standardization: Being a standard part of JSP, JSTL provides a consistent way to perform
common tasks across different web applications and frameworks.

Page 52 of 59
- Simplicity: JSTL tags are easy to use and understand, especially for tasks like iteration,
conditional rendering, and internationalization.

- Reusability: Encapsulating common tasks in tags promotes code reuse and simplifies
maintenance.

Example Usage

Here’s an example demonstrating the use of JSTL core tags in a JSP page:

Explanation:

Page 53 of 59
- `<c:if>`: Conditionally displays a welcome message if `username` is empty.
- `<c:forEach>`: Iterates from 1 to 5 and displays each number.
- `<c:url>` and `<c:param>`: Constructs a URL `/profile?id=123` and stores it in `url`.

Summary

JSTL simplifies JSP development by providing a set of tags that encapsulate common tasks
such as iteration, conditional rendering, and internationalization. It promotes cleaner and
more maintainable code by reducing the reliance on Java code within JSP files, making it a
valuable tool for web developers working with Java EE applications.
(b) Spring Framework
Ans. The Spring Framework is a comprehensive and widely-used framework for building
enterprise-level Java applications. It provides a robust infrastructure to support the
development of applications by addressing many common problems encountered in
enterprise application development. Here are some key aspects of the Spring Framework:

Core Features

1. Dependency Injection (DI):

- Central to the Spring Framework, DI allows developers to manage object dependencies
explicitly.
- It promotes loose coupling by letting the framework handle the creation and management
of objects.

2. Aspect-Oriented Programming (AOP):

- AOP in Spring enables separation of cross-cutting concerns (e.g., logging, transaction
management).
- Allows for clean modularization of code by separating concerns into aspects.

3. Data Access:
- Spring provides comprehensive support for data access, integrating with JDBC,
Hibernate, JPA, and other ORM tools.
- Includes transaction management support for declarative transaction management.

Page 54 of 59
4. Spring MVC:
- A powerful and flexible web framework for building web applications.
- It follows the Model-View-Controller design pattern, promoting separation of concerns.

5. Spring Boot:
- An extension of the Spring Framework, Spring Boot simplifies the development of stand-
alone, production-grade Spring applications.
- Provides pre-configured templates and embedded servers, minimizing the need for
extensive configuration.

6. Spring Security:
- A framework for securing Java applications.
- Provides comprehensive security services for authentication, authorization, and protection
against common vulnerabilities.

7. Spring Cloud:
- A set of tools for building distributed systems and microservices.
- Supports service discovery, configuration management, circuit breakers, and distributed
messaging.

8. Spring Batch:
- Designed for batch processing, it supports bulk data operations, including large-scale and
enterprise-grade operations.
- Provides reusable functions that are essential for processing large volumes of data.

Benefits of Using Spring

1. Modularity:
- Spring encourages modular design through its layered architecture.
- Developers can use only the modules they need, keeping applications lightweight.

2. Integration:

Page 55 of 59
 - Spring integrates seamlessly with various Java EE technologies and third-party libraries.
- Supports a wide range of data access technologies, messaging APIs, and more.

3. Community and Ecosystem:

- Spring has a large and active community that contributes to a rich ecosystem of projects
and extensions.
- Extensive documentation and numerous resources available for learning and
troubleshooting.

4. Testing:
- Spring’s support for dependency injection and modular design makes unit testing
straightforward.
- Spring provides utilities for integration testing and mock objects.

Common Use Cases

1. Web Applications:
- Building robust and scalable web applications using Spring MVC and Spring Boot.

2. Microservices:
- Developing microservices architectures with Spring Boot and Spring Cloud.

3. Enterprise Applications:
- Implementing large-scale, transaction-oriented enterprise applications with comprehensive
transaction management and security features.

4. Batch Processing:
- Handling large volumes of data processing tasks using Spring Batch.

The Spring Framework’s versatility, combined with its comprehensive set of tools and
consistent programming model, makes it a popular choice for Java developers building
enterprise applications.

Page 56 of 59
(e) Cross Site Request Forgery (CSRF)
Ans. Cross-Site Request Forgery (CSRF) is a type of security vulnerability that affects web
applications. It allows an attacker to trick a user into performing actions on a web application
in which they are authenticated, without the user’s consent or knowledge. Here's a detailed
look at CSRF:

How CSRF Works

1. Authentication Context:
- The user logs into a web application and receives an authentication token (e.g., session
cookie).
- This token is stored in the browser and is automatically sent with each subsequent request
to the web application.

2. Malicious Request:
- The attacker creates a malicious website or script that triggers an unwanted action on the
target web application.
- The malicious content can be embedded in an email, forum post, or another website.

3. Tricking the User:

- The user, while still logged into the target web application, visits the malicious website or
clicks on a crafted link.
- The malicious request is sent to the target web application with the user’s authentication
token, making it appear as if the user intended to perform the action.

4. Execution of Unwanted Actions:

- The web application processes the request because it appears legitimate, using the user's
authentication token.
- This can lead to actions like transferring funds, changing account settings, or other
sensitive operations.

CSRF Attack Example

Page 57 of 59
1. Target Application:
- An online banking application where users can transfer money by submitting a form with
parameters like `amount` and `recipient`.

2. Malicious Website:
- The attacker sets up a website with a hidden form that submits a transfer request to the
banking application.

3. User Interaction:
- The user, logged into the banking application, visits the malicious website.
- The website automatically submits the hidden form, causing the bank to transfer money
from the user’s account to the attacker's account.

Preventing CSRF

1. CSRF Tokens:
- Generate a unique token for each session or request.
- Include this token in all forms and validate it on the server side to ensure the request is
genuine.
- Example: A hidden input field in HTML forms `<input type="hidden" name="csrf_token"
value="unique_token">`.

2. SameSite Cookies:
- Use the SameSite attribute for cookies to restrict them from being sent with cross-site
requests.
- Example: `Set-Cookie: session_id=abc123; SameSite=Strict`.

3. Double Submit Cookies:

- Send a CSRF token in a cookie and as a request parameter.
- Validate that the token in the request matches the token in the cookie.

4. Referer Header Validation:

Page 58 of 59
 - Check the HTTP Referer header to ensure the request originated from a trusted source.
- This method is less reliable due to potential privacy issues and header manipulation.

5. Custom Request Headers:

- Require requests to include custom headers that cannot be set cross-domain.
- Example: AJAX requests with a custom header like `X-CSRF-Token`.

6. User Interaction:
- Require user interaction (e.g., CAPTCHA) for sensitive actions to ensure the request is
intentional.

CSRF in Modern Frameworks

Most modern web frameworks have built-in protection against CSRF. Here are a few
examples:

1. Django:
- Django automatically includes CSRF tokens in forms and checks them on the server side.

2. Spring Security:
- Spring Security provides comprehensive CSRF protection out of the box for web
applications.

3. Ruby on Rails:
- Rails includes CSRF protection by embedding tokens in forms and AJAX requests.

Conclusion

CSRF is a serious security vulnerability that exploits the trust a web application has in the
user’s browser. By implementing proper CSRF defenses, such as tokens, SameSite cookies,
and header validation, developers can significantly reduce the risk of such attacks and protect
their users from malicious activities.

Page 59 of 59