In a scenario where a user's session cookies are stolen via XSS, what security measures could have prevented this?
- Cross-Site Request Forgery (CSRF) Token
- Data Encryption
- HttpOnly Cookies
- Multi-Factor Authentication (MFA)
The use of HttpOnly Cookies, which cannot be accessed by JavaScript, is a security measure that could have prevented the theft of session cookies via XSS. By restricting access, the impact of XSS attacks on session data can be mitigated.
How can a servlet-based application detect and handle WebSocket upgrade requests?
- By inspecting the payload
- Using the Connection header
- Using the Upgrade header
- WebSockets cannot be used with servlets
A servlet-based application can detect and handle WebSocket upgrade requests by inspecting the Upgrade header in the HTTP request, indicating the intention to switch protocols to WebSocket.
Describe the lifecycle of a WebSocket in a Java web application.
- Connect, Communicate, Disconnect
- Create, Transmit, Terminate
- Handshake, Data Transfer, Termination
- Initialization, Open, Close
The lifecycle of a WebSocket in a Java web application involves a handshake phase, followed by data transfer, and finally, termination. This sequence includes establishing the connection, exchanging data, and closing the connection.
A WebSocket connection is established with a _________ handshake upgraded from an HTTP connection.
- SSL/TLS
- TCP
- UDP
- WebSocket
A WebSocket connection is established with a "WebSocket" handshake upgraded from an HTTP connection.
In Java EE, the _________ method is used to send a message to the connected WebSocket client.
- broadcastMessage()
- sendMessage()
- sendText()
- writeMessage()
In Java EE, the sendMessage() method is used to send a message to the connected WebSocket client.
The annotation _________ is used to configure the endpoint of a WebSocket server.
- @EndpointConfig
- @ServerEndpoint
- @WebSocketConfig
- @WebSocketEndpoint
The annotation @ServerEndpoint is used to configure the endpoint of a WebSocket server.
A servlet receives a POST request with JSON data. What are the steps to correctly parse and use this data?
- Use the doGet() method and manually parse the JSON data using a JSON library.
- Use the doGet() method and rely on the servlet container to automatically parse the JSON data.
- Use the doPost() method and manually parse the JSON data using a JSON library.
- Use the doPost() method and rely on the servlet container to automatically parse the JSON data.
When handling a POST request with JSON data, it is appropriate to use the doPost() method, and manual parsing is often necessary using a JSON library. The servlet container does not automatically parse JSON data.
The _________ interface in Java EE allows the server to react to WebSocket lifecycle events.
- Decoder
- Encoder
- Endpoint
- Session
The Endpoint interface in Java EE allows the server to react to WebSocket lifecycle events.
To handle binary data in a WebSocket, the _________ method is typically implemented.
- onBinaryMessage
- onClose
- onError
- onTextMessage
To handle binary data in a WebSocket, the onBinaryMessage method is typically implemented.
WebSocket connections are maintained even if the underlying _________ changes, like from HTTP to HTTPS.
- URI
- protocol
- security
- transport
WebSocket connections are maintained even if the underlying URI changes, like from HTTP to HTTPS.