How does the WebSocket protocol handle message framing compared to HTTP?
- Messages are framed using JSON format.
- Messages are framed using XML format.
- Messages are framed using headers and payload.
- Messages are not framed; they are sent as a continuous stream.
The WebSocket protocol handles message framing by using headers and payload, unlike HTTP, where messages are not framed, and they are sent as a continuous stream.
What is the role of @ServerEndpoint annotation in Java WebSocket API?
- It configures the server's endpoint settings.
- It defines the client's endpoint in a WebSocket connection.
- It handles exceptions during WebSocket communication.
- It marks a class as a WebSocket endpoint.
The @ServerEndpoint annotation in Java WebSocket API is used to mark a class as a WebSocket endpoint, allowing the class to handle WebSocket communication on the server side.
How are WebSocket connections initiated in the context of a servlet-based web application?
- They are automatically established when the web application starts.
- They are initiated through a dedicated WebSocket servlet.
- They are initiated using the openConnection() method.
- They require manual configuration in the web.xml file.
WebSocket connections in a servlet-based web application are initiated through a dedicated WebSocket servlet, which is configured to handle WebSocket communication.
What mechanism does WebSocket use to achieve full-duplex communication?
- Long Polling
- Polling
- Request-Response
- WebSocket uses its own protocol
WebSocket achieves full-duplex communication by using its own protocol, which enables bidirectional communication between the client and the server in real-time without the need for constant polling.
A web application uses user input in its search functionality without proper sanitization. Identify the type of XSS vulnerability.
- Blind XSS
- DOM-based XSS
- Reflected XSS
- Stored XSS
In a scenario where user input is stored without proper sanitization, it can lead to Stored XSS vulnerability. This occurs when the malicious script is permanently stored on the target server and served to users who access the affected page.
In a scenario where a user's session cookies are stolen via XSS, what security measures could have prevented this?
- Cross-Site Request Forgery (CSRF) Token
- Data Encryption
- HttpOnly Cookies
- Multi-Factor Authentication (MFA)
The use of HttpOnly Cookies, which cannot be accessed by JavaScript, is a security measure that could have prevented the theft of session cookies via XSS. By restricting access, the impact of XSS attacks on session data can be mitigated.
How can a servlet-based application detect and handle WebSocket upgrade requests?
- By inspecting the payload
- Using the Connection header
- Using the Upgrade header
- WebSockets cannot be used with servlets
A servlet-based application can detect and handle WebSocket upgrade requests by inspecting the Upgrade header in the HTTP request, indicating the intention to switch protocols to WebSocket.
Describe the lifecycle of a WebSocket in a Java web application.
- Connect, Communicate, Disconnect
- Create, Transmit, Terminate
- Handshake, Data Transfer, Termination
- Initialization, Open, Close
The lifecycle of a WebSocket in a Java web application involves a handshake phase, followed by data transfer, and finally, termination. This sequence includes establishing the connection, exchanging data, and closing the connection.
A WebSocket connection is established with a _________ handshake upgraded from an HTTP connection.
- SSL/TLS
- TCP
- UDP
- WebSocket
A WebSocket connection is established with a "WebSocket" handshake upgraded from an HTTP connection.
In Java EE, the _________ method is used to send a message to the connected WebSocket client.
- broadcastMessage()
- sendMessage()
- sendText()
- writeMessage()
In Java EE, the sendMessage() method is used to send a message to the connected WebSocket client.