I’m torn after reading Murach’s Java Servlets & JSP book, 2nd Ed. I read the first version when I was making the transition from mainframe programming to Java programming and found the information to be extremely helpful for getting up and running very quickly. With the authors’ assistance I had a database server, a servlet container, and a ‘hello world’ web app running within a couple of hours. On the other hand, reading the second edition as an experienced Java developer made me cringe. Ultimately, I have to side with the my experienced side. Especially when I consider how well the format of Murach books tends to make them canonical references and how easy it would have been for the authors to teach better practices.
The cover of the book makes at least three claims:
- Get off to a quick start
- Build professional web sites
- Handle databases like a pro
Get Off to a Quick Start
The authors get off to a great start by helping the reader to download, install, some basic tools including a servlet container, a database server, and an IDE. They guide the reader with step by step instructions for installing both Tomcat and MySQL — bonus points for recommending the latest versions of each. However, I’m stumped by their choice of IDE — NetBeans — and their claims that it is a top notch IDE. Technically, I suppose it is third, but in my experience it’s a distant third well behind Eclipse and IntelliJ.
Build Professional Web Sites
I take issue with much of the material presented in the book and how it lends itself to creating ‘professional’ web sites. For starters, the authors provide an excellent introduction to HTML. Too bad XHTML is the current standard. The authors state that they’d rather discuss HTML than XHTML because they feel that XHTML is too difficult to teach in a single chapter. I thought this was ridiculous, but assumed they would at least promote well-formed HTML — boy, was I wrong. They consistently use of malformed HTML in their examples and go as far as mentioning the lack of unquoted attributes as a good thing! This is bad, but it gets worse because a couple of chapters later they have to discuss well-formed HTML before they can teach the reader how to use JSTL.
The authors discuss both JSP and Servlet technologies in separate chapters and demonstrate how to create ‘complete’ websites with each technology. I suppose this is necessary to teach the underlying technologies, but I wish that the authors had down played their use a little more. They do eventually discuss MVC (model 2) and state that it is a better solution, but they take the easy way out by saying that sometimes straight JSP and straight Servlet implementations are except- able.
My final grumble about creating professional websites has to do with the chapter on custom tags. While using the classic tag mechanism was a pleasure (not!), the simple tag mechanism is exactly what it claims to be — simpler — and much more straight forward. However, the authors only mention the classic mechanism — no mention of SimpleTagSupport and no mention of tag files. Long live SKIP_BODY!
Now for the good stuff… My favorite chapter in the entire book has to be chapter 9 because they give a high-level summary of JavaBeans and JSP tags stating that they are outdated and rarely used anymore — replaced by JSTL. The only reason the authors even mention them is that the reader may need to know about them to support legacy applications. I wish the rest of the book gave more of these disclaimers.
Finally, the authors really do a good job of describing the technologies. I just wish that they’d promote best practices and shun bad ones more often.
Handle Databases Like a Pro
The authors give a good overview of SQL and then move on to coding straight JDBC code. However, they choose to close the connection inside of the try block rather than follow the best practice of closing the connection in the finally block. Also, they mention the differences between Statement and PreparedStatement and seem to lean towards Statement unless there is a need to execute the same statement repeatedly, but throughout the entire discussion there is no mention of cross site scripting prevention as one of the benefits of the PreparedStatement (not that PreparedStatement completely eliminates the threat of XSS, but it greatly reduces it).