Dynamic Images in Servlets and JSP Pages

How to get response from a servlet that resides in another application.

Find it here

How to prevent Duplicated Login

Find it here and here

How can we share information between two web applications

Check out here , here and here

Form based Authentication and Declarative Security and
Authentication Type
Mix protocols transparently in Web applications

How to set response code in the response.

For example when you redirect from a servlet to a jsp page, default redirect response code will be (302 - Moved Temporarily). How to set this to 301 programatically.

response.setStatus(response.SC_MOVED_PERMANENTLY);

Http Response Headers

Thread-I
Thread-II
Thread-III

What's the difference between using member variables and static variables in Servlet code.

Doesn't make much difference. Both serve the same purpose. You can learn more about it
Here

Why its NOT advisable to use static(class) variables in programs.

Learn it here

URLRewriting and Cookies in Session Tracking

Thread-I

Thread-II

How far will Attributes that are shared in a session object without synchronizing on the session object affect a multi-user web-site.

Using session objects without synchronization is technically not thread safe, as we all know... Well written code will synchronize on the HttpSession when working with session objects. However, not doing this will really only cause problems when the same client opens up two browser windows at the same time... so it doesn't matter how many people are using the site concurrently. The client may corrupt his session data by having multiple windows open

Servlet Declarative Security Notes

web-resource-collention> has NO http-method> sub-element

Scenario-I

WithOut auth-constraint> sub-element of security-constraint> element:
Everyone are allowed; Anyone in any role has access to the resource specified by the url-pattern> sub-element. The browser will NOT demand UserName/Password.

Scenario-II

With auth-constraint> sub-element of security-constraint> element:
All request to the specified resouce(all Http methods since there is no http-method> sub-element available) identified by the url-pattern> sub-element will be Constrained. The browser will request UserName/Password. Any request without correct UserName/Password will fail to get access to the resource.

web-resource-collention> has http-method> sub-element

Scenario-I

WithOut auth-constraint> of security-constraint> element:
Everyone are allowed; Anyone in any role has access to the resource specified by the url-pattern> sub-element. The browser will NOT be asking for UserName/Password

Scenario-II

With auth-constraint> sub-element of security-constraint> element:
All request to the specified resouce identified by the url-pattern> will be Constrained. The browser will request UserName/Password. Any request without correct UserName/Password will fail to get access to the resource.

NOTE:

The auth-constraint> element does NOT define which roles are allowed to access the resources defined in url-pattern>. Instead, it defines which roles are allowed to make the constraint request. Don't think Bob is a member, so Bob can access the AddRecipe servlet. Instead, say "Bob is a Member, so Bob can make a GET o POST request on the AddRecipe servlet.

If you specify an http-method> element, all the HTTP methods which you didn't specify are UNConstrained.

Check this Thread

Threads in Servlet

When to use an init() and when to use a Listener to initialize code.

Thread-I

Thread-II