1. Using the method isUserInRole(), overrides any declarative authorization related to method in which it is invoked – isUserInRole() method itself doesn’t do any authorization.
2. <c:remove scope=”session”> name </c:remove> – value attribute is mandatory for
<c:remove>
3. Benefits of the JSP precompilation is , it avoids initialization on the first request.
4. <error-page>
<exception-type>java.lang.Error</exception-type>
<location>/error.html</location>
</error-page>
– valid value in <exception-type> element is either java.lang.Exception or its subclasses
5. findAttribute(“key”, PageContext.SESSION_SCOPE) – findAttribute() method does not have scope parameter.
6. doAfterBody() is only called on the tags that extends IterationTagSupport – No class exist with the name IterationTagSupport.
7. response.setHeader(new HttpHeader(“X-MyHeader”, “34”)) or response.setHeader(new ServletHeader(“X-MyHeader”,”34″)) – no such methods exist.
8. If your deployment descriptor correctly declares an authentication type of CLIENT_CERT, your users must have a certificate from an official source before they can use application.