Saturday, December 19, 2009

Things to be remembered before including a file in your JSP page.

Their are 3 ways in J2ee [as for as i know ;)] from which you can include a file inisde your JSP. Let see what is the pros cons of each one.

<@inlcude file="someJunkIncludeFile.jsp">
  • As include is a page directive, you CANNOT pass dynamic values (by using scriplets or EL expressions)
  • It copies all the text which are in the included file (say someJunkIncludeFile.jsp) to the parent page.This happens every time when your parent page is getting recompiled, so make sure that if you have more include in a parent page, and the parent page will be recompiled often, then this may lead you a performance overhead :(
  • In advance containers like Tomcat 6, the container will automatically recompile your parent jsp, if any of your child pages or included pages are updated
  • In XML-based Jsp tags, you can specify the <@include/> as
<jsp:include page="someJunkIncludeFile.jsp"/>

  • JSP Action include can allow the dynamic values (by using scriplets or EL expressions) as a argument.(Thats why they call it as jsp Action include)
  • You can pass dynamic argument values to the include JSP page using param attribute.Below is the example which will pass values to the child page.


  • In your child page you can use the value test in the request scope by accessing.

  • < % =request.getParameter("test") % >

  • You can't pass any input arguments in query string to the child page, when you are including from the parent page


  • In above code test parameter can't be accessed from the child page, as they passed as a input query.
JSTL < c:import url="someJunkIncludeFile.jsp"/ >
  • c:import is 99.99% similar to jsp:include, the only difference i can feel is it can access the resources which are outside your application
  • in the url attribute (name sugest) we need to specify the entire URL of the resource. as below

Wednesday, December 16, 2009

Why Tomcat Container should do this.

I was trying an example with @include and , in Tomcat 6. As we know if you use @include all the content in the child page (my_include.jsp), will be copied to your parent page during translation time, and any changes happens to the child will be reflected only when the parent page get recompiled (due to any changes happens in parent page). I was expecting the same and trying a simple example as below. 

File: parent.jsp
 < html >
 < body>
  I am in parent< %@include file="child.jsp" %>< /br>
   < /body>
 < /html >
File: child.jsp
 I am in Included page...

So when we hit parent.jsp, all the content which is in child.jsp should be copied to page.jsp and it will be compiled. After compiling parent.jsp, if any changes happen in child.jsp will not be displayed until when the parent.jsp is getting recompiled.

When I tried the same, but I was getting a different output, after compiling my parent.jsp and if I make any changes to my child.jsp Tomcat 6 recompiles my parent.jsp again and I was getting the updated changes in child.jsp in the output.

I was searching this topic and found that some of the advance container is friendly and they check if any @included pages are getting updated when a request comes to main (parent.jsp) file. If that so then they recompiling the parent page again. Finally it really important that this scenario was NOT GUARANTEED BY THE SPEC!

Why they do?

* If they containers are doing this (container may thing they are friendly with us), then what’s the difference between @include and in terms of getting the updated content from the child. 
* Doing this may not bring down the performance of the parent page, if the parent page has lots of included file. So any changes in any of the included file, the parent jsp should compile again by coping all the content from all the included jsp files.
* And finally this function is not portable, because this was NOT GUARANTEED BY THE SPEC! 

Any thoughts? Thank You

Thing you should know about jsp:useBean Tag

* When you are using a class in the use bean tag and the class was not found in the given scope say "request", then use:bean tag will NOT throw any exceptions. Insted it will create the class and access the value in it.

* When you want to set a property to a bean, only if the bean is empty. Then your set:property tag shoud be inside the use:bean body tag as below.
So name property will be set only if the men object was not found the page scope, else the setProperty will not be executed.

* You cannot use any abstact Class as your class attribute in your use:bean tag.And the class should follow the Bean Law ;)

* When you want use Reference type to a object in a use:bean Tag, type attribute saves you.below is the example.

Person class which we declared in type attribute can be abstact and should follow the inhertance relasionship with the class attribute. Else thing will blow up ;)
* You can use only type attribute in use:bean without your class attribute ,ONLY IF a object is already avaiable in the scope with the given use:bean id.
if their no attributes aviable in the page scope with the vaue "testvariable", then thing will blow up ;)

* You can easy map the HTML form elements value, to the jsp:setProperty tag by specifying the param attribute. And you can start forgetting request.getParamenter() here after.
* You can easy set all the form HTML tag values to your bean class easly by setting param="*", it will set all the form HTML elemnts values to your bean property.
But with one CONDITION, your name in the HTML form element and the property name in the bean should match.
 * useBean tag, is used mostly to print a string value or to print the primitive types. When you want to access (or play) with a Object inside the bean. Then you need help from EL expression guy.

* We will discuss more about EL Tags in upcoming post ;). Thats it for now ...

Say Hello to EL Functions

EL functions allows you to call a java function from your JSP pages with out using any scripltes(in your JSP).It really important to have a scriplets free JSP pages, which make developer and designer life easy.Below is a simple example of using EL function.

Simple Java Class with Static Method:

* Before calling a method from your JSP page, the method should be public and static.
Below is the code where we defined a class called SimpleELFunctions and static method called sayHello
package com.passion4java.el.functions;
public class SimpleELFunctions {

 public static String sayHello(String test){
  return "Say HELLO Hello EL Function";

TLD files with function tags

below is a simple tld where we have to defined the Class name in function-class tag and  the method signature in function-signature tag.

  java.lang.String sayHello(java.lang.String)

JSP Page

add your tld file uri to @taglib directive and give the prefix name to it. in our example its p4j
When you are calling EL function  first  we have give the prefix name p4j and a :(colon)
* then call the name which  is defined in the tld file under  name tag ending with a () (open and close bracket)
<%@ taglib prefix="p4j" uri="elfunctions" %>
< html >
  < head >
    < title >Say Hello< /title >
  < /head >
  < body >
  < /body >
< /html >

Thats it.. ;)

Friday, December 11, 2009

Securing Your Application Using WEB.XML

When it comes to security we always thing about EJB and other Java security related APIs. But web.xml itself provides you BASIC security control over you web application. If your application is not using any EJB and you need a security control, then web.xml is there to help you ;).

Below is the sample web.xml which does the following things.

    This is the description of my J2EE component
    This is the display name of my J2EE component

      My First Auth

* We defined a Servlet called SimpleServlet
* As the SimpleServlet want to be protected i have to defined a security-constraint for that.
* In security-constraint we have first defined web-resource-collection, where you have to defined name (which is MANDATORY, even thought you don't use it any where ;))
* web-resource-name can be any valid name.
* In url-pattern tag you have defined which are the url-pattern should be protected, you can given n number of url-pattern.
* Once you are done with that, then comes is in what all the request type you have to protect, say I want to protect the data only if the request is GET (that what i defined), you can protect for all the 5 request type.
* Then comes auth-constraint, where you have defined all the roles which have this permissions. You can define roles in tomcat, by changing the /conf/tomcat-users.xml.
* Here is the sample code in /conf/tomcat-users.xml

* We have defined the roles in the Guest level, so we don't need any changes in tomcat-users.xml file
* Then finally comes user-data-constraint tag, where you have to defined how your request and response data should be traveled between you (client) and the server.
* When you give CONFIDENTIAL in transport-guarantee tag, the server will make sure the data transferred between you and the server should not be sniffed by other parties. It uses HTTPS protocol to start the request.
How it works:
* When you hit the server with, it first checks whether the URL request any security check
* By checking the url-pattern inside the web-resource-collection, it finds out.
* it also check the request type in our case we are using GET and it matches.
* Then roles comes, if some roles are defined then it sends back the request to client and again and pops you for the username and password.
* They are 4 different type how you can transfer you username and password to server, which also defined in web.xml (in our web.xml we have not defined that, so going deeper in that)
* Once you got you credentials back from the client, it will check with tomcat-users.xml if it matches or not (for Tomcat server only).
* Then it will make sure which transport method need to be used based on transport-guarantee Tag. it may be HTTP or HTTPS.
Area which i am not clear:

* I not clear how can we configure the role check using database in other servers like weblogic?
* I know that our web.xml redirect us with HTTPS if we have transport-guarantee as CONFIDENTIAL. But not sure how can i setup the HTTPS protocol, so that I can send the data securely.
I just thought of sharing how the security can be configured using you web.xml, if you guys any thoughts, DOUBTS  or any corrections. Please let me know.

Thank you ;)

Wednesday, December 9, 2009

Things to remember in Servlet URL Mapping

Most of the time when we work, we always uses any web MVC framework like struts. And we start forgetting the advantages which are in the web.xml by default.
I just thought sharing about servlet url mapping in web.xml. You may thing this is a very basic in j2ee. That right, however they are some important points which should be remembered ;)
When we map the URL for servlet, always suffix wildcard string will be taken as the first priority than prefix wildcard.
      For above URL two pattern matches in the below weeb.xml file,even SampleServlet matches the long string.Only the SampleServlet2 should get executed.
      So the bottom line is suffix always wins first ;)
Wildcard only before or after /
When you want to apply wildcard (*), it will work only after or before the / in the url mapping.  
The above code will not get matched if we have URL like this
Wildcard at the start or end
You can apply wildcard only at the start or the end, if you try to apply the wildcard in between the url like below.
And trying to call with the URL: , the mapping will not be picked.

Sample Web.xml

    	This is a SampleServlet
    	This is a SampleServlet 2


This content comes from a hidden element on this page.

The inline option preserves bound JavaScript events and changes, and it puts the content back where it came from when it is closed.
Click me, it will be preserved!

If you try to open a new ColorBox while it is already open, it will update itself with the new content.

Updating Content Example:
Click here to load new content