Matt wheeler
Download
1 / 58

Matt Wheeler - PowerPoint PPT Presentation


  • 78 Views
  • Uploaded on

Intermediate JSP. Matt Wheeler. Notes. This is a training NOT a presentation If you have questions please ask them Prerequisites Introduction to Java Stack Basic Java and XML skills Introduction to JSP Installed LDSTech IDE (or other equivalent). Overview. Review Scriptlets

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Matt Wheeler' - kirby-richard


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Matt wheeler

Intermediate JSP

Matt Wheeler


Notes
Notes

  • This is a training NOT a presentation

  • If you have questions please ask them

  • Prerequisites

    • Introduction to Java Stack

    • Basic Java and XML skills

    • Introduction to JSP

    • Installed LDSTech IDE (or other equivalent)


Overview
Overview

  • Review

    • Scriptlets

    • Expressions

  • Expression Language (EL)

  • Taglibs (JSTL, Spring, Stack)

  • Custom taglibs

    • Functions

    • Templating


Review
Review

  • Scriptlets

  • Expressions


Scriptlets
Scriptlets

  • Scriptlets are code in a JSP page (delimited with <% %>)

  • Will be compiled into the service method of the resulting servlet

  • Lets look at a simple example

<%

String user = request.getAttribute(“loggedInUser”);

if (user != null) {

%>

Welcome

<%

}

%>


Expressions
Expressions

  • Like scriptlets but evaluate a singular Java expression and return the result

  • Result must be a String or convertible to a String

    • The syntax is as follows: <%= expression %>

  • For example:

<%= someBean.something%>

<%-- Or we could enhance our previous example --%>

<%

String user= request.getAttribute(“loggedInUser”);

if (user != null) {

%>

Welcome <%= user %>

<%

}

%>


Disadvantages
Disadvantages

  • Maintenance, maintenance, maintenance

    • Difficult to read

    • Difficult to understand

  • Not testable

  • Not reusable

  • Difficult to refactor

  • Tightly coupled UI and back end code

  • The long version can be found here:

    • http://www.javaranch.com/journal/200603/Journal200603.jsp#a5


Expression language el
Expression Language (EL)

  • The expression language is meant to provide easy access within a JSP page to application data/logic in JavaBeans

  • EL is really the bridge between the model and the view and allows for separation of concerns

  • For detailed information on the JSP EL please see: http://download.oracle.com/javaee/6/tutorial/doc/gjddd.html


El continued
EL (continued)

  • Use of EL will help mitigate too much logic in JSP pages

  • EL allows access to properties and attributes of:

    • JavaBeans

    • Collections

    • Implicit objects

//accessing a JavaBean

${someBean}

${someBean.someProperty}

//accessing a value of a map with key of someKey

${someBean.map['someKey']}

//accessing an implicit object (request)

${request.param}


El javabeans
EL (JavaBeans)

  • EL looks for a specified bean in all scopes (request, session, application) to resolve the expression

    • ${someBean.whatever}

  • After a bean/resource named someBean is found EL attempts to access the whatever property of the bean

public class SomeBean {

private String whatever;

public String getWhatever() { return this.whatever; }

public void setWhatever(String whatever) {

this.whatever = whatever;

}

}


El collections
EL (Collections)

  • EL provides special syntax for accessing items in lists or maps

  • List properties can be accessed with array notation

  • Map items can be accessed with map or dot notation

${someBean.someList[0]} //access the first item in the list

${someBean.someMap['key']} //access the item in the map with key of 'key'

${someBean.someMap.key} //equivalently use dot notation for the same result


El implicit objects
EL (Implicit Objects)

  • Objects exposed for reference in EL without any extra work or configuration from the developer

  • Some of these objects include:

    • pageContext, request, session, application, pageScope, requestScope, sessionScope, applicationScope, param, paramValues, header, headerValues, cookie, cookies, initParam, exception

${requestScope['nameOfSubmitted']} //extracts value for attribute of given name

${param['nameOfRequestParam']} //gets value off the url for the given name

${header['Accept-Language']} //find value for header with name Accept-Language

${initParam['paramName']} //gets the value of the initParam with name paramName

${pageContext.request.servletPath} //gets the servlet path from the request


El operators
EL (operators)

  • While most of the view logic will be in JavaBeans, EL allows for limited logic in the view

  • EL provides some basic operators

    • Logical: &&, ||, !, and, or not

    • Comparison: ==, !=, <, >, <=, >=, eq, ne, lt, gt, ge, le

    • Conditional (turnary): test ? result1 : result2

    • Arithmetic: +, -, *, /, div, %, mod, E

    • Empty: empty, null

  • For operator precedence, please see: http://download.oracle.com/javaee/6/tutorial/doc/bnaik.html


El operators1
EL (operators)

  • Some examples

${someBean.administrator && someBean.owner}

${someBean.count > 0}

${someBean.count + 1 % 2}

${someBean.count * .1 gt 50 && (someBean.payTaxes || someBean.goToJail)}

${4.0 eq (3 + 1)/1}

${someBean.map['someKey']}


El evaluation
EL (Evaluation)

  • There are multiple implicit resolvers that attempt to handle EL expressions

  • In general, say we are resolving ${someBean.abc}

  • One of the EL resolvers will, grab the first portion someBean

    • Will look for an implicit object of that name

    • Will then look for a bean of that name

    • Once found, it will look for a property on that name or implicit object (abc) and get that value


Lab 1
Lab 1

https://tech.lds.org/wiki/Intermediate_JSP#Lab_1_Expression_Language_.28EL.29


Taglibs
Taglibs

  • Primary goal of taglibs it to provide reusable functionality

    • Through reusable tag elements

    • Through functions that extend EL

  • Simplifies jsp pages making them more readable / maintainable by separating logic from the page’s presentation


Basic usage
Basic Usage

  • Taglibs

    • Declare the namespace

    • Use the tag

  • Functions

    • Declare the namespace

    • Use the function

<%@ taglib prefix="web" uri="http://code.lds.org/web" %>

<web:display-exception style="font-style: italic" />

<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>

${fn:join(array, ', ')}


What did these save us
What did these save us?

  • Without the taglib

<%@ page import="java.io.PrintWriter" %>

<%

String style = pageContext.getRequest().getAttributes(“exceptionStyle”);

if (style == null || "".equals(style.trim())) {

out.write("<pre style=\"font-style: 'Helvetica'; word-wrap: break-word; … \">

} else {

writer.write("<pre style=\"" + style + "\">");

}

if (pageContext.getException() == null) {

out.write("No exception was available to print.");

} else {

pageContext.getException().printStackTrace(new PrintWriter(out));

}

out.write("</pre>");

%>


What did this save us
What did this save us?

  • Without the function

<%!

public String join(String[] array, String separator) {

if (array == null) return "";

if (separator == null) separator = "";

StringBufferbuf = new StringBuffer();

for (int i=0; i<array.length; i++) {

buf.append(array[i]);

if (i < array.length-1) buf.append(separator);

}

return buf.toString();

}

%>

<%

String joined = join(someArray, “,”));

%>


Jsp include
JSP Include

  • Allows you to include static or dynamic resources in a JSP page

    • Facilitates reuse

    • Allows separation into manageable pieces

    • Two include mechanisms available in JSP

      • <jsp:include page="some.jsp" />

      • <%@include file="some.jsp" %>


Jsp include1
jsp:include

  • Executes the included content and then includes the result in the containing JSP page

//include.jsp

Include me, include me! ${parentValue}

//include-demo.jsp

<!DOCTYPE html>

<html>

<body>

<%

String parentValue = “Something spectial";

pageContext.setAttribute("parentValue", parentValue);

%>

<jsp:include page="/include.jsp" />

</body>

</html>

//resulting output: Include me, include me!


@include directive
@include (directive)

  • Includes the content and then executes the page

    • Can depend on (or conflict) with variables in the containing page

    • Page takes a relative url

//include.jsp

Include me, include me! ${parentValue}

//include-demo.jsp

<!DOCTYPE html>

<html>

<body>

<%

String parentValue = “Something special”;

pageContext.setAttribute("parentValue", parentValue);

%>

<%@ include file="include.jsp" %>

</body>

</html>

//resulting output: Include me, include me! Something special


Additional info
Additional info

  • Also note that using the jsp:include, parameters can be passed to the included page as follows:

  • For more info on jsp:include: http://java.sun.com/products/jsp/syntax/1.2/syntaxref1214.html

  • For more info on @include: http://java.sun.com/products/jsp/syntax/1.2/syntaxref129.html#997991

<jsp:include page="/include.jsp">

<jsp:param name="parameterName" value="parameterValue " />

</jsp:include>


Demo

DEMO


Common taglibs jstl
Common Taglibs (JSTL)

  • JavaServer Pages Standard Tag Library (JSTL) taglibs for many common web use cases

    • Core

    • Xml processing

    • Internationalization and formatting

  • For more info: http://download.oracle.com/docs/cd/E17802_01/products/products/jsp/jstl/1.1/docs/tlddocs/index.html


Core tags c out
Core Tags (c:out)

  • c:out evaluates an expression and outputs it to the JspWriter

    • Allows you to provide a default

<c:out value=”${someBean.someProperty}” default=”Empty” />


Core conditionals
Core (conditionals)

  • c:if – executes based on the result of the test attribute

  • If / else equivalent (choose, when, otherwise)

<c:if test="${someBean.day < 12 && someBean.hour > 2}">

Party time

</c:if>

<c:choose>

<c:when test="${empty someBean.results}">

Display this if there are no results

</c:when>

<c:otherwise>

Display all of the results

</c:otherwise>

</c:choose>


Core looping and iteration
Core (Looping and Iteration)

  • c:forEach – loops over an array, Collection, Iterator, Enumeration, Map, String of comma separated values

<c:forEach var="result" items=“${results}">

<tr>

<td>${result.property1}</td><td>${result.property2}</td>

</tr>

</c:forEach>


Core c set
Core (c:set)

  • Facilitates scoped variable manipulation

  • Sets the value of the given key in the given scope

    • Basically equivalent to:

    • Value can also be provided as the body content of the tag

    • If var is null (i.e. not specified – var="null" will set the attribute to the String "null") the value is removed

<c:set var="key" value="${header['User-Agent']}" scope="session" />

<% pageContext.session.setAttribute("key", ${header['User-Agent']} ); %>

<c:set var="key" scope="session">

<c:if test="${admin}">

Append confidential data

</c:if>

</c:set>


Core c set1
Core (c:set)

  • <c:set> - can also be used to set a property on a scoped object

<c:set target="someBean" property="something" value="awesome" />


Core urls
Core (Urls)

  • <c:url> - Aids in constructing correctly formatted URLs with encoding applied

  • <c:param> - Often used in correlation with c:url to add query parameters to the url

    • Note that the name and value are URL encoded by default (more later)

  • For example:

<c:url value="http://www.whatever.com/whatever.jsp">

<c:param name=“&apathy" value="&don'tcare" />

<c:param name=“@ignorance" value="@don'tknow" />

</c:url>

Result would be something like:

http://www.whatever.com/whatever.jsp?%26apathy=%26don'tcare&%40ignorance=%40don'tknow;jsessionid=123456789


Core

  • Internationalization and Formatting Taglib

    • Provides support for internationalization related functions such as:

      • Locales, resource bundles, and base names

  •  Xml Processing Taglib

    • Provides support for basic xml processing as well as xml flow control and transformations


Jstl functions
JSTL Functions

  • For more info: http://download.oracle.com/javaee/5/jstl/1.1/docs/tlddocs/


Other useful taglibs
Other Useful Taglibs

  • Spring taglibs

    • http://static.springsource.org/spring/docs/3.1.0.M1/spring-framework-reference/html/spring.tld.html

  • Stack Security taglib

    • JSP doesn’t defend against xss like JSF did (i.e. encode all output)

    • In JSF everything output with an h:outputText was encoded by default

    • In JSP you have to take special care to encode values that are displayed to avoid cross site scripting errors


Xss the problem
XSS: The Problem

  • In short, cross-site scripting is when user entered data executes as a script instead of being displayed as text

  • For example:

    • Assume a page takes a parameter on the url and displays it

    • And then in your page, you put ${param.userInput}

    • Instead of showing on the page as text this will actually become a script in the page and be executed displaying an alert to the user

    • For more info: http://en.wikipedia.org/wiki/Cross-site_scripting

http://whatever.com/?userInput=<script>alert('You should encode this silly.');</script>


Xss avoidance
XSS: Avoidance

  • To avoid this, all output (especially user entered data) should be encoded before it is displayed

  • Stack provides following encoding functions

  • Or in code

  • More comprehensive information:

    • https://tech.lds.org/wiki/Java_Stack_Security_%28Encoding%29_Tech_Tip

    • http://code.lds.org/maven-sites/stack/module.html?module=security-web/index.html

<%@ taglib prefix="ssw" uri="http://code.lds.org/security/web" %>

${ssw:encodeHtml(param.something)}

${ssw:encodeAttribute(param.something)}

${ssw:encodeJS(param.something)}

EncodingUtils.encodeHtml(String input);

EncodingUtils.encodeAttribute(String input);

EncodingUtils.encodeJS(String input);


Other stack provided taglibs
Other Stack Provided Taglibs

  • Other taglibs

    • message-source

    • xsrfToken

    • display-exception


Lab 2
Lab 2

https://tech.lds.org/wiki/Intermediate_JSP#Lab_2_Taglibs


Custom taglibs
Custom Taglibs

  • Example

  • As the page is being processed, the tag is read, mapped to the appropriate taglib handler, and processed

  • Further note that hello maps to a tag class (org.lds.stack.whatever.web.HelloTag) that processes the tag

<%@ taglib prefix="what" uri="http://code.lds.org/whatever/web" %>

<what:hello formal="true" />


Associated tld file
Associated tld file

<?xml version="1.0" encoding="UTF-8" ?>

<taglibxmlns="http://java.sun.com/xml/ns/javaee"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd"

version="2.1">

<description>Tag library for stack security web.</description>

<tlib-version>1.0</tlib-version>

<uri>http://code.lds.org/whatever/web</uri>

<tag>

<description>Spits out hello.</description>

<name>hello</name>

<tag-class>org.lds.stack.whatever.web.HelloTag</tag-class>

<body-content>empty</body-content>

<attribute>

<description>Whether hello formal or informal</description>

<name>formal</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

</tag>

</taglib>


Taglib class hellotag
Taglib class (HelloTag)

  • HelloTag

public class HelloTag extends BodyTagSupport {

private Boolean formal;

public intdoStartTag() throws JspException {

try {

if (formal) {

String username = (String) ((HttpServletRequest) pageContext.getRequest()).getAttribute("currentUser");

pageContext.getOut().write("Good day to you " + username);

} else {

pageContext.getOut().write("Howdy Partner. ");

}

} catch (IOException e) {

throw new JspException("Error: IOException while writing to client");

}

return SKIP_BODY;

}

public void setFormal(Boolean formal) {

this. formal = formal;

}

}


Functions
Functions

  • Sometimes a taglib might be overkill and all that is needed is some calculation or processing

  • You may not want to embed that code in the page, particularly if it is reusable

  • Accordingly EL functions allow you to call a static Java function to perform the processing


Functions example
Functions (example)

  • Suppose you have a class with static methods

  • In a tld file define the function for use in JSP

  • Then in the JSP page use the function as follows

public class MiscUtils {

public static String concat(String one, String two) {

return one+two;

}

}

<function>

<description>Concatenates two strings into one.</description>

<name>concat</name>

<function-class>org.lds.stack.web.util.MiscUtils</function-class>

<function-signature>java.lang.Stringconcat( java.lang.String, java.lang.String )</function-signature>

</function>

<%@ taglib prefix="util"uri="http://code.lds.org/web" %>

Hello ${util:concat(param.firstName, param.lastName)}


Tag files taglets
Tag Files (Taglets)

  • Simpler way to create taglibs

  • Better for content driven tags as opposed to complex logic tags

  • Tag files are not quite as powerful as the regular tag approach

    • However they are much simpler to create

    • For instance you cannot put a scriptlet in a taglet


Tag files taglets1
Tag Files (Taglets)

  • Basically you create a .tag file in WEB-INF/tags (or a subdirectory)

    • The container then makes it available as a JSP taglib

  • It uses the name of the file as the tag name by default and the namespace points to a tagdir instead of a uri

  • Lets re-create our hello tag using this approach

<%@ taglib prefix="tags" tagdir="WEB-INF/tags"%>

<%@ taglib prefix="util" uri="http://code.lds.org/web" %>


Tag files taglets2
Tag Files (Taglets)

  • We would create a file named hello.tag and place it in WEB-INF/tags (maybe put Hello! in it)

    • WEB-INF/tags/hello.tag

  • And that is it, believe it or not, it is ready for use

<!DOCTYPE html >

<%@tag description="Base Template Tag" pageEncoding="UTF-8“ %>

Hello!

<%@ taglib prefix="tags" tagdir="WEB-INF/tags"%>

<tags:hello /> <%-- Which of course will print the very useful Hello! --%>


Tag files taglets3
Tag Files (Taglets)

  • In out hello.tag file we can add an attribute as follows:

  • Then you would add some logic to the tag (hello.tag):

<%-- this directive only valid in tag files --%>

<@% attribute name="formal" required="false" rtexprvalue="true" %>

<%-- Replace Hello! with the following --%>

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>

<c:choose>

<c:when test="${formal} ">

Good day ${request.currentUser}

</c:when>

<c:otherwise>

Howdy partner

</c:otherwise>

</c:choose>


Tag files
Tag Files

  • Now our new tag can be used as follows:

  • Notice that the tag is really just a basic jsp file, but that you can customize with the attributes specified

<%@ taglib prefix="tags" tagdir="WEB-INF/tags"%>

<tags:hello formal="true" />

//or

<tags:hello>

<jsp:attribute name="formal" value="${user.formal}" />

</tags:hello>


Jsp dobody
<jsp:doBody />

  • Define a portion of the tag that can be overridden by the user of the tag

    • bodytest.tag

  • This tag could be utilized as follows:

Before body content

<jsp:doBody />

After body content

<%@ taglib prefix="tags" tagdir="WEB-INF/tags"%>

<tags:bodytest>

My body content

</tags:bodytest>

<%-- or if you have other content in the body --%>

<tags:bodytest>

<jsp:attribute name="whatever" value="Good stuff"/>

<jsp:body>My body content</jsp:body>

</tags:bodytest>


@ attribute
<@% attribute %>

  • This directive is only valid in a tag file

  • Possible attributes

    • name – name by which to reference the attribute

    • required – whether or not an error should be thrown if the using tag does not specify this attribute

    • rtexprvalue – whether or not this attribute can take an EL (runtime) expression

    • type – specifies the runtime type of the attribute’s value – defaults to java.lang.String


@ attribute1
<@% attribute %>

  • fragment - Whether this attribute is a fragment to be evaluated by the tag handler (true) or a normal attribute to be evaluated by the container prior to being passed to the tag handler

    • If true do not specify the rtexprvalue as the container fixes it to true

    • If true do not sepcify the type attribute as the container fixes it to javax.servlet.jsp.tagext.JspFragment

    • Default value is false

  • For more info:

    • http://java.sun.com/products/jsp/syntax/2.0/syntaxref208.html#997991


  • Attributes
    Attributes

    • For example

    • Utilize the attribute as follows:

    <%-- this directive only valid in tag files --%>

    <@% attribute name="content"required="false" fragment="true" %>

    Some content

    <jsp:doBody />

    More content

    <jsp:invoke fragment="content" />

    <%@ taglib prefix="tags" tagdir="WEB-INF/tags"%>

    <tags:bodytest>

    <jsp:attribute name="content">My attribute content</jsp:attribute>

    <jsp:body>My body content</jsp:body>

    </tags:bodytest>

    <%--

    Output would be:

    Some content

    My body content

    More content

    My attribute content

    --%>



    Templating
    Templating

    • Tag file – template.tag

    <!DOCTYPE html >

    <%@tag description="Base Template Tag" pageEncoding="UTF-8"%>

    <%@include file="/WEB-INF/views/includes/init.jsp" %>

    <%@attribute name="head" required="false" fragment="true"/>

    <%@attribute name="title" required="false"rtexprvalue="true"/>

    <html xmlns="http://www.w3.org/1999/xhtml">

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

    <title>${title}</title>

    <jsp:include page="/WEB-INF/views/includes/brains.jsp"/>

    <jsp:invoke fragment="head"/>

    </head>

    <body>

    <jsp:include page="/WEB-INF/views/includes/header.jsp"/>

    <div class="ixf-panels">

    <jsp:doBody />

    </div>

    </body>

    </html>


    Tag file usage
    Tag file usage

    • Use tag file as a template – index.jsp

    <%@include file="/WEB-INF/views/includes/init.jsp" %>

    <%@taglib prefix="tags"tagdir="/WEB-INF/tags" %>

    <tags:template title=”Freak Show”>

    <jsp:attribute name="head">

    <script data-main="scripts/main"src="scripts/jquery.js"></script>

    </jsp:attribute>

    <jsp:body>

    How do you like me now?

    </jsp:body>

    </tags:template>


    Lab 3
    Lab 3

    https://tech.lds.org/wiki/Intermediate_JSP#Lab_3_Custom_Taglibs


    Credit where credit is due
    Credit where credit is due

    • Oracle

    • Pro JSP 2

      • Simon Brown, Sam Dalton, Daniel Jepp, Dave Johnson, Sing Li, Matt Raible

    • http://java.sun.com/products/jsp/syntax/2.0/syntaxref20.html

    • http://www.javaranch.com


    ad