Common Issues with JSPs and Servlets

Include directive versus include action
There are two ways to include files in a jsp.
1.

<%@include file= (directive)

In this case the two files are combined together before the jsp is compiled. So you can have java as well as taglibs in the included file.
2.

<jsp:include =   (action)

In this case the included file is combined with the main page only after jsp compilation. So whatever the included file contains is simply sent to the browser. One cannot have java or tags in the included file, because the included file is never compiled.

Avoiding caching in jsp pages
To avoid caching of jsp page” use the following HTTP header tags.

response.setHeader("Pragma","no-cache");
response.setHeader("Cache-Control","no-store");

Struts also has a nocache attribute that prevents caching.

Using java.url.net.encoder
Special characters may need to be encoded while using URL rewrite. Otherwise special characters such as a space inside a parameter string may cause some data to get lost.

import java.net.*;
<%
xyz="par1="+URLEncoder.encode(value1)+"&par2="+ URLEncoder.encode(value2)+"&par3="+ URLEncoder.encode(value3);
%>

Note that only parameters are encoded not the entire string.
Then use

<a href='/servlet/com.mattiz.MyServlet?<%=xyz%>'>

Interesting problem with transaction integrity
Problem:
The user is logged in using the flow:
Login.jsp->(submit)->AuthenticationServlet->(RequestDispatcher)->home_page.jsp
Now suppose the user logs out and then presses the back button on the browser window till he reaches Login.jsp (address bar now displays the URL of AuthenticationServlet ) and when he clicks enter he gets logged in again! If response.sendRedirect is used (the address bar shows the URL of the jsp on the address bar instead of the servlet ) this behaviour is not seen.
This behaviour is also seen when a form on a jsp page is submitted. If before the next page loads, refresh is clicked; duplicate data is processed again, such as data entry into a database. Again this is seen with RequestDispatcher, not with reponse.sendRedirect.
Solution:
There are cases when it is essential to use the RequestDispatcher to move from servlet to jsp. If you want the request object to hold request parameters/attributes the only option is to use the RequestDispatcher forward in the servlet. (response.sendRedirect does not retain any request values)
To avoid this we use tokens as follows:
In the page containing the form being submitted include a hidden field with the value:


<%=System.currentTimeInMillis()%>
In the servlet put the logic (to insert into the database) within an if statement like this
if(session.getAttribute("token")==null)||!session.getAttribute("token").equals(request.getParameter("token")))
{
//do processing
//then this last line at the end of if block
session.setAttribute("token",request.getParameter("token"));
}

The explanation of this is as follows:
The first time the jsp is submitted, the hidden field value is passed to the servlet, which does processing and then sets the token value in the session.
If refresh button is clicked the request token value is the same as the session token value and duplicate processing does not happen.
On the other hand if the page is revisited and resubmitted, the request token gets updated with the new value (new current time in Millis) but the session still holds the old value (based on previous visit). In this case control passes through the if block and processing is done again.

Checking whether the user has a valid login
If you need to check whether the user has logged in based on whether the session object is valid or not you would need to structure your jsp page thus:

<%@page session="false"%><!--turns off implicit session object created by JSP -->
<%
//get session if exists; else don’t create a new one if not
javax.servlet.http.HttpSession expSession = request.getSession("false");
//check for session
if(expSession==null)
{
//no access to page=invalid session
forward to login page
}
else
{
//valid session
allow access to jsp contents
}
%>

About cuppajavamattiz
Matty Jacob - Avid technical blogger with interests in J2EE, Web Application Servers, Web frameworks, Open source libraries, Relational Databases, Web Services, Source control repositories, ETL, IDE Tools and related technologies.

Comments are closed.

%d bloggers like this: