5 Replies Latest reply on Apr 22, 2004 2:30 PM by Vladyslav Kosulin

    jsp syntax question

    lords_diakonos Newbie

      I hava a page with the code below

      <%@ taglib uri="http://java.sun.com/jstl/core" prefix="c" %>
      
      <%@ taglib uri="http://java.sun.com/jstl/fmt" prefix="fmt" %>
      
      <%@ taglib uri="http://java.sun.com/jstl/sql" prefix="sql" %>
      
      <%@ taglib uri="http://java.sun.com/jstl/xml" prefix="x" %>
      
      <%@ page import="java.security.Principal" %>
      
      <%!
      public String getName(HttpServletRequest request) {
       Principal user = request.getUserPrincipal();
       String name = user.getName();
       return name;
      }
      %>
      
      <sql:setDataSource var="psql" scope="application" driver="org.postgresql.Driver" url="jdbc:postgresql://10.1.3.10/nbbc1" user="jboss" password="bossj1" />
      <sql:query var="getName" dataSource="${psql}" scope="session" >
       SELECT
       public.tblindividual.firstname
      FROM
       public.tblloginname
       INNER JOIN public.tblindividual ON (public.tblloginname.indlink = public.tblindividual.indid)
      WHERE
       LOWER(public.tblloginname.loginname) = LOWER('<%= getName(request) %>')
      </sql:query>
      <c:redirect url="home.jsp"/>
      I am trying to figure out how on the home.jsp page to display the results from the query on the page above. I have tryed a bunch of different combos without any luck. Would someone please help out a j2ee newbie :-)

        • 1. Re: jsp syntax question
          Vladyslav Kosulin Newbie

          Put the results to the HttpSession attribute.

          Vlad

          P.S. Using dynamic SQL statements in web applications is very dangerous. Just assume that a Principal.getName() return a String like "'; ALTER TABLE public.tblloginname; bla-bl-bla". You should use parameterized PreparedStatement instead of Statement.
          P.P.S. to a jsp with java code is not recommended. The functionality of the page should be moved to a http filter or a servlet.

          • 2. Re: jsp syntax question
            lords_diakonos Newbie

            The query is coming through ok. I have t\checked the log in postgres and it is putting the variable in as it should. My problem is with the home.jsp page. I don't know the syntax to retrieve the result of the query.

            As for using a http filter isn't that just a kind of a servlet? I amfairly new to j2ee and was trying to just start doing things. I am trying to hold to a MVC model I am just using all .jsp. Let me ask yo ua question. If I were to move to a servlet and use jsp as my presentation logic how do I pass the values to a jsp page without putting them in the url?

            Let me give you an example of what I am talking about. I am creating a fairly complicated intranet that is not only managed by a group of about 100 people but the users of it which are about 1000 all have personized data. I need all the colors, pictures, and even teh layout of some things to be movable by the content manager and the users themselves. Alot of the information in the site will be pulling from a Postgres database that serves for all of our applications(we are a college). Anyway so what I am saying is there could be as many as 20 values I need to pass to the presentation logic jsp page and I don't want to do that in the url and I perfer not to pass the users usernames in the url for security reasons. What would be the best way to accomplish what I am trying to do with a servlet?

            • 3. Re: jsp syntax question
              Vladyslav Kosulin Newbie

              Save the query result to an ArrayList, and put it to the HttpSession attribute. Any jsp page can get access to the HttpSession attributes using ${sessionScope.<name_of_attribute>} expression alnguage expression. You should read the specification or some good book on servlets and jsp first.

              And again, don't use dynamic sql!

              Vlad

              • 4. Re: jsp syntax question
                lords_diakonos Newbie

                ok would you take a look at what I have now and tell me why I cannot get the parameter in the jsp page. Here is the code for my serlet

                package nnet;
                
                import javax.servlet.*;
                import javax.servlet.http.*;
                import java.io.*;
                import java.util.*;
                import java.security.Principal;
                
                /**
                 * <p>Title: NNET</p>
                 * <p>Description: Northland Intranet</p>
                 * <p>Copyright: Copyright (c) 2004</p>
                 * <p>Company: NMI</p>
                 * @author not attributable
                 * @version 1.0
                 */
                
                public class home extends HttpServlet {
                
                
                 //Initialize global variables
                 public void init() throws ServletException {
                 }
                
                 //Process the HTTP Get request
                 public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
                
                 Principal user = request.getUserPrincipal();
                 String username = user.getName();
                
                
                
                 request.setAttribute("username",username);
                 RequestDispatcher rd =
                 request.getRequestDispatcher("home2.jsp");
                 rd.forward(request, response);
                
                 }
                
                 //Clean up resources
                 public void destroy() {
                 }
                }
                

                and here is the code for the jsp
                <%@ taglib uri="http://java.sun.com/jstl/core" prefix="c" %>
                <%@ taglib uri="http://java.sun.com/jstl/sql" prefix="sql" %>
                <%@ taglib uri="http://java.sun.com/jstl/xml" prefix="x" %>
                
                <html>
                <head>
                <title>
                index
                </title>
                <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><style type="text/css">
                <!--
                body {
                 margin-left: 0px;
                 margin-top: 0px;
                 margin-right: 0px;
                 margin-bottom: 0px;
                }
                -->
                </style></head>
                <body bgcolor="#008000">
                
                
                <table width="100%" border="1" cellspacing="0" bordercolor="#000000">
                 <tr>
                 <td bgcolor="#FFFFFF"><h1>Welcome to NNET ${username}
                
                 </h1></td>
                
                 </tr>
                </table>
                <br>
                <table width="100%" border="0" cellspacing="0">
                 <tr>
                 <td width="150"> </td>
                 <td> </td>
                 <td width="150"> </td>
                 </tr>
                </table>
                </body>
                </html>

                What is teh syntax to get the jsp page to read the parameter from the servlet??

                • 5. Re: jsp syntax question
                  Vladyslav Kosulin Newbie

                  <c:out value="${requestScope.username}"/>

                  And this is not a parameter. This is an attribute.

                  I guess, we are going off-topic, as this is just a basic jsp stuff, and not JBoss related one. If you have any such questions, it is better to ask me by e-mail: kosulin@yahoo.com

                  Vlad