-
1. Re: jsp syntax question
kosulin Apr 21, 2004 8:34 PM (in response to lords_diakonos)Put the results to the HttpSession attribute.
Vlad
P.S. Using dynamic SQL statements in web applications is very dangerous. Just assume that a Principal.getName() return a String like "'; ALTER TABLE public.tblloginname; bla-bl-bla". You should use parameterized PreparedStatement instead of Statement.
P.P.S. to a jsp with java code is not recommended. The functionality of the page should be moved to a http filter or a servlet. -
2. Re: jsp syntax question
lords_diakonos Apr 22, 2004 6:17 AM (in response to lords_diakonos)The query is coming through ok. I have t\checked the log in postgres and it is putting the variable in as it should. My problem is with the home.jsp page. I don't know the syntax to retrieve the result of the query.
As for using a http filter isn't that just a kind of a servlet? I amfairly new to j2ee and was trying to just start doing things. I am trying to hold to a MVC model I am just using all .jsp. Let me ask yo ua question. If I were to move to a servlet and use jsp as my presentation logic how do I pass the values to a jsp page without putting them in the url?
Let me give you an example of what I am talking about. I am creating a fairly complicated intranet that is not only managed by a group of about 100 people but the users of it which are about 1000 all have personized data. I need all the colors, pictures, and even teh layout of some things to be movable by the content manager and the users themselves. Alot of the information in the site will be pulling from a Postgres database that serves for all of our applications(we are a college). Anyway so what I am saying is there could be as many as 20 values I need to pass to the presentation logic jsp page and I don't want to do that in the url and I perfer not to pass the users usernames in the url for security reasons. What would be the best way to accomplish what I am trying to do with a servlet? -
3. Re: jsp syntax question
kosulin Apr 22, 2004 8:31 AM (in response to lords_diakonos)Save the query result to an ArrayList, and put it to the HttpSession attribute. Any jsp page can get access to the HttpSession attributes using ${sessionScope.<name_of_attribute>} expression alnguage expression. You should read the specification or some good book on servlets and jsp first.
And again, don't use dynamic sql!
Vlad -
4. Re: jsp syntax question
lords_diakonos Apr 22, 2004 1:59 PM (in response to lords_diakonos)ok would you take a look at what I have now and tell me why I cannot get the parameter in the jsp page. Here is the code for my serlet
package nnet; import javax.servlet.*; import javax.servlet.http.*; import java.io.*; import java.util.*; import java.security.Principal; /** * <p>Title: NNET</p> * <p>Description: Northland Intranet</p> * <p>Copyright: Copyright (c) 2004</p> * <p>Company: NMI</p> * @author not attributable * @version 1.0 */ public class home extends HttpServlet { //Initialize global variables public void init() throws ServletException { } //Process the HTTP Get request public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { Principal user = request.getUserPrincipal(); String username = user.getName(); request.setAttribute("username",username); RequestDispatcher rd = request.getRequestDispatcher("home2.jsp"); rd.forward(request, response); } //Clean up resources public void destroy() { } }
and here is the code for the jsp<%@ taglib uri="http://java.sun.com/jstl/core" prefix="c" %> <%@ taglib uri="http://java.sun.com/jstl/sql" prefix="sql" %> <%@ taglib uri="http://java.sun.com/jstl/xml" prefix="x" %> <html> <head> <title> index </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><style type="text/css"> <!-- body { margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; } --> </style></head> <body bgcolor="#008000"> <table width="100%" border="1" cellspacing="0" bordercolor="#000000"> <tr> <td bgcolor="#FFFFFF"><h1>Welcome to NNET ${username} </h1></td> </tr> </table> <br> <table width="100%" border="0" cellspacing="0"> <tr> <td width="150"> </td> <td> </td> <td width="150"> </td> </tr> </table> </body> </html>
What is teh syntax to get the jsp page to read the parameter from the servlet?? -
5. Re: jsp syntax question
kosulin Apr 22, 2004 2:30 PM (in response to lords_diakonos)<c:out value="${requestScope.username}"/>
And this is not a parameter. This is an attribute.
I guess, we are going off-topic, as this is just a basic jsp stuff, and not JBoss related one. If you have any such questions, it is better to ask me by e-mail: kosulin@yahoo.com
Vlad