JS) How are servlets and JSP pages related? Toc
JSP pages are focused around HTML (or XML) with Java codes and JSP tags inside them. When a Web server this has JSP support is asked for a JSP page, it checks to the if it has already compiled the page into A servlet. Thus, JSP pages become servlets and are transformed into pure Java and then compiled, loaded to the server and executed. Different JSP implementations do this in the more or less efficient ways.
Any good web sites for up to date activities into the Java/jsp/servlet world? Toc
The following Web sites contain information about JSP:
An IBM Tutorial on jsp:http://www.software.ibm.com/developer/education/java/online-courses.html
An IBM Red book:http://www.redbooks.ibm.com/abstracts/sg245423.html
Other IBM information:http://www.software.ibm.com/webservers/appserv/doc/v20dcadv/doc/index.html
Jsp-resource information-http://www.jspin.com/is quite comprehensive on sites and articles.
JSP Tags is a site for taglibs-http://jsptags.com/
The following Web sites focus on JSP solutions
Servlets taverne-http://www.interpasnet.com/jss/
Oi Servlet World-http://i.am/servletforme
Web Development with jsp-http://www.burridge.net/jsp/
How does I force a user to log in? Toc
From:andre Richards <AndreRic@MWEB.CO.ZA>
I did as follows:
On every page which must is authenticated, I check for a user ID in the session object-if it doesn ' t exit, I do a redire CT to a login page, passing the URL the user is trying to access as a parameter.
On the login page, if the user successfully logs in, I create a sessions for him/her, and add the user ID to the session. I then redirect the original page the user tried to access. This way, even if the user bookmarks a page, he/she'll be asked to login once the session has become.
Some Code:
On every page I add the following:
HttpSession session = Request.getsession (true);
if (Session.getvalue ("CustomerID") = = null) {
Response.sendredirect (Response.encoderedirecturl
("Login.jsp?") Origin=shareportfolio.jsp "));
}
else {
The rest of the page ...
In login.jsp once the user has provided the correct logon credentials:
Session.putvalue ("CustomerID", CustomerID);
Response.sendredirect (Response.encoderedirecturl) (Request.getparameter ("Origin"));
--------------------------------------------------------------------------------
Another developer has a different approach:
From:christopher Cobb <ccobb@usgs.gov>
After researching several approaches, I have finally settled on the following approach. I would like to hear how others
are solving this problem. (FAQ maintainers note:this syntax won ' t work with JSP 1.0)
1. User accesses guardedpage.jsp via
http://localhost/path/to/GuardedPage.jsp
2. guardedpage.jsp includes a login checking page:
<!--#include file= "/admin/" file= "loginchecker.jsp"-->
Every page that needs to being login-protected should include this file (which, depending on how your the site is set up
Every page.)
3. loginchecker.jsp accesses a bean that does the login checking:
<usebean lifespan= "session" name = "Loginchecker type=" package. Loginchecker ">
<setfromrequest beanproperty = "*" >
</USEBEAN>
4. The Loginchecker bean has a property ' LoggedIn '. (It also has properies for Username and Password, and a
ProcessRequest () method, which are used later).
Loginchecker.jsp checks the value of the LoggedIn property. If It is isn't true (i.e., the user is not logged in), a login
Page is displayed:
<excludeif property = "Loginchecker:loggedin" value = "true" >
<form action= "/servlet/dbaccess/path/to/guardedpage.jsp" method= "POST" >
Username: <input name= "Username" size= "maxlength=" >
Password: <input type= "Password" name= "Password" size= "" "Maxlength=" >
<input type= "Submit" Name= "Loginuser" value= "Submit" >
</FORM>
</excludeif>
The through, this bean would be ' empty ' and the LoggedIn property won't be set. The login form would therefore
Be displayed.
5. There is a little trick the action clause above. When the user types in his login info and presses submit, the
Invoked URL is
/servlet/dbaccess/path/to/guardedpage.jsp
The action passes through the servlet DBAccess, then continues on to our original page. This servlet does no more
than attach an open database connection to:
Session.putvalue ("open.connection", connection);
The servlet then picks up the trailing part of the URL with:
String Trailingurl = Request.getpathinfo ();
It then calls forward () to pass control and back to the requested page. In this example, the new page happens to be the same
As the page we came from.
Getservletconfig (
). Getservletcontext (
). Getrequestdispatcher (Response.encodeurl (Trailingurl)
). Forward (Request,response);
6. Now we are original page and the Logginchecker Bean gets invoked again. Because of the:
<setfromrequest beanproperty = "*" >
In the Loginchecker Usebean tags, and because our username and password field names at the loginchecker.jsp page match our
The bean ' s property names, the username and password, the user typed in get ' magically ' populated in the corresponding
Properties of the Bean.
7. The Loginchecker Bean has a ProcessRequest () method which checks to the if a username and password has been.
If so (and if we are are not logged in), it performs a database lookup to log the user in. If The lookup is successful, the
LoggedIn is set to true.
8. We are finally back to our guardedpage.jsp page. It would probably not want to display itself unless the user is logged
In. The page should therefore only to included if LoggedIn is true:
<includeif property= "Loginchecker:loggedin" value= "true" >
The contents of guardepage.jsp are displayed only if LoggedIn is true.
</includeif>
We ' re done! GUARDEDPAGE.JSP is only displayed if the user was logged in. If the user is not logged in, a login to page is
displayed, which if successful, returns the user to the original page.
9. There is one small cleanup which are needed in step 4. As coded above, a passthrough servlet is used to attach a
Database connection to the session. If the user repeatedly fails to login, the servlet prefix'll get repeatedly
Pre-pended to the URL. Furthermore, the ' current page ' was hardcoded into the loginchecker.jsp page which restricts it ' s
Reusability. A little JavaScript fixes both of these problems. The following JavaScript should is used in place of the
<FORM> tag in step 4. Above.
<script language= "JavaScript" >
<!--
if (Document.location.pathname.indexOf ("/servlet/package. DBAccess ") = = 0)
document.write (
' <form action= ' +
Document.location.pathname +
' "method=" post ">");
Else
document.write (
' <form action= '/servlet/package. DBAccess ' +
Document.location.pathname +
' "method=" post ">");
-->
</script>
How can I newbie get started with JSP? Toc
The QuickStart section of the JSP book at Http://www.esperanto.org.nz/jspbook
How can I ensure which session objects stay in existence when the Web server restarts? Toc
There is no requirement so a session object would stay around as far as I can tell, but some Web servers would serialize O Bjects if they support the serialization interface.
How can I include one JSP inside another JSP? Toc
JRUN, Servletexec and gnujsp allow to specify (it is in the 0.91 spec):
<%@ include= "./header.jsp"%>-where header.jsp is the file you want to include.
The spec does say that it supports NCSA style includes as in
<!--#include virtual= "/pathfromdocdir/" file= "copyright.html"-->
<!--#include file= "data/table.html"-->
But There is no requirement that they support JSP.
