Set JSP page commands

1. always set the session page command to False. Unless you want to use the session information on the JSP page, the False setting will not Delete the existing session, but the true setting will create a session, but it may not be intentional. The warning is given when request. getSession (true) is used. To avoid security issues caused by such a call, make sure that the use of JSP pages with the page command sesion = true is restricted.

2. Set page commands
The bulletproof application uses page commands to override the default values of sessions and errorpages. Always set the session page command to False unless you want to use the session information on the JSP page. The "False" setting does not delete any existing sessions, but the "true" setting creates a session, which may be unintentional ). To avoid security issues introduced by request. getSession (true) calls, make sure that the use of the page command Session = "true" limits the use of JSP pages. Only after the session is confirmed does direct requests to these restricted pages exist. You can restrict access to JSP files by placing them in the web-inf directory of web applications. Resources can be included or forwarded in the web-inf directory, but external users cannot directly access these resources. In addition, we cannot know when an exception will be thrown by the application. Use the errorPage command to redirect failed requests to a user-friendly error page.

3. template-based development
There is no reason to start writing application components again. A better way is to use an application that is similar to the application to be developed, and modify it until it meets the needs. This is the purpose of designing the WebAuction application. In addition, the j2ee Blueprints released by sun provides an excellent starting point for application development.

4. Pay attention to uppercase and spaces
The appearance of j2ee deployment files in xml encoding format means that you need to pay attention to uppercase and spaces. The developer may spend a lot of time debugging an application, but finally found that the error was caused by a space or parentheses error.

5. Use the correct inclusion mechanism
Use the modular page containing instructions. If the site regularly reuses components, such as the navigation bar or title that spans the top of the web site, consider placing the code used to generate these components into a separate JSP page. Then, use the JSP containing command to include the above Code into each page. Containing commands is an efficient operation. If you want to dynamically select the contained resources or perform advanced control on character encoding, you can use the include action.

6. Use Java as few as possible in JSP
The mixed use of JSP and Java code may cause obscure display of both. Java code should be used in JSP pages as little as possible by taking advantage of the advantages of JavaBean and custom tag libraries. The ideal situation is that Java code is not used at all.

7. Put the business logic in JavaBean
One advantage of JSP design is that it can avoid placing sensitive code on web pages. business logic can be applied in web applications, server operations, and Java client applications. JavaBean can be widely used on the entire J2EE platform, so JavaBean is a good place to define the application business logic.

8. Expression logic in the tag Library
The custom tag Library provides a way to replace the presentation layer logic with JSP tags. However, the tag library handler class is closely related to JSP and cannot be reused in other contexts. Similarly, custom tags are a good place to define and express logic, but they are not suitable for defining business logic.

9. Use the existing tag Library
There is no need to reinvent the wheel. A large number of tag libraries for multiple purposes already exist. Such as jstl

1. Three methods for displaying Chinese Characters in JSP Web programs
2. How to call JSP pages from the MIDlet
3. Establishment of JSP development environment
4. Java JSP uses Google's Translate to develop APIs
5. Introduction to JSP JavaBean development and release Environments