Solved

Q for Ken/Object

Posted on 2004-03-24
9
216 Views
Last Modified: 2010-04-01
I have this JSP page contain 10 (for example) input text field.

If i want to set all this 10 elements into my javabean, i need to do javabean.setField1([value_of_field1]); for 10 times.

I wonder is there a way to ease this way of doing things?
0
Comment
Question by:wjh7554
  • 3
  • 3
  • 3
9 Comments
 
LVL 7

Accepted Solution

by:
searlas earned 195 total points
ID: 10675376
<jsp:useBean id="javabean" scope="session" class="com.foo.YourJavaBeanClass" />
<jsp:setProperty name="javabean" property="*" />

See:
http://java.sun.com/products/jsp/tags/11/syntaxref11.fm14.html#8865
and
http://java.sun.com/products/jsp/tags/11/syntaxref11.fm13.html
0
 

Author Comment

by:wjh7554
ID: 10676297
searlas, tq for you suggestion. But that's not my question is all about.

My issues here is when i have 10 input type="text" name="[different name]" />
i need to setProperty for 10 time into the bean or something else.

I wonder is there any method or way to ease this kind of un-productive way.

like your second link, setProperty mean will insert(or set the property) one by one into a bean.

TQ.
0
 
LVL 7

Expert Comment

by:searlas
ID: 10676973
Read again:
<jsp:setProperty name="javabean" property="*" />

The important bit is property="*", that's litereally a *, that's not a place holder for any names.  By putting a * the container will call each and every method.
e.g. if calling a page as:
your.jsp?field1=jobby&second=bob&field4=whatever

The code that would be executed would be equivalent to:
javabean.setField1("jobby");
javabean.setSecond("bob");
javabean.setField4("whatever");

0
 
LVL 14

Expert Comment

by:kennethxu
ID: 10678130
searlas is right!
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:wjh7554
ID: 10686616
is there a security issues??
i come across this in most of the book and they are not recommanding this.

Anyway, actually i have a idea on doing this. But not sure is it workable or not.
I plan to create an interface and my own API on handling this. Some sort like making my database as a object-oriented. Everytime i run the command (some java program), it'll use the java.sql.getMetatype etc to read the table schema. Then it'll generate few files for me.

Those file will contain those set, get for me.

What i will do in my JSP page is i will create the object for those files that i created. Then it'll use one statement,
ObjectA oa = New ObjectA();
oa(request);

then it'll automatically set the whole input type into my object. From there i move on to my SQL ..

..

Is this idea workable?
0
 
LVL 7

Expert Comment

by:searlas
ID: 10688381
The security issue is most likely not an issue; you just need to be aware that by tampering with the URL, a malicious user would be able to call any of the set methods.

For instance, if a bank used jsp:setProperty then a malicious user may find it useful to edit the url to:
blah.jsp?balance=1000000.0

The parameter would be automatically converted (if necessary) into a number, and the method setBalance() called.  Note, this issue also arises for applications using struts.  It's just something to be aware of.

I don't see the point in reinventing the wheel, so I'd use jsp:setProperty as is.
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 10689486
again searlas is right on this. the issue is rather programming issue. I have seen a lot of web app use javascript for data validation, that if fine but if you solely depend on client side validation, your application is designed to be attacked. My advise to everybody is: server side validation is must and client side is optional.

in addition, you need to be aware that the setxxx menthod will not be called if the field is blank.
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 10689496
Security rule: never trust what client send to you.
0
 

Author Comment

by:wjh7554
ID: 10693520
Thank You guys.

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now