I've developed an HTML page that sends information to a Servlet. In the Servlet, I am using the methods doGet() and doPost():
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
String id = req.getParameter("realname");
String password = req.getParameter("mypassword");
}
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
String id = req.getParameter("realname");
String password = req.getParameter("mypassword");
}
In the html page code that calls the Servlet is:
<form action="identification" method="post" enctype="multipart/form-data">
User Name: <input type="text" name="realname">
Password: <input type="password" name="mypassword">
<input type="submit" value="Identification">
</form>
When I use method = "get" in the Servlet, I get the value of id and password, however when using method = "post", id and password are set to null. Why don't I get the values in this case?
Another thing I'd like to know is how to use the data generated or validated by the Servlet. For example, if the Servlet shown above authenticates the user, I'd like to print the user id in my HTML page. I should be able to send the string 'id' as a response and use this info in my HTML page. Is it possible?
Introduction
You should use doGet() when you want to intercept on HTTP GET requests. You should use doPost() when you want to intercept on HTTP POST requests. That's all. Do not port the one to the other or vice versa (such as in Netbeans' unfortunate auto-generated processRequest() method). This makes no utter sense.
GET
Usually, HTTP GET requests are idempotent. I.e. you get exactly the same result everytime you execute the request (leaving authorization/authentication and the time-sensitive nature of the page —search results, last news, etc— outside consideration). We can talk about a bookmarkable request. Clicking a link, clicking a bookmark, entering raw URL in browser address bar, etcetera will all fire a HTTP GET request. If a Servlet is listening on the URL in question, then its doGet() method will be called. It's usually used to preprocess a request. I.e. doing some business stuff before presenting the HTML output from a JSP, such as gathering data for display in a table.
#WebServlet("/products")
public class ProductsServlet extends HttpServlet {
#EJB
private ProductService productService;
#Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
List<Product> products = productService.list();
request.setAttribute("products", products); // Will be available as ${products} in JSP
request.getRequestDispatcher("/WEB-INF/products.jsp").forward(request, response);
}
}
Note that the JSP file is explicitly placed in /WEB-INF folder in order to prevent endusers being able to access it directly without invoking the preprocessing servlet (and thus end up getting confused by seeing an empty table).
<table>
<c:forEach items="${products}" var="product">
<tr>
<td>${product.name}</td>
<td>detail</td>
</tr>
</c:forEach>
</table>
Also view/edit detail links as shown in last column above are usually idempotent.
#WebServlet("/product")
public class ProductServlet extends HttpServlet {
#EJB
private ProductService productService;
#Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Product product = productService.find(request.getParameter("id"));
request.setAttribute("product", product); // Will be available as ${product} in JSP
request.getRequestDispatcher("/WEB-INF/product.jsp").forward(request, response);
}
}
<dl>
<dt>ID</dt>
<dd>${product.id}</dd>
<dt>Name</dt>
<dd>${product.name}</dd>
<dt>Description</dt>
<dd>${product.description}</dd>
<dt>Price</dt>
<dd>${product.price}</dd>
<dt>Image</dt>
<dd><img src="productImage?id=${product.id}" /></dd>
</dl>
POST
HTTP POST requests are not idempotent. If the enduser has submitted a POST form on an URL beforehand, which hasn't performed a redirect, then the URL is not necessarily bookmarkable. The submitted form data is not reflected in the URL. Copypasting the URL into a new browser window/tab may not necessarily yield exactly the same result as after the form submit. Such an URL is then not bookmarkable. If a Servlet is listening on the URL in question, then its doPost() will be called. It's usually used to postprocess a request. I.e. gathering data from a submitted HTML form and doing some business stuff with it (conversion, validation, saving in DB, etcetera). Finally usually the result is presented as HTML from the forwarded JSP page.
<form action="login" method="post">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" value="login">
<span class="error">${error}</span>
</form>
...which can be used in combination with this piece of Servlet:
#WebServlet("/login")
public class LoginServlet extends HttpServlet {
#EJB
private UserService userService;
#Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
User user = userService.find(username, password);
if (user != null) {
request.getSession().setAttribute("user", user);
response.sendRedirect("home");
}
else {
request.setAttribute("error", "Unknown user, please try again");
request.getRequestDispatcher("/login.jsp").forward(request, response);
}
}
}
You see, if the User is found in DB (i.e. username and password are valid), then the User will be put in session scope (i.e. "logged in") and the servlet will redirect to some main page (this example goes to http://example.com/contextname/home), else it will set an error message and forward the request back to the same JSP page so that the message get displayed by ${error}.
You can if necessary also "hide" the login.jsp in /WEB-INF/login.jsp so that the users can only access it by the servlet. This keeps the URL clean http://example.com/contextname/login. All you need to do is to add a doGet() to the servlet like this:
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.getRequestDispatcher("/WEB-INF/login.jsp").forward(request, response);
}
(and update the same line in doPost() accordingly)
That said, I am not sure if it is just playing around and shooting in the dark, but the code which you posted doesn't look good (such as using compareTo() instead of equals() and digging in the parameternames instead of just using getParameter() and the id and password seems to be declared as servlet instance variables — which is NOT threadsafe). So I would strongly recommend to learn a bit more about basic Java SE API using the Oracle tutorials (check the chapter "Trails Covering the Basics") and how to use JSP/Servlets the right way using those tutorials.
See also:
Our servlets wiki page
Java EE web development, where do I start and what skills do I need?
Servlet returns "HTTP Status 404 The requested resource (/servlet) is not available"
Show JDBC ResultSet in HTML in JSP page using MVC and DAO pattern
Update: as per the update of your question (which is pretty major, you should not remove parts of your original question, this would make the answers worthless .. rather add the information in a new block) , it turns out that you're unnecessarily setting form's encoding type to multipart/form-data. This will send the request parameters in a different composition than the (default) application/x-www-form-urlencoded which sends the request parameters as a query string (e.g. name1=value1&name2=value2&name3=value3). You only need multipart/form-data whenever you have a <input type="file"> element in the form to upload files which may be non-character data (binary data). This is not the case in your case, so just remove it and it will work as expected. If you ever need to upload files, then you'll have to set the encoding type so and parse the request body yourself. Usually you use the Apache Commons FileUpload there for, but if you're already on fresh new Servlet 3.0 API, then you can just use builtin facilities starting with HttpServletRequest#getPart(). See also this answer for a concrete example: How to upload files to server using JSP/Servlet?
Both GET and POST are used by the browser to request a single resource from the server. Each resource requires a separate GET or POST request.
The GET method is most commonly (and is the default method) used by browsers to retrieve information from servers. When using the GET method the 3rd section of the request packet, which is the request body, remains empty.
The GET method is used in one of two ways:
When no method is specified, that is when you or the browser is requesting a simple resource such as an HTML page, an image, etc.
When a form is submitted, and you choose method=GET on the HTML tag. If the GET method is used with an HTML form, then the data collected through the form is sent to the server by appending a "?" to the end of the URL, and then adding all name=value pairs (name of the html form field and value entered in that field) separated by an "&"
Example:
GET /sultans/shop//form1.jsp?name=Sam%20Sultan&iceCream=vanilla HTTP/1.0 optional headeroptional header<< empty line >>>
The name=value form data will be stored in an environment variable called QUERY_STRING.
This variable will be sent to a processing program (such as JSP, Java servlet, PHP etc.)
The POST method is used when you create an HTML form, and request method=POST as part of the tag. The POST method allows the client to send form data to the server in the request body section of the request (as discussed earlier). The data is encoded and is formatted similar to the GET method, except that the data is sent to the program through the standard input.
Example:
POST /sultans/shop//form1.jsp HTTP/1.0 optional headeroptional header<< empty line >>> name=Sam%20Sultan&iceCream=vanilla
When using the post method, the QUERY_STRING environment variable will be empty.
Advantages/Disadvantages of GET vs. POST
Advantages of the GET method:
Slightly faster
Parameters can be entered via a form or by appending them after the URL
Page can be bookmarked with its parameters
Disadvantages of the GET method:
Can only send 4K worth of data. (You should not use it when using a textarea field)
Parameters are visible at the end of the URL
Advantages of the POST method:
Parameters are not visible at the end of the URL. (Use for sensitive data)
Can send more that 4K worth of data to server
Disadvantages of the POST method:
Can cannot be bookmarked with its data
The servlet container's implementation of HttpServlet.service() method will automatically forward to doGet() or doPost() as necessary, so you shouldn't need to override the service method.
Could it be that you are passing the data through get, not post?
<form method="get" ..>
..
</form>
If you do <form action="identification" > for your html form, data will be passed using 'Get' by default and hence you can catch this using doGet function in your java servlet code. This way data will be passed under the HTML header and hence will be visible in the URL when submitted.
On the other hand if you want to pass data in HTML body, then USE Post: <form action="identification" method="post"> and catch this data in doPost function. This was, data will be passed under the html body and not the html header, and you will not see the data in the URL after submitting the form.
Examples from my html:
<body>
<form action="StartProcessUrl" method="post">
.....
.....
Examples from my java servlet code:
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
PrintWriter out = response.getWriter();
String surname = request.getParameter("txtSurname");
String firstname = request.getParameter("txtForename");
String rqNo = request.getParameter("txtRQ6");
String nhsNo = request.getParameter("txtNHSNo");
String attachment1 = request.getParameter("base64textarea1");
String attachment2 = request.getParameter("base64textarea2");
.........
.........
Related
I have a simple Maven servlet/jsp application that I deploy to a local Tomcat 9 (via Eclipse). JSP pages are stored under root folder (src\main\webapp\*.jsp) which when Maven installs a WAR, they go under the root folder (MyAppContext\*.jsp along side MyAppContext\META-INF\ and MyAppContext\WEB-INF\).
The servlets' URL patterns are annotated for each servlet, e.g. /doactionone, /doactiontwo, etc. Most servlets perform the dispatching to various JSP pages, but I do have a direct anchor link on one.
I wanted to move these JSP pages into their own respective directory, so I moved them to src\main\webapp\jsp\*.jsp folder, and when the Maven install is run, they get placed under MyAppContext\jsp\.
The only entry I have in web.xml is a welcome file that after relocating the JSP files, it points to jsp\doactionone.jsp which loads that corresponding JSP page. This page contains a simple form:
<form action="doactionone" method="post">
...
<a href="jsp/doactiontwo.jsp">
<input type="submit" />...
</form>
The submission on this page actually calls the right servlet (the one defined with doactionone URL pattern). I also have a link that takes the user to the second page (doactiontwo.jsp).
However, when I navigate to that second page via this link, which has another simple form (see below), and perform the submission (post), I see in browser's debugging that the URL request is http://localhost:8080/MyAppContext/jsp/doactiontwo which, for obvious reason, would return a 404 status (and get no hit to this servlet's doPost() (or doGet()) methods either).
<form action="doactiontwo" method="post">
...
<input type="submit" />...
</form>
If I try to modify the second servlet's URL pattern to /jsp/doactiontwo, I can hit the servlet, but when doactiontwo actually dispatches/forwards the request after processing to the first servlet (doactionone) with:
RequestDispatcher rd = request.getRequestDispatcher("doactionone.jsp");
rd.forward(request, response);
when it gets loaded, when hover over the URL on the first page that initially was pointing to the second JSP page (<a href="jsp/doactiontwo.jsp">), now actually points to:
jsp/jsp/doactiontwo.jsp
The funny part is that the source code of doactionone.jsp still shows it as jsp/doactiontwo.jsp, but hovering over it shows http://localhost:8080/MyAppContext/jsp/jsp/doactiontwo, and when clicked, it obviously results in 404 status.
Can somebody explain why, first of all, the submission on the second JSP page requires the servlet to have a pattern of /jsp/doactiontwo to work rather than /doactiontwo? And is there a way around to avoid appending /jsp to the URL pattern?
And second, why when the second servlet processes the request and dispatches/forwards it to the first page, the URL now contains two jsp/'s?
You need to change your design to allow the controllers, a.k.a. Servlets, to drive your application. In this particular case, use the URL Pattern of second Servlet (doactiontwo) in place of you link:
#WebServlet(urlPatterns = { "doactiontwo" }
public class DoActionTwoServlet extends HttpServlet { /* ... */ }
<form action="doactionone" method="post">
...
<a href="doactiontwo"> <!-- This should match your second servlet's URL pattern -->
<input type="submit" />...
</form>
Now, since the default method when anchor link is invoked is GET, you need to overwrite DoActionTwoServlet's doGet() method, and forward those requests to an actual doactiontwo.jsp:
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
RequestDispatcher rd = request.getRequestDispatcher("jsp/doactiontwo.jsp");
rd.forward(request, response);
}
I have a JSP page with two buttons. One is On and other one is OFF.
If I click on ON button in JSP, On click some predefined string will have to send to IP address.
How can we call Java program from JSP on click button?
Just give the individual button elements an unique name. When pressed, the button's name is available as a request parameter the usual way like as with input elements
E.g.
<form action="${pageContext.request.contextPath}/myservlet" method="post">
<input type="submit" name="button1" value="Button 1" />
</form>
with
#WebServlet("/myservlet")
public class MyServlet extends HttpServlet {
#Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
MyClass myClass = new MyClass();
if (request.getParameter("button1") != null)
{
myClass.function1();
}
else
{
// ???
}
request.getRequestDispatcher("/WEB-INF/some-result.jsp").forward(request, response);
}
}
You can call it using Ajax . AJAX request will invoke any java program you want by sending the request to the server. see this for more info.
There are also other possible options you can use DWR for secure transactions.
See here for jquery ajax post . Also here is good example for using it with servlets.
Hope this helps !!
side-note: If you need any specific help , please post us the code which you are trying
I am building a simple web app and attempting to create a login page. The page consists of a JSP with a form which loads a Servlet.
I have got the form working using the GET method:
JSP looks like this:
<form method="get" action="Login">
Email:<input name="email"/>
Password:<input name="password"/>
<input type="Submit" value="Log in"/>
And in the Servlet:
#WebServlet(name = "Login", urlPatterns = {"/Login"})
public class Login extends HttpServlet {
/**
* Processes requests for both HTTP
* <code>GET</code> and
* <code>POST</code> methods.
*
* #param request servlet request
* #param response servlet response
* #throws ServletException if a servlet-specific error occurs
* #throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
//Assign variables from the request parameters
String loginFormEmail = request.getParameter("email");
String loginFormPassword = request.getParameter("password");
This code works but it includes the username and password in the URL string, so it's obviously not good practice. I have attempted to do this using POST instead but I've been getting an error. (HTTP Status 405 - HTTP method POST is not supported by this URL)
I need to know how to send parameters from the JSP to the Servlet using POST. I think this may involve using RequestDispatcher object, but all the tutorials I've found explain using RequestDispatcher to send data from the Servlet to the JSP, not the other way around. Can you/should you use Request Dispatcher to send POST data from the JSP to the Servlet? And how to you access these parameters from the Servlet? (Is there an equivalent of request.getParameter() for POST?)
I understand that using POST still won't be secure, but it is a lot better practice than including the password in the query string, and I will think about security later.
Apologies for the basic question, I have found lots of tutorials online but none of them seem to answer this specific question. Thank you.
Try
<form method="POST" action="Login>
Note: method instead of type for specifying GET/POST.
But it's not really any more "secure" than using GET. They are still available in clear text in the post body. If you want it to be secure, make sure you use HTTPS.
Edit
You have edited your question now, and it appears that you are using method, not type. So if you still have errors after changing it to POST, specify what error you are getting.
Edit2
You specify that you are getting a HTTP method POST is not supported by this URL error. This means that your servlet does not accept the POST method. Which most likely means that you are inheriting some base servlet that only accepts GET. Seeing all of the code for the servlet would be helpful.
<form type="get" action="Login" method="POST">
Email:<input name="email"/>
Password:<input name="password"/>
<input type="Submit" value="Log in"/>
I suggest you instead of processRequest(), use doPost() method.
Use method="POST" attribute in your element
Override the HttpServlet#doPost() method in your Login class
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException {
String loginFormEmail = request.getParameter("email");
String loginFormPassword = request.getParameter("password");
// do something to produce a response
}
This might require you to change the service() method that might be overridden to call your processRequest() method regardless of the HTTP method. This depends on the rest of your Login class implementation which you haven't shown.
Then change your <form> to make a POST request.
Try to override the HttpServlet methods doPost() and doGet():
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException,IOException {
processRequest(request,response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException,IOException {
processRequest(request,response);
}
I'm taking a class on JSP and I have an assignment... we have to write a JSP page that takes user input, validate the input and then forward it to a different web site. To be more precise, we were asked to implement a rudimentary version of the FareFinder functionality of Amtrak's web site.
There are 2 main purposes to this assignment:
(a) to write JSP which performs as middleware;
and (b) to write JSP which validates form data.
I have a general question about the principles of doing the validation. Currently I have a JSP that has a form and a submit button. When the user clicks on the submit button I forward them to Validate.jsp. The Validate.jsp will then validate the data and if the input is OK it will automatically redirect the request to the Amtrak web site with all the parameters filled out.
FareFinder.jsp -> Validate.jsp -> Amtrak
(click on the file name to see all my code in a pastie)
Briefly, the main thing that I'm doing FareFinder.jsp:
<FORM METHOD=POST ACTION="Validate.jsp">
<!-- all the input fields are up here -->
<P><INPUT TYPE=SUBMIT></P>
</FORM>
The main thing I'm doing in Validate.jsp:
<%# page import="java.util.*" import="java.io.*"%>
<%
// retreive all the parameters
String origin = request.getParameter("_origin");
String depmonthyear = request.getParameter("_depmonthyear");
String depday = request.getParameter("_depday");
String dephourmin = request.getParameter("_dephourmin");
String destination = request.getParameter("_destination");
String retmonthyear = request.getParameter("_retmonthyear");
String retday = request.getParameter("_retday");
String rethourmin = request.getParameter("_rethourmin");
String adults = request.getParameter("_adults");
String children = request.getParameter("_children");
String infants = request.getParameter("_infants");
String searchBy = request.getParameter("_searchBy");
// validate the data
// redirect to Amtrak or back to FareFinder.jsp
%>
I have several questions:
How do I return to FareFinder.jsp from Validate.jsp and reflect the errors found in the validation page?
Once I have found errors- do I redirect the response back to FareFinder.jsp?
How could I transmit the error(s) back to FareFinder.jsp?
A generic answer would be fine too, but I'm giving my code as an example.
Note: the validation must be performed on the server side and I can't use javascript.
OK, as per the comments, Servlets are covered as well. Now, create one and implement doPost() like follows (semi pseudo):
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Map<String, String> errors = new HashMap<String, String>();
String origin = request.getParameter("origin");
if (origin does not validate) {
errors.put("origin", "Put error message here.");
}
// Repeat for all parameters.
if (errors.isEmpty()) {
// No errors, redirect to Amtrak.
response.sendRedirect("http://amtrak.com");
} else {
// Put errors in request scope and forward back to JSP.
request.setAttribute("errors", errors);
request.getRequestDispatcher("FareFinder.jsp").forward(request, response);
}
}
Map this servlet in web.xml on an url-pattern of /validateFare so that you can invoke it by http://example.com/context/validateFare.
Now do in JSP something like:
<form action="validateFare" method="post">
<label for="origin">Origin</label>
<input id="origin" name="origin" value="${param.origin}">
<span class="error">${errors.origin}</span>
<!-- Repeat other fields here. -->
</form>
You see that the form action already points to the servlet. The ${param.origin} in input values will retain the submitted value by doing request.getParameter("origin") under the hoods. The ${errors.origin} will show any associated error message by roughly doing pageContext.findAttribute("errors").get("origin").
This must get you started :) Good luck.
I am having a web form(JSP) which submits the data to different application, hosted on different server. After submitting the form data, that application redirect back to same JSP page. Now, I want to save the entered the data. What are the different approaches to retain the submitted data in web form. I would not prefer to store the data in DB or any file.
PS: I would like to retain the submitted form data when request again redirected to same JSP page. Therefore, user need not to re-enter the data. Like, data can be stored in Session or Request etc.
Best what you can do is to submit to your own servlet which in turn fires another request to the external webapplication in the background with little help of java.net.URLConnection. Finally just post back to the result page within the same request, so that you can just access request parameters by EL. There's an implicit EL variable ${param} which gives you access to the request parameters like a Map wherein the parameter name is the key.
So with the following form
<form action="myservlet" method="post">
<input type="text" name="foo">
<input type="text" name="bar">
<input type="submit">
</form>
and roughly the following servlet method
protected void doPost(HttpServletRequest request, HttpServletResponse response) {
String foo = request.getParameter("foo");
String bar = request.getParameter("bar");
String url = "http://external.com/someapp";
String charset = "UTF-8";
String query = String.format("foo=%s&bar=%s", URLEncoder.encode(foo, charset), URLEncoder.encode(bar, charset));
URLConnection connection = new URL(url).openConnection();
connection.setUseCaches(false);
connection.setDoOutput(true); // Triggers POST.
connection.setRequestProperty("accept-charset", charset);
connection.setRequestProperty("content-type", "application/x-www-form-urlencoded;charset=" + charset);
try (OutputStreamWriter writer = new OutputStreamWriter(connection.getOutputStream(), charset)) {
writer.write(query);
}
InputStream result = connection.getInputStream();
// Do something with result here? Check if it returned OK response?
// Now forward to the JSP.
request.getRequestDispatcher("result.jsp").forward(request, response);
}
you should be able to access the input in result.jsp as follows
<p>Foo: <c:out value="${param.foo}" /></p>
<p>Bar: <c:out value="${param.bar}" /></p>
Simple as that. No need for jsp:useBean and/or nasty scriptlets.
In JSP this kind of thing is usually handled by using a javabean to store the form values and then using the jsp:useBean tag. For example you would create the following javabean:
package com.mycompany;
public class FormBean {
private String var1;
private String var2;
public void setVar1(String var) { this.var1 = var; }
public String getVar1() { return this.var1; }
public void setVar2(String var) { this.var2 = var; }
public String getVar2() { return this.var2; }
}
In your form jsp you'd use the useBean tag and your form fields values would get their values from the bean:
<jsp:useBean id="formBean" class="com.mycompany.FormBean" scope="session"/>
...
...
<input type="text" name="var1" value="<%=formBean.getVar1()%>" />
In your jsp the form data is posted to (then redirects back) you'd have the following code that would push the posted form data into the bean.
<jsp:useBean id="formBean" class="com.mycompany.FormBean" scope="session"/>
<jsp:setProperty name="formBean" property="*"/>
Another option is to just stuff the form data into the session in your save page:
String var1 = request.getParameter("var1");
String var2 = request.getParameter("var2");
session.setAttribute("var1", val1);
session.setAttribute("var2", val2);
...
and reference it in your form (null checking omitted):
<input type="text" name="var1" value="<%= session.getAttribute("var1") %>" />
If I understand the problem correctly (big "if" there), you have a FORM that has a method of POST and an ACTION that is pointed directly to a remote server. When the user clicks "Submit" the browser isn't involving your host in that transaction, the data is going to the "ACTION" recipient. That would make your options limited to implementing a call back relationship with the remote service (possibly beyond your control), setting up a local proxy servlet to intercept the data and forward the POST along to it's intended recipient (which would make the POST originate from the server and not the client (this could likely cause problems)), or utilize some AJAX design pattern to send the form data to two places instead of just one which the FORM tag dictates.
Beyond that, you would need to have some form of local persistence like a database or a file.
Did I help at all?