Java for enterprise networks Version 2.3 Feb 2008 JSP Validation and Exception handling Why validate? Client side validation.

Slides:



Advertisements
Similar presentations
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
Advertisements

Lecture 23 Input and output with files –(Sections 2.13, 8.7, 8.8) Exceptions and exception handling –(Chapter 17)
C++ Programming: Program Design Including Data Structures, Fourth Edition Chapter 15: Exception Handling.
Chapter 16: Exception Handling C++ Programming: From Problem Analysis to Program Design, Fifth Edition.
Objectives In this chapter you will: Learn what an exception is Learn how to handle exceptions within a program See how a try / catch block is used to.
Chapter 8Java: an Introduction to Computer Science & Programming - Walter Savitch 1 Chapter 8 l Basic Exception Handling »the mechanics of exceptions l.
SE-1020 Dr. Mark L. Hornick 1 Exceptions and Exception Handling.
© The McGraw-Hill Companies, 2006 Chapter 15. © The McGraw-Hill Companies, 2006 Exceptions an exception is an event that occurs during the life of a program.
C++ Programming: From Problem Analysis to Program Design, Third Edition Chapter 16: Exception Handling.
DT228/3 Web Development WWW and Client server model.
CSI 3120, Exception handling, page 1 Exception and Event Handling Credits Robert W. Sebesta, Concepts of Programming Languages, 8 th ed., 2007 Dr. Nathalie.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Server-Side vs. Client-Side Scripting Languages
J4www/jea Week 3 Version Slide edits: nas1 Format of lecture: Assignment context: CRUD - “update details” JSP models.
Tips and Techniques Tips re: errors Obviously, the best approach to reducing bugs is to code to a design and perform testing at incremental stages. However.
Exceptions Used to signal errors or unexpected situations to calling code Should not be used for problems that can be dealt with reasonably within local.
Exceptions CIS 304 Intermediate Java Programming for Business.
Exceptions. Errors and Exceptions An error is a bug in your program –dividing by zero –going outside the bounds of an array –trying to use a null reference.
Chapter 81 Exception Handling Chapter 8. 2 Reminders Project 5 due Oct 10:30 pm Project 3 regrades due by midnight tonight Discussion groups now.
DT211/3 Internet Development Application Internet Development Application.
CIS101 Introduction to Computing Week 11. Agenda Your questions Copy and Paste Assignment Practice Test JavaScript: Functions and Selection Lesson 06,
1 Exception and Event Handling (Based on:Concepts of Programming Languages, 8 th edition, by Robert W. Sebesta, 2007)
Exceptions. Many problems in code are handled when the code is compiled, but not all Some are impossible to catch before the program is run  Must run.
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
DAT602 Database Application Development Lecture 15 Java Server Pages Part 1.
INTRODUCTION TO WEB DATABASE PROGRAMMING
M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,
MIT AITI 2004 JSP – Lecture 2 Get and Post Requests.
JavaScript Form Validation
WEEK EXCEPTION HANDLING. Syntax Errors Syntax errors, also known as parsing errors, are perhaps the most common kind of complaint you get while.
CSCI 6962: Server-side Design and Programming Validation Tools in Java Server Faces.
CMSC 202 Exceptions. Aug 7, Error Handling In the ideal world, all errors would occur when your code is compiled. That won’t happen. Errors which.
07 Coding Conventions. 2 Demonstrate Developing Local Variables Describe Separating Public and Private Members during Declaration Explore Using System.exit.
JAVA SERVER PAGES. 2 SERVLETS The purpose of a servlet is to create a Web page in response to a client request Servlets are written in Java, with a little.
Exceptions Handling Exceptionally Sticky Problems.
1 Software Construction and Evolution - CSSE 375 Exception Handling - Principles Steve Chenoweth, RHIT Above – Exception handling on the ENIAC. From
Website Development with PHP and MySQL Saving Data.
Forms and Server Side Includes. What are Forms? Forms are used to get user input We’ve all used them before. For example, ever had to sign up for courses.
Chapter 14: Exception Handling. Objectives In this chapter, you will: – Learn what an exception is – Learn how to handle exceptions within a program –
Exception Handling Unit-6. Introduction An exception is a problem that arises during the execution of a program. An exception can occur for many different.
Exceptions in Java. Exceptions An exception is an object describing an unusual or erroneous situation Exceptions are thrown by a program, and may be caught.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
240-Current Research Easily Extensible Systems, Octave, Input Formats, SOA.
Chapter 12 Handling Exceptions and Events. Chapter Objectives Learn what an exception is Become aware of the hierarchy of exception classes Learn about.
FT228/3 Web Development Error processing. Introduction READ Chapter 9 of Java Server Pages from O’reilly 2 nd Edition Need to be able to 1) Diagnose and.
44238: Dynamic Web-site Development Client Side Programming Ian Perry Room:C48 Extension:7287
The Problem of State. We will look at… Sometimes web development is just plain weird! Internet / World Wide Web Aspects of their operation The role of.
Sheet 3 HANDLING EXCEPTIONS Advanced Programming using Java By Nora Alaqeel.
PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.
Scripting Languages Client Side and Server Side. Examples of client side/server side Examples of client-side side include: JavaScript Jquery (uses a JavaScript.
Exceptions in C++. Exceptions  Exceptions provide a way to handle the errors generated by our programs by transferring control to functions called handlers.
Exception Handling in Java Topics: Introduction Errors and Error handling Exceptions Types of Exceptions Coding Exceptions Summary.
Chapter 15: Exception Handling C++ Programming: Program Design Including Data Structures, Fifth Edition.
1) PHP – Personal Home Page Scripting Language 2) JavaScript.
Chapter 8-Exception Handling/ Robust Programming.
Text INTRODUCTION TO ASP.NET. InterComm Campaign Guidelines CONFIDENTIAL Simply Server side language Simplified page development model Modular, well-factored,
Exceptions in OO Programming Introduction Errors Exceptions in Java Handling exceptions The Try-Catch-Finally mechanism Example code Exception propagation.
Exceptions an unusual condition – e.g. division by zero – e.g. file doesn't exist – e.g. illegal type – etc. etc… typically a run-time error – i.e. during.
Exceptions and Error Handling. Exceptions Errors that occur during program execution We should try to ‘gracefully’ deal with the error Not like this.
World Wide Web has been created to share the text document across the world. In static web pages the requesting user has no ability to interact with the.
WWW and HTTP King Fahd University of Petroleum & Minerals
PHP / MySQL Introduction
Web Programming– UFCFB Lecture 17
Chapter 14: Exception Handling
Exception Handling and Reading / Writing Files
Exception Handling Imran Rashid CTO at ManiWeber Technologies.
Error Handling in Java Servlets
Testing & Security Dr. X.
CMSC 202 Exceptions.
CSC 243 – Java Programming, Fall, 2008
Presentation transcript:

Java for enterprise networks Version 2.3 Feb 2008 JSP Validation and Exception handling Why validate? Client side validation Server side validation Why catch exceptions? Exception handling in JSP Examples Context for the assignment Summary

Java for enterprise networks Version 2.3 Feb 2008 Input validation Why? Security! –We wish to stop users accessing the system who are not recognised Input validation needs to be “airtight” –Use of regular expressions ( expressions –DIY validation routines –Input validation libraries Assume all input is malicious Constrain the possible inputs e.g. length If necessary tidy up the input i.e. strip off unwanted characters Reject all input that does not meet your criteria Form validation - article ( validation-with-javascript/)article

Java for enterprise networks Version 2.3 Feb 2008 Input: When to do the validation? Two choices: Client side (i.e. the browser) Reduces the work on the server However, can be disabled, avoided or interfered with Server side –Has the advantage of being processed by the server before sent on for further processing or storage, e.g. to database If you give this some thought for web applications... They are using the request/response model –Industry tends to use JavaScript on the client – universal* to all browsers –PHP, Ruby, JSP or VBScript etc on the server side –Why use this model?

Java for enterprise networks Version 2.3 Feb 2008 Client side validation Either use HTML (to restrict) or JavaScript (to actively check) input format See the example.zip file on the schedule for this week Read the readme file for instructions of how to use it – unzip to your C:\ drive on your home PC

Java for enterprise networks Version 2.3 Feb 2008 Server side validation Example with user input for a password Code checks for length and format of password If appropriate permits user to continue otherwise sends user back to entry form to try again

Java for enterprise networks Version 2.3 Feb 2008 Exceptions Exceptions are by definition exceptional events that occur during program execution Typical exceptional events (errors) are: –Database server is down –File is locked by another user –Mathematical errors (division by zero etc.) –No more memory available –Device or service not responding (e.g. DoS attack) –Alas, there are many others...

Java for enterprise networks Version 2.3 Feb 2008 Exception Handling Unfortunately, it is not usually possible to know in advance that an exception is about to occur How do we tell our program what to do in case an exception does happen? Fortunately for object oriented coders, this problem has a generic solution Since JSP is based on Java we can use this solution in our web applications

Java for enterprise networks Version 2.3 Feb 2008 Try…Catch In Java (and JSP) we can use a try…catch block around any piece of code that may cause an exception. [Same idea used in VB.net, PHP and others] <% try { // Code which can throw can exception } catch(Exception e) { // Exception handler code here } %>

Java for enterprise networks Version 2.3 Feb 2008 Exceptions For very practical reasons, Java enforces the use of try…catch blocks around any piece of code that can cause an exception to be thrown. By ‘thrown’, it is meant that the exception has occurred. (Used in vernacular English too - “toys thrown out of pram”, “throw a tantrum”) When an exception is thrown, one of several things can happen depending on what you want your web application to do at that point.

Java for enterprise networks Version 2.3 Feb 2008 Exception Handling Do nothing… let your program fall over and read the error message that Java produces on the server –Not nice, as you may have experienced! You could handle the exception locally (i.e. in your code at the point where the exception occurred) within your catch block. Or, you could redirect the user to an error page and do something there –Nicer in finished websites, simplifies handler Examples follow

Java for enterprise networks Version 2.3 Feb 2008 Form.htm Enter your age ( in years ) :

Java for enterprise networks Version 2.3 Feb 2008 FormHandler.jsp <% int age; age = Integer.parseInt(request.getParameter("age")); %> Your age is : years. Back.

Java for enterprise networks Version 2.3 Feb 2008 But…….. This code works fine until a user enters something other than an integer via the form.

Java for enterprise networks Version 2.3 Feb 2008 Simple Fix - Local Try…Catch <% int age; try { age = Integer.parseInt(request.getParameter("age")); %> Your age is : years. <% } catch(NumberFormatException e) { %> You must enter a number! <% } %>

Java for enterprise networks Version 2.3 Feb 2008 User-Defined Error Page <% int age; age = Integer.parseInt(request.getParameter("age")); %> Your age is : years. Back.

Java for enterprise networks Version 2.3 Feb 2008 User-Defined Error Page <% out.println("<!--"); StringWriter sw = new StringWriter(); PrintWriter pw = new PrintWriter(sw); exception.printStackTrace(pw); out.print(sw); sw.close(); pw.close(); out.println("-->"); %>

Java for enterprise networks Version 2.3 Feb 2008 Ok, Good, Better! This works well but we can do better! Currently, the error message that is displayed is a standard Java message. These can be difficult to understand so instead we’ll pass our own message to our error page for it to display…

Java for enterprise networks Version 2.3 Feb 2008 Combined Version <% int age; try { age = Integer.parseInt(request.getParameter("age")); } catch (NumberFormatException e) { throw new JspException("Please enter a valid integer value!"); } %>

Java for enterprise networks Version 2.3 Feb 2008 Combined Version This time we catch the NumberFormatException locally and throw a new JspException with our own exception message. JspException is a JSP special exception class which extends java.lang.Exception. We need to change the error page code to this:

Java for enterprise networks Version 2.3 Feb 2008 Summary JSP errors at run time and can be a combination of <% or } problems –Handling these gracefully improves the web application Validation to catch errors from say user input can be improved by the use of exception JSPs –Validation can also include checking input All the exception examples are in a zip file on the week 6 part of the Java WWW schedule

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.