Download presentation
Presentation is loading. Please wait.
Published byTrevor Stanley Modified over 9 years ago
1
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk JSP Validation and Exception handling Why validate? Client side validation Server side validation Why catch exceptions? Exception handling in JSP Examples Context for the assignment Summary
2
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk Input validation Why? Security! –We wish to stop users accessing the system who are not recognised Input validation needs to be “airtight” –Use of regular expressions (http://www.regexlib.com/)regular expressions –DIY validation routines –Input validation libraries Assume all input is malicious Constrain the possible inputs e.g. length If necessary tidy up the input i.e. strip off unwanted characters Reject all input that does not meet your criteria Form validation - article (http://www.elated.com/articles/form- validation-with-javascript/)article
3
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk Input: When to do the validation? Two choices: Client side (i.e. the browser) Reduces the work on the server However, can be disabled, avoided or interfered with Server side –Has the advantage of being processed by the server before sent on for further processing or storage, e.g. to database If you give this some thought for web applications... They are using the request/response model –Industry tends to use JavaScript on the client – universal* to all browsers –PHP, Ruby, JSP or VBScript etc on the server side –Why use this model?
4
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk Client side validation Either use HTML (to restrict) or JavaScript (to actively check) input format See the example.zip file on the schedule for this week Read the readme file for instructions of how to use it – unzip to your C:\ drive on your home PC
5
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk Server side validation Example with user input for a password Code checks for length and format of password If appropriate permits user to continue otherwise sends user back to entry form to try again http://fcet11:8080/nas1/examples/login.html
6
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk Exceptions Exceptions are by definition exceptional events that occur during program execution Typical exceptional events (errors) are: –Database server is down –File is locked by another user –Mathematical errors (division by zero etc.) –No more memory available –Device or service not responding (e.g. DoS attack) –Alas, there are many others...
7
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk Exception Handling Unfortunately, it is not usually possible to know in advance that an exception is about to occur How do we tell our program what to do in case an exception does happen? Fortunately for object oriented coders, this problem has a generic solution Since JSP is based on Java we can use this solution in our web applications
8
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk Try…Catch In Java (and JSP) we can use a try…catch block around any piece of code that may cause an exception. [Same idea used in VB.net, PHP and others] <% try { // Code which can throw can exception } catch(Exception e) { // Exception handler code here } %>
9
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk Exceptions For very practical reasons, Java enforces the use of try…catch blocks around any piece of code that can cause an exception to be thrown. By ‘thrown’, it is meant that the exception has occurred. (Used in vernacular English too - “toys thrown out of pram”, “throw a tantrum”) When an exception is thrown, one of several things can happen depending on what you want your web application to do at that point.
10
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk Exception Handling Do nothing… let your program fall over and read the error message that Java produces on the server –Not nice, as you may have experienced! You could handle the exception locally (i.e. in your code at the point where the exception occurred) within your catch block. Or, you could redirect the user to an error page and do something there –Nicer in finished websites, simplifies handler Examples follow
11
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk Form.htm Enter your age ( in years ) :
12
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk FormHandler.jsp <% int age; age = Integer.parseInt(request.getParameter("age")); %> Your age is : years. Back.
13
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk But…….. This code works fine until a user enters something other than an integer via the form.
14
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk Simple Fix - Local Try…Catch <% int age; try { age = Integer.parseInt(request.getParameter("age")); %> Your age is : years. <% } catch(NumberFormatException e) { %> You must enter a number! <% } %>
15
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk User-Defined Error Page <% int age; age = Integer.parseInt(request.getParameter("age")); %> Your age is : years. Back.
16
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk User-Defined Error Page <% out.println("<!--"); StringWriter sw = new StringWriter(); PrintWriter pw = new PrintWriter(sw); exception.printStackTrace(pw); out.print(sw); sw.close(); pw.close(); out.println("-->"); %>
17
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk Ok, Good, Better! This works well but we can do better! Currently, the error message that is displayed is a standard Java message. These can be difficult to understand so instead we’ll pass our own message to our error page for it to display…
18
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk Combined Version <% int age; try { age = Integer.parseInt(request.getParameter("age")); } catch (NumberFormatException e) { throw new JspException("Please enter a valid integer value!"); } %>
19
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk Combined Version This time we catch the NumberFormatException locally and throw a new JspException with our own exception message. JspException is a JSP special exception class which extends java.lang.Exception. We need to change the error page code to this:
20
Java for enterprise networks Version 2.3 Feb 2008 j.c.westlake@staffs.ac.uk Summary JSP errors at run time and can be a combination of <% or } problems –Handling these gracefully improves the web application Validation to catch errors from say user input can be improved by the use of exception JSPs –Validation can also include checking input All the exception examples are in a zip file on the week 6 part of the Java WWW schedule
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.