Verify users' input (1) using JSP tag library (1)
In any web program that needs to verify the logical request submitted by the user, the creation of the program can use two methods to check data information. The first method is to verify on the client, even before the request is submitted to the server. Typically, this is done using the JavaScript scripting language running on the client browser. When the form is submitted, the script checks all submitted content. If an error is found, the script will pop up a popup window to display the wrong information. The second method is to work on the server side, which is to occur before using the technology supported by the application server to perform any data operation.
The server's verification method has increased the burden of the server, but the programmer is given more control, ensuring the data check. The client's verification method cannot guarantee the check of all data, because some users have disabled the JavaScript script by the browser, so some submitted information cannot be checked. But the client authentication method is faster than the server authentication mode because the user does not have to submit the verification data to the server and get the page from the server. Currently, more and more online programs require server-side verification, mainly because it guarantees checking and improves the security of programs. And the server hardware and software performance in recent years has developed rapidly, allowing for larger elastic programs to operate, making it easier to perform them. In this article, I will use a unique way to verify server-side authentication, this way is to use the Java JSP tag library. Then I will make a brief explanation of the creation of the JSP tag. My Previous article "View: Using MVC mode in web applications" (Translator Note: This article has been translated and published in the 9CBS Document Center) created a web program, a small project, which submitted by the user Urban name or postal code shows local weather information. This program fully follows the MVC architecture, and the application server used is Tomcat. The verification process is in an enterprise-level application, and the verification of the data is a process that requires security. The program must not only match the empty or fill in the incomplete domain, but also strictly be strictly careful of the incorrect entries (entry). If the data is submitted and saved into an RDBMS or any permanent storage device via the SQL statement, then the user can accidentally (or intentionally), resulting in an invalid SQL statement. What is hazard when a malicious user can submit an empty string or enter a specific data in a form to execute an operation that only the web program developer can perform. For example: they can output a row of data or a table in a table, and can even get the sensitive information they want from the database. The JSP page that performs verification in the "Online Weather Program" above is the "View" role in the MVC design. Each JSP view is either submitted, or the data is displayed. When the postal code or urban name in the form is submitted, the information is transmitted to the server. The server played the "Controler" role in the MVC, which performs behavior passed from the JSP and repositions to the next view by a servlet controller object. More details will be introduced later, let's first take a look at the work mechanism of the JSP label. The JSP tag you can think of a JSP tag as a custom behavior that can be performed on a server that can run the Java program. In JSP, a tag looks like a standard HTML tag. However, its logic is not executed on the client, but is converted by a servlet of the server. Each tag is encapsulated into a separate class, and its name and parameter properties are pointed out in a special .tld extension deployment description file. This file should be placed in the web-inflicity of the application server's web program root directory, indicating <% @ taglib ...%> in JSP, and also exists in an A web.xml file. When a JSP engine encounters a custom label, it first checks if you know the physical location of this tag class. If it knows, the code in the label class will execute. The label class is usually made into a JAR file and placed in the lib directory in the web-INF directory.
EX. ../Web-inf/mytags.tld - Deploy the descriptive file EX. ../Web-inf/lib/mytags.jar Tag library (or a full directory structure) To demonstrate how to use the label verification, I have Create a custom JSP tab called Notvalidzip to verify this postal coding domain (Field). However, labels can perform some behaviors, such as HTML formatting, domain manipulation, and even database queries. For another check, I used a label library from ColdBeans Software (http://www.servletsuite.com), this library is free for non-commercial purposes, which has many in HTML form. Very practical label. If you need to use these label libraries on a business site, you can write or buy them yourself. The following is some of the code for deploying file validtag.tld, which is used to handle my NOTVALIDZIP tag:
It pointed out that the label name is NOTVALIDZIP, the code is in the com.cj.valid.notvalidzip class, and there are two attributes, one is required, one is optional. To let the web program know that we contain a custom label library, I add it to the Web.xml deployment description file. The following is the code:
Finally, to include this tag library in JSP, I started to join the following line in my JSP page: <% @ Taglib URI = "/ Web-inf / validtag.tld" prefix = "valtag"%>
Now, I can use any label from that package, the method is written on its
The label usually has a label (body) and an optional attribute.
Some labels have no labels, such as
