Have been following the esapi4java-core-2.0-install-guide.pdf for Eclipse and applying it in a Websphere 7.5 environment.
Step 1 - I added the esapi.jar in the libraries (Project > Properties > Java Build Path > Libraries tab > Add External JARs).
Step 2- I located the esapi & validation .properties files in a folder on my machine.
Step 3 - I selected to add esapi for all run configurations (Windows > Preferences > Java > Installed JREs). I highlighted WebSphere Application Server v7.0 JRE, selected "Edit" and added esapi.jar to that library list. On that same form, I added the -Dorg.owasp.esapi.resources="/path/to/.esapi" argument to the Default VM Arguments prompt, the path to where my esapi & validation .properties files are located.
Here's the code on the JSP page that fails:
<%# page language="java" %>
<%# taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %>
<%# taglib uri="/WEB-INF/struts-html.tld" prefix="html" %>
<%# taglib uri="/WEB-INF/struts-tiles.tld" prefix="tiles" %>
<%# page import="java.net.*" %>
<script type="text/javascript" language="javascript">
function validateForm()
{
var userURL = "http://www.google.com";
var isValidURL = ESAPI.validator().isValidInput("URLContext", userURL, "URL", 255, false);
if (isValidURL) {
alert("true");
} else {
alert("false");
}
}
</script>
Upon executing this bit of code, I get the error:
'ESAPI' is undefined (which happens on the var isValidURL statement).
What am I missing?
I don't see where you imported esapi in the jsp.
Try this:
<%# page language="java" %>
<%# taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %>
<%# taglib uri="/WEB-INF/struts-html.tld" prefix="html" %>
<%# taglib uri="/WEB-INF/struts-tiles.tld" prefix="tiles" %>
<%# page import="java.net.*, org.owasp.esapi.ESAPI, org.owasp.esapi.Validator" %>
<script type="text/javascript" language="javascript">
function validateForm()
{
var userURL = "http://www.google.com";
var isValidURL = <% ESAPI.validator().isValidInput("URLContext", userURL, "URL", 255, false); %>
if (isValidURL) {
alert("true");
} else {
alert("false");
}
}
</script>
Also note, I'd highly suggest doing the validation in the receiving controller and not in the jsp... the overhead for JSP compilation is murder without adding the overhead of parsing input. The other warning I'll give you is that if you note esapi documentation, calling isValidInput() ignores canonicalization which is absolutely critical. You'll want to use getValidInput() instead. If you feel you need to use isValidInput() then you'll want to ensure you make a manual call to canonicalize() which is a method in the Encoder class. Also, please note that this line:
var isValidURL = ESAPI.validator().isValidInput("URLContext", userURL, "URL", 255, false);
is making a critical mistake in that ESAPI is not a JavaScript library. This call should look like this:
var isValidURL = <% ESAPI.validator().isValidInput("URLContext", userURL, "URL", 255, false); %>
And in general, as stated above, you want to do this validation on the controller that will be using this jsp as input, not on the jsp itself. (Scriptlets are slow and should be avoided.)
Related
everybody!
Can't solve this problem:
org.apache.jasper.JasperException: JBWEB004062: Unable to compile class for JSP:
JBWEB004060: An error occurred at line: 14 in the jsp file: /indexJB.jsp
packt.book.jee_eclipse.ch2.bean.LoginBean
cannot be resolved to a type
11: <%if ("POST".equalsIgnoreCase(request.getMethod())&&
12:
request.getParameter("submit")!=null)
13: { %>
14: <jsp:useBean id="loginBean"
15:
class="packt.book.jee_eclipse.ch2.bean.LoginBean">
16:
<jsp:setProperty name="loginBean" property="*"/>
17: </jsp:useBean>
I use:
WildFly 23
Eclipse Version: 2021-09 (4.21.0)
What I found in Internet:
Note
See the detailed error message under More Information.
This issue occurs because JBoss EAP 6.2 server runtime is using unsupported JDK. Verify the following log statements for reference:
java.library.path = C:\Program Files\Java\jdk1.8.0_20\bin
java.runtime.name = Java(TM) SE Runtime Environment
java.runtime.version = 1.8.0_20-b26
Solution
To resolve this issue, do as follows:
Point your JBoss EAP 6.2 server to a supported JDK that is JDK 1.7.x
(best is 1.7.0_25).
Restart the application server.
But how to point???
Thanks in ADVANCE!
The whole code is here:
<%# page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W#C//DTD HTML 4.01 Transitional//EN"
"http://www.w3org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login</title>
</head>
<% String errMsg = null; %>
<%if ("POST".equalsIgnoreCase(request.getMethod())&&
request.getParameter("submit")!=null)
{ %>
<jsp:useBean id="loginBean"
class="packt.book.jee_eclipse.ch2.bean.LoginBean">
<jsp:setProperty name="loginBean" property="*"/>
</jsp:useBean>
<%
if (loginBean.isValidUser())
{ out.println("<h2>WElcome, Admin!</h2>");
out.println("You are logged in");
}
else
errMsg = "Invalid user ID or password!";
}
%>
<body>
<h2>Login:</h2>
<%if (errMsg!=null ) {%>
<span style="color: red;"><%out.print(errMsg); %> </span>
<%} %>
<form method="POST">
User Name: <input type="text" name="userName" style="color: Green; background-color: Yellow"><br>
Password: <input type="password" name="password" style="color: Yellow; background-color: Silver"><br>
<button type="submit" name="submit">SUBMIT</button>
<button type="reset">Reset</button>
</form>
</body>
</html>
The problem was solved:
Right click on project-> choose properties -> Java Build Path -> choose third marker Libraries -> put cursor on Classpath -> on right menu choose Add Class Folder -> choose folder for classes -> Apply and Close.
I also restarted Eclipse just in case.
And my JSP finally sees Java Beans!
Hope that will help=)
I am new to c9. I created a Openshift JBoss application server & imported into C9 via GitHub.
I have a simple Java class in Main\Java\initial.class.
public class initial {
public static void main(String[] args) {
String prn = disp();
System.out.println(prn);
}
public static String disp()
{
String str=" JAVARANCH ";
return str;
}
}
I have a jsp page called from index.html, I am just trying to display the variable 'prn' in the jsp page.
<HEAD>
<TITLE>JBossAS7 JSP snoop page</TITLE>
<%# page import="javax.servlet.http.HttpUtils,java.util.Enumeration" %>
<%# page import="java.lang.management.*" %>
<%# page import="java.util.*" %>
<%# page import="initial" %>
</HEAD>
<BODY>
<H1>WebApp JSP Snoop page</H1>
<img src="images/jbosscorp_logo.png">
<h2>JVM Memory Monitor</h2>
<input type="text" name="text1" size="100" value="<%=prn%>">
But, I am getting below error at the JSP page:
org.apache.jasper.JasperException: Unable to compile class for JSP:
An error occurred at line: 10 in the generated java file
The import initial cannot be resolved
An error occurred at line: 15 in the jsp file: /snoop.jsp
prn cannot be resolved to a variable
12: <img src="images/jbosscorp_logo.png">
13:
14: <h2>JVM Memory Monitor</h2>
15: <input type="text" name="text1" size="100" value="<%=prn%>">
16:
17: <table border="0" width="100%">
18:
How do I interact with a Java class from my JSP?
thanks.
EDIT due to two answers:
I think the main issue is: the class 'initial' is not being imported successfully. My call to Prn was wrong, I understand that now, but the Import itself is not working.
some suggested having the class inside a package. But Cloud9 IDE does not have an option to create a package.
org.apache.jasper.JasperException: Unable to compile class for JSP:
An error occurred at line: 10 in the generated java file
The import initial cannot be resolved
If you try this :
Java class:
public class Initial {
public static String getDisp() {
return "JAVARANCH";
}
}
JSP file :
<HEAD>
<TITLE>JBossAS7 JSP snoop page</TITLE>
<%# page import="javax.servlet.http.HttpUtils,java.util.Enumeration" %>
<%# page import="java.lang.management.*" %>
<%# page import="java.util.*" %>
<%# page import="Initial" %>
</HEAD>
<BODY>
<H1>WebApp JSP Snoop page</H1>
<img src="images/jbosscorp_logo.png">
<h2>JVM Memory Monitor</h2>
<input type="text" name="text1" size="100" value="<%=Initial.getDisp()%>">
</BODY>
You can access your class from your jsp by adding the following.
<input type="text" name="text1" size="100" value="<%= initial.disp() %>">
or by adding a jsp scriptlet prior to your input
<%
String prn = initial.disp();
%>
<input type="text" name="text1" size="100" value="<%= prn %>">
Notice I am using your method disp() not main(). Main is static void with no return.
I am trying to connect with postgre databse with jsp program using Eclipse IDE,
I am getting this error:
"java.lang.ClassNotFoundException: org.postgresql.Driver from [Module
"deployment.ValidateUser.war:main" from Service Module Loader]".
I had put the jar files required for my project even though i am getting classnotfound exception error.
<%#page import="com.uservalidation.FarwordNames"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
</head>
<body>
<%-- Imports --%>
<%# page import="java.sql.*"%>
<%# page import="java.util.*"%>
<%# page import="javax.servlet.*" %>
<%# page import="javax.servlet.http.*" %>
<%-- HTTP header --%>
<%response.addHeader("Cache-Control","no-cache");
response.addHeader("Pragma","no-cache");
response.addHeader("Expires","0");
%>
<%-- Variables that will be written --%>
<%
String fname = request.getParameter("fname");
String mname = request.getParameter("mname");
String lname = request.getParameter("lname");
String dob = request.getParameter("dob");
String addr = request.getParameter("addr");
%>
<%-- Creating new staff account - writing --%>
<%
try{
Class.forName("org.postgresql.Driver");
String conURL= "jdbc:postgresql://192.168.1.157:5432/MIPSUITE_DEV";
Connection con = DriverManager.getConnection(conURL,"mipsuitedev01","mipsuitedev01");
Statement st = con.createStatement();
//int status = st.executeUpdate("insert into users(fname,mname,lname,dob,address) values('"+fname+"',"+mname+"','"+lname+"','"+dob+"','"+addr+"')");
/* if(status>0){
out.println("Update sucessful");
}
else{
out.println("Update unsuccessful");
} */
st.close();
con.close();
}
catch(Exception e){
out.println(e);
}
%>
</body>
</html>
It seems to be fixed the problem by removing all resteasy/jaxrs/jboss libraries from the WAR file's WEB-INF/lib/.
Put postgresql driver
jar files into WEB-INF/lib folder.
I think it's should be work for you.
I define a menu in navigation.vm file which working good in liferay project.
But I want to access this menu from my portlet.
Is there any way to access menu from portlet entry point or view.jsp????
import liferay-ui taglib:
<%# taglib uri="http://liferay.com/tld/ui" prefix="liferay-ui" %>
then you can use
<liferay-ui:navigation displayStyle="from-level-0" >
</liferay-ui:navigation>
Note: setting displayStyle="from-level-0" to give you the normal behavior like on navigation.vm, you can play with attributes differently to get other behavior.
This link describes the way of getting menu items in a jsp directly.
The below code is reproduced directly from the above link with some improved formatting:
<%# taglib uri="http://liferay.com/tld/theme" prefix="liferay-theme" %>
<%# taglib uri="http://java.sun.com/portlet_2_0" prefix="portlet" %>
<%# page import="java.util.List" %>
<%# page import="java.util.ArrayList" %>
<%# page import="com.liferay.portal.model.Layout"%>
<%# page import="com.liferay.portal.kernel.util.WebKeys"%>
<%# page import="com.liferay.portal.theme.NavItem" %>
<%# page import="com.liferay.portal.theme.RequestVars" %>
<%# page import="com.liferay.portal.theme.ThemeDisplay"%>
<portlet:defineObjects />
<liferay-theme:defineObjects />
<div style="width:100%">
<%
//ThemeDisplay themeDisplay = (ThemeDisplay) request.getAttribute(WebKeys.THEME_DISPLAY);
String title = themeDisplay.getLayout().getName(themeDisplay.getLocale());
List<NavItem> navItems = new ArrayList<NavItem>();
if (layout != null) {
RequestVars requestVars = new RequestVars(request, themeDisplay, layout.getAncestorPlid(), layout.getAncestorLayoutId());
navItems = NavItem.fromLayouts(requestVars, layouts);
}
for (NavItem navItem : navItems) {
if (navItem.getName().equalsIgnoreCase(title)) {
if (navItem.hasChildren()) {
for(NavItem navChild : navItem.getChildren()) {
%>
<div style="float:left;" class="newsMenuPortlet">
<a href="<%= navChild.getURL() %>" <%=navChild.getTarget() %>>
<%= navChild.getName() %>
</a>
</div>
<%
} // inner for-loop ends here
}
}
}// outer for-loop ends here
%>
</div>
I'm using an EditorTemplate DateTime.ascx in my ASP.NET MVC 2 project.
<%# Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<DateTime>" %>
<%: Html.TextBox(String.Empty, Model.ToString("M/dd/yyyy h:mm tt")) %>
<script type="text/javascript">
$(function () {
$('#<%: ViewData.TemplateInfo.GetFullHtmlFieldId(String.Empty) %>').AnyTime_picker({
format: "%c/%d/%Y %l:%i %p"
});
});
</script>
This uses the Any+Time™ JavaScript library for jQuery by Andrew M. Andrews III.
I've added those library files (anytimec.js and anytimec.css) to the <head> section of my master page.
Rather than include these JavaScript and Cascading Style Sheet files on every page of my web site, how can I instead include the .js and .css files only on pages that need them--pages that edit a DateTime type value?
First idea that comes to mind =>
Template:
<%# Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<DateTime>" %>
<%: Html.TextBox(String.Empty, Model.ToString("M/dd/yyyy h:mm tt")) %>
<script type="text/javascript">
$(function () {
MakeSureAnyTimeIsIncluded();
$('#<%: ViewData.TemplateInfo.GetFullHtmlFieldId(String.Empty) %>').AnyTime_picker({
format: "%c/%d/%Y %l:%i %p"
});
});
</script>
masterpage or shared external JS file:
function MakeSureAnyTimeIsIncluded(){
if (!anyTimeIsIncluded)
//document.write(<script src="correct url") something like that
anyTimeIsIncluded=true;
}
In your master:
<asp:ContentPlaceHolder ID="Scripts" runat="server" />
And in the Views (aspx) that will use the EditorTemplate/plugin:
<asp:Content ID="indexScripts" ContentPlaceHolderID="Scripts" runat="server">
<script type="text/javascript" src="anytime.js"></script>
</asp:Content>