I realize that when you submit the form in a jsp, in the mapped servlet you can get the desired data, set it in the proper scope(say request) and forward it to jsp like this:
request.setAttribute("myList", myList); // Store list in request scope.
request.getRequestDispatcher("/index.jsp").forward(request, response);
However am wondering for pages which doesn't have a form or in other words we want to display data as soon as page loads, how can we efficiently load the data without using scriptlets like
<%= myBean.populateData("String Argument_1")%>
Would highly appreciate if anyone can provide any recommendations around the same.
The fact that the request comes from a form or not doesn't change anything. The servlet receives a request, and then can do some processing and forward to a JSP:
servlet gets request parameters
servlets uses those parameters to get requested data from a database, and populate some beans with said data. It may also build some beans from scratch, to display a form with default values
servlet puts those beans in request attributes
servlet forwards to a JSP
JSP avoids using scriptlets and rather uses JSP EL, the JSTL and custom tags to display the information stored in the beans in request scope
I think using EL in combination with JSTL can help you in the most common situations. If this is not enough you can write EL functions or your own custom tags.
Related
Is there a way to construct the client context in AEM by using values passed by an external website? The external website sends the user information such as IP address, page data, geolocation, etc. I want to construct the ClientContext JSON without using CQ_Analytics.ClientContextMgr.init, as the information is from an external system.
For eg: We know the location of a visitor to our website. We want to pass this value to AEM and set the client context so that we can get the targeted content for this location.
Our end goal is to get something like this (but we are trying to achieve this without constructing the JSON by ourselves):
CQ_Analytics.ClientContextMgr.clientcontext = JSON.parse('{"profile":{"country":"US"}}');
Is there any Javascript APIs provided by AEM to construct the JSON?
You need to extend the client context using AEM documentation provided at:
Creating a Custom Context Store Component
Follow the instructions till the Initialization part where you will need to populate the data in the jsp file for your extension.
So in your case it would be something this:
if(!locstore){
locstore = CQ_Analytics.JSONPStore.registerNewInstance("<%= store %>",
"<%= jsonpurl %>",{});
}
Where jsonpurl will be the location of your service that provides the external data in json(p) format. This will initialise your store with the values you want and you won't need to worry about the manual json handcrafting.
Client context is constructed on client side using the JS library in AEM. You will need some binding parameters to connect your external data source to the current client context.
The detailed tutorial can be found here.
My Problem: I want to introduce a new field in JIRA with status information from external REST Service (response is json).
Plan: Every Jira issue has a input field with some reference string. Behind this field there should be a panel, what should display informations from the external REST call (parsing response JSON is required).
Can someone give me some good info pages, how to tell JIRA to call external REST Service?
If you don't want to build it see:
nFeed
HTTP Feed Custom Field
If you want to build it yourself then start by following this tutorial on Creating a custom field type which is to more or less store a basic String within the database. (This would be the reference string)
You then have two options, the first is within the JiraCustomField class override the getVelocityParameters which was taken from How to call a java method from velocity Atlassian Answers question.
Then create a method (fetchValueFromWebService(String val)) that you would call that would contain code to query the REST Service based off the fields value that would be passed in from the velocity template. (E.g. $instance.fetchValueFromWebService($value))
To perform the actual web service call you can use any library you want, just see the Managing Dependencies documentation so it gets included in the plugin. (For example using the Jira Jersey version see this)
Your other option would be to within the view-basictext.vm have it use javascript and perform an AJAX to the web service by calling a function in your own JS file and dump that into a span that you have defined: (See Including Javascript and CSS resources)
<span id="webServiceValue"></span>
<script type="text/javascript">
fetchValueFromWebService($value);
</script>
You would however need to ensure that the webservice has Cross-origin resource sharing (CORS) enabled if you go the AJAX route.
Can someone explain the difference between this two frontends
Zend_Cache_Frontend_Capture and Zend_Cache_Frontend_Page?
the Capture is the default one for page caching ... the weird thing is, it makes the id with get variables, but there is no options to set make_id_with_get_variables like its the case in
Page frontend....
can someone explain this ?
Here is my effort to explain the differences between the two.
To start out, let's look at Zend_Cache_Frontend_Capture. The reference states that this class is designed to work only with Zend_Cache_Backend_Static.
You would use Zend_Cache_Frontend_Capture to cache entire pages that have no relation to the user accessing the site. You use this frontend when you have static data (that could change from time to time) that has no relation to the current user, that is, it is the same for all users (like an RSS feed or dynamically created JavaScript file for example.
Looking further into the Zend_Cache_Backend_Static, you will see that this backend is a bit special. It requires rules in your .htaccess file to assist with serving the cache. Once you have cached something with Frontend_Capture/Backend_Static, PHP and Zend Framework are NOT used in order to serve the cached data. Apache sees that the cache file exists based on your .htaccess and serves the content directly to the user without invoking PHP.
Zend_Cache_Frontend_Page on the otherhand works differently. With it, you can cache content not only based on the request URI, but also based on information in a cookie, session, GET, or POST parameters. By default, caching based on cookie, session, get, and post is disabled, so for this to have any effect on a user logged into your site, you have to tell the cache if there are any pages you want to cache based on that information.
Once I create a cache and tell it I want to cache based on cookie and session, I can now cache a dynamically generated page that is specific to one user. So if person A accesses /accounts/, the page can be cached for that specific user containing the list of their accounts that was pulled from the database. Now when person B accesses /accounts/, they do not see the cache for person A, so the page is now cached separately for them with each respective user's information in their own cache.
In summation:
Use the Capture frontend when you have data you can cache that is the same for ALL users. This will be a higher performance cache since PHP and ZF is not needed once the page is cached. The downside is having to add caching rules to .htaccess
Use the Page frontend if you want to cache pages with dynamic output based not only on request URI, but the cookies, session data, or get/post parameters.
Hope that is clear and helps you understand the differences.
EDIT:
I believe I see what the problem is, not sure if this is classified as a bug or not though.
Zend_Controller_Action_Helper_Cache::preDispatch() generates the cache ID based on the request URI (which includes the query string). Since the jQuery ticker appends a query string to the URL, you are caching one copy of the feed for each request URI. (Look for $reqUri in the aforementioned class method).
I see a couple of options: 1) See if you can get the ticker to not append the query string (at least for that specific URL) or 2) Manually start the Capture cache and pass your own ID, rather than letting the cache helper generated it based on the request URI.
I am trying to figure out how to handle this error.
A potentially dangerous Request.Form value was detected from the client
The error occurs when a user enters in html or xml tags( <p> or <HeyImXML>) and tries to submit a form. The input is not supposed to contain any sort of markup at all, just plain text.
I am using model binding validation in ASP.NET MVC 2.0 along with Html.EnableClientValidation. This works fine as long as there is no markup entered.
What is the best approach on how to avoid this error message?
My guess is to write a new validation class which checks for this kind of markup?
I want to catch the error in this specific instance. To clarify there is an area with a form for siteadmins that can enter markup and there is a normal users area where they can not enter markup. However this error page appears when a normal users enters markup. My question is, how do I handle this to prevent the site from crashing and showing the error page. I want to display a cleaner error.
MVC will automatically protect your application from some html injection and cross-site scripting (XSS) attacks. This is why you will get the "A potentially dangerous Request.Form value was detected from the client (...)" by default when attempting to post html/javascript.
However, we may sometimes want to allow our users to post html. You might just want to allow users to use characters such as "›", or it might be because your implementing blog functionality and want to support tags like ‹h1›, ‹div›, etc. This can easily be accomplished with MVC by disabling request validation.
Add [ValidateInput(false)] attribute to the action method in the controller you are calling. This will disable request validation for the entire model on the specific action.
Another way is to add the [AllowHtml] attribute to the property which requires html in your model.
These two attributes will only allow html/javascript to GET IN to your application, but MVC will still output them safely by using html encoding. If you want to output it like html, you can use the #Html.Raw(#Model.Content). But use this with caution, since this will open your application to cross-site scripting attacks (XSS)!
i found this solution from some one's blog
also see below code for your solution
you can handle errors within your application in the following way
1. Setting the CustomErros mode section in your Web.Config file of your application
This the lists of options the mode attribute can accept.
RemoteOnly: Generic error pages are shown for remote users. Rich error pages are shown for local requests (requests that are made from the current computer). This is the default setting.
Off: Rich error pages are shown for all users, regardless of the source of the request. This setting is helpful in many development scenarios but should not be used in a deployed application.
On: Generic error pages are shown for all users, regardless of the source of the request. This is the most secure option.
<System.Web>
//map all the erros presented in the application to the error.aspx webpage
<customErrors mode="RemoteOnly" defaultRedirect ="~/error.aspx" />
<System.Web>
2. throught Global.asax file in the Application_Error function
//handle all the errors presented in the application
void Application_Error(object sender, EventArgs e){
Server.Tranfer("error.aspx");
}
I hope this works for you.
from stackoverflow solution
This was introduced early on in ASP.Net to try to help prevent script injection attacks. It isn't unique to MVC.
If you don't want this feature, you can turn it off and write your own.
To disable request validation on a page, set the validateRequest attribute of the Page directive to false:
<%# Page validateRequest="false" %>
To disable request validation for your application, modify Web.config - set the validateRequest attribute of the <pages /> section to false:
<configuration>
<system.web>
<pages validateRequest="false" />
</system.web>
</configuration>
I'm trying to use external paging in a JSR-286 portlet with DisplayTag 1.2.
I would like DisplayTag to generate the paging links from a parameterized Action URL that i have defined, but i can't seem to make that work.
Here is the code in my JSP:
<portlet:actionURL var=actionUrl >
<portlet:param name="someParam" value="someValue" >
</portlet:actionURL >
<display-el:table id="personsTable"
name="${portletSessionScope.persons}"
requestURI="${actionUrl}"
partialList="true"
size="${portletSessionScope.total}"
pagesize="${portletSessionScope.pageSize}" >
<display-el:column property="firstName"/ >
</display-el:table >
With the above code, it looks like Display-tag ignores the provided ${actionUrl} and generates a default Render URL. The generated links work fine (i can move through pages), but since my portlet requires an Action request to fetch other pages of data, the list in the session is never updated and the table always contains the same data, regardless of which page i select.
Is there a way i might make that work? Does DisplayTag support what i'm trying to do?
Thanks in advance for your help!
Create a form in your JSP and pass the form name to the displaytag:table as form attribute value. This will invoke the action URL that you have specified.