JSP or Java Server Pages is a Java technology that allows you to create dynamic web pages for Java applications. In this article we will talk in more detail about what JSP is, discuss some of the capabilities of this technology, look at the structure of JSP pages, and also try to take a practical look at what these Java Server Pages are. But first, let's talk about the benefits and importance of JSP. JSP allows the developer to:
Let's take a look at how you can access hidden objects in JSP, including URL parameters. To do this, launch Tomcat and open the browser on the page http://localhost:8080/ Then go to the Examples page: Then follow the link JSP Examples: On the examples page follow the link Implicit Objects -> Execute: On this page you can see an example of use hidden objects. Below is a screenshot of the page with detailed explanations: Try changing the value of the parameter
- receive data from a web page into Java code;
- send data from Java code to a web page;
- write Java code directly inside html (however, you should not abuse this).
- JSP is one of the main Java web technologies;
- JSP is widely used in most companies and projects;
- JSP integrates seamlessly with Java servlets inside a servlet container.
JSP Definition
Here's a definition from Wikipedia: JSP (JavaServer Pages) is a technology that allows web developers to create content that has both static and dynamic components. A JSP page contains two types of text: static source data, which can be in one of the text formats HTML, SVG, WML, or XML, and JSP elements, which construct dynamic content. In addition, JSP tag libraries can be used, as well as Expression Language (EL) to embed Java code into the static content of JSP pages. The JSP page code is translated into servlet Java code using the Jasper JSP page compiler, and then compiled into Java Virtual Machine (JVM) bytecode. Servlet containers capable of executing JSP pages are written in the platform-independent Java language. JSP technology is a platform-independent, portable and easily extensible technology for developing web applications.JSP page structure
In general, JSP refers to dynamic web pages in which the dynamic part is generated using Java, and the static part is generated using markup languages, most often HTML. Such a page is a text document with the .jsp extension, written in one of the markup languages (such as HTML, SVG, WML and XML), interspersed with JSP elements (or JSP tags). These tags contain calls to the server code (data) and also perform some calculations. These files are processed on the server, as a result of which all JSP tags are converted into html tags, and the output is a regular html page. The diagram below shows a diagram of the structure of a JSP page and its interaction with the server. An example of a simple JSP page:<html>
<body>
<p> ${2 + 2} равно 4 </p>
</body>
</html>
In this example, a JSP expression written in a special language, Expression Language (EL), is “embedded” inside the html code . It provides an important mechanism for interaction between the presentation layer (web pages) and the application business logic layer (Java code). As you can see from the example, the JSP expression is enclosed in curly braces, with a leading dollar sign - ${...}
. Everything that is inside the curly braces is evaluated on the server, and the result of this expression is given in html, in the place where the JSP expression was originally defined. After processing all the tags, the page will look like this:
<html>
<body>
<p> 4 равно 4 </p>
</body>
</html>
Installing and running the servlet container
Since the JSP code is translated into Java servlet code, we need to get some kind of servlet container somewhere so that we can talk about how the JSP works. Otherwise, without a container, JSP will not work. But first, let's look at the definition of a servlet container. A servlet container is a program that is a server that provides system support for servlets and ensures their life cycle in accordance with the rules defined in the specifications. It can work as a full-fledged independent web server, be a page provider for another web server, or integrate into a Java EE application server. One of the most popular servlet containers is Apache Tomcat. It is worth mentioning that Tomcat is not a full-fledged Java EE application server. However, for the vital needs of servlets and JSP pages, the Tomcat server is more than enough. Let's start the installation. You can download Tomcat from the official page . For Windows OS you can install Tomcat as follows:-
Download 32-bit/64-bit Windows Service Installer.
-
Let's run the file.
-
Next, follow the usual installation procedure:
-
Don’t forget to check the Examples checkbox on the corresponding installer window:
-
and specify the path to the preinstalled JRE:
-
-
After installation, launch Tomcat and open the browser. Go to http://localhost:8080/ .
Demo applications. Hidden objects
Let's look at some JSP features in action. One of them is access to so-called hidden objects ( Implicit Objects ). These are objects that can be accessed using the Expression Language (EL). Examples of such objects are HTTP headers or URL parameters. Let's reveal (or refresh our memory) what URL parameters are. The example below shows a URL with parameters. Parameters are in bold: http://example.net/foo/bar ?param1=value1¶m2=value2&a=1&name=Tom Parameters always begin with a question mark (?). This is followed by the name of the parameter, followed by the equal sign - the value of the parameter is determined. There can be several or one parameters. If there is more than one, each name-value pair is separated by an ampersand character (&). In the example above, several parameters and their values were defined:Parameter name | Parameter value | |
---|---|---|
param1 | value1 | |
param2 | value2 | |
a | 1 | |
name | Tom |
foo
using the corresponding field on the page, then notice that the value of this parameter has also changed in the address bar. The presented page does not have much functionality, but it is a good reference that you can refer to in the future when you need to access a particular hidden object. This page contains a list of hidden objects that can be accessed. And below, in the table, it is demonstrated how you can access a particular object.
JSP functions
Now let's go back to the previous page and take a look at the source code of the “hidden objects” page: Here it is:<%@page contentType="text/html; charset=UTF-8" %>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<html>
<head>
<title>JSP 2.0 Expression Language - Implicit Objects</title>
</head>
<body>
<h1>JSP 2.0 Expression Language - Implicit Objects</h1>
<hr>
This example illustrates some of the implicit objects available
in the Expression Language. The following implicit objects are
available (not all illustrated here):
<ul>
<li>pageContext - the PageContext object</li>
<li>pageScope - a Map that maps page-scoped attribute names to
their values</li>
<li>requestScope - a Map that maps request-scoped attribute names
to their values</li>
<li>sessionScope - a Map that maps session-scoped attribute names
to their values</li>
<li>applicationScope - a Map that maps application-scoped attribute
names to their values</li>
<li>param - a Map that maps parameter names to a single String
parameter value</li>
<li>paramValues - a Map that maps parameter names to a String[] of
all values for that parameter</li>
<li>header - a Map that maps header names to a single String
header value</li>
<li>headerValues - a Map that maps header names to a String[] of
all values for that header</li>
<li>initParam - a Map that maps context initialization parameter
names to their String parameter value</li>
<li>cookie - a Map that maps cookie names to a single Cookie object.</li>
</ul>
<blockquote>
<u><b>Change Parameter</b></u>
<form action="implicit-objects.jsp" method="GET">
foo = <input type="text" name="foo" value="${fn:escapeXml(param["foo"])}">
<input type="submit">
</form>
<br>
<code>
<table border="1">
<thead>
<td><b>EL Expression</b></td>
<td><b>Result</b></td>
</thead>
<tr>
<td>\${param.foo}</td>
<td>${fn:escapeXml(param["foo"])} </td>
</tr>
<tr>
<td>\${param["foo"]}</td>
<td>${fn:escapeXml(param["foo"])} </td>
</tr>
<tr>
<td>\${header["host"]}</td>
<td>${fn:escapeXml(header["host"])} </td>
</tr>
<tr>
<td>\${header["accept"]}</td>
<td>${fn:escapeXml(header["accept"])} </td>
</tr>
<tr>
<td>\${header["user-agent"]}</td>
<td>${fn:escapeXml(header["user-agent"])} </td>
</tr>
</table>
</code>
</blockquote>
</body>
</html>
If you are familiar with HTML, the source code of the page should be quite clear to you. Pay attention to these lines:
<tr>
<td>${param.foo}</td>
<td>${fn:escapeXml(param["foo"])} </td>
</tr>
Here we see html tags <tr>
and <td>
. The tags are followed by <td>
JSP tags, wrapped in curly braces ${ }
. However, notice how the value of the URL parameter is output foo
:
${fn:escapeXml(param["foo"])}
The value is output through the use of a JSP function fn:escapeXml()
. JSP functions encapsulate some functionality that can be reused. In this case, it's XML escaping. JSP technology provides a wide range of functions to choose from, as well as the ability to create your own functions. To use a function in a JSP, you must import the appropriate library in which the function is defined into the JSP file.
Tag libraries
Let's take a look at another line of source code (second line) above:<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
This is how tag libraries are imported. The syntax is intuitive. We define several things:
taglib
(tag library - tag library);url
, where this library is located;- a prefix (in this case
fn
) through which it will be possible to call functions defined in this library.
<%@ taglib uri = "http://java.sun.com/jsp/jstl/core" prefix = "c" %>
As with fn
, the notation c
is optional and generally accepted. This designation can be found almost everywhere where these libraries are used. Here is an example of a function from the core library:
<c:out value = "${'<div>'}"/>
This function will simply output the tag <div>
. This function already does XML escaping. This function is important from a security point of view, because by outputting the value of variables directly, through ${variable}
, we open the door to script injection.
JSP Editing
Now, armed with new knowledge, let's try to make changes to the demo application inside Tomcat. To do this, we will find the source code of this page inside the folder in which this servlet container was installed. This file can be found at the following address: ...\Apache Software Foundation\Tomcat 9.0\webapps\examples\jsp\jsp2\el Then open the file implicit-objects.jsp in any text editor Add the import of the core library, and then use it Let's output some text: Now let's refresh the hidden objects page and take a look at the changes made:Results
So, we have superficially examined such technology as JSP. We discussed:- what is JSP;
- JSP page structure;
- procedure for installing and running the Tomcat servlet container;
- demo application for accessing hidden objects, which is included in the Tomcat server distribution package;
- JSP functions and tag libraries.
What's next?
To secure the material you can:- Repeat everything described in this article.
- Consider other demo applications included with the Tomcat server.
- Write your own application and deploy it to a servlet container. As a guide, you can use the article Creating a simple web project in IntelliJ Idea Enterprise. Step by step, with pictures.
GO TO FULL VERSION