How to implement Post Redirect Get with JSP files, where to keep the data?

StackOverflow https://stackoverflow.com/questions/19914011

Question

I want to make a simple post - redirect - get using JSP's. This is how I have done it. The important Servlet is this:

public class PostRedirectGet extends HttpServlet {

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse)
            throws ServletException, IOException {

        getServletContext().getRequestDispatcher("/WEB-INF/getInformation.jsp")
                .forward(httpServletRequest,httpServletResponse);

    }

    public void doPost(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse)
            throws IOException {
        String firstName = httpServletRequest.getParameter("firstName");
        HttpSession httpSession = httpServletRequest.getSession();
        httpSession.setAttribute("firstName",firstName);
        httpServletResponse.sendRedirect(getServletContext().getContextPath()+"/getFormData");
    }
}

So when a get request is made to this Servlet ( /index ) , I only show getInformation.jsp where a form lies.

The form makes a post request to the same url ( /index ), this time doPost is invoked. Here I keep the firstName as seen in:

String firstName = httpServletRequest.getParameter("firstName");

And then I redirect the user to /getFormData. Here is the responsible servlet: 

public class Get extends HttpServlet {

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse)
            throws ServletException, IOException {

        String firstName = (String) httpServletRequest.getSession().getAttribute("firstName");
        httpServletRequest.setAttribute("firstName",firstName);
        getServletContext().getRequestDispatcher("/WEB-INF/showInformation.jsp")
                .forward(httpServletRequest, httpServletResponse);

    }
}

So here I get the variable from 

String firstName = (String) httpServletRequest.getSession().getAttribute("firstName");

My first question is: 1) This way firstName will be available during all the session, but I do not want this. How should I pass the information between 2 servlets then? Or how should I clear this value?

Then I forward the request to showInformation.jsp which looks like: 

    Hello, your first name is: <%= request.getAttribute("firstName") %>

My second question is: 2) Why is there no ";" after request.getAttribute("firstName) in here? It works fine like this but I would expect that a semi-colon (";") would be needed.

If I put a semi-colon I get this exception on my jsp file: 

 Syntax error on token ";", delete this token
Was it helpful?

Solution

Regarding your first question: you should not use the session to store temporary data like this.

Let's take a more realistic example. The form is used to create a product. The POST request contains all the information of the product. So the servlet gets this information from the request parameters, creates a row in the product table of the database and generates an identifier (primary key) for this created product. And now the servlet should redirect to the page displaying the created product information. So it should redirect to this kind of URL:

/product?id=<theGeneratedProductId>

or 

/products/<theGeneratedProductId>

The second servlet will then get the ID of the product from the request parameters or from the request URL, get the product information from the database, store a Product object in a request attribute, and forward to the JSP displaying this product.

Regarding your second question:

<%= request.getAttribute("firstName") %>

is translated by the JSP compiler to the following Java instruction (this is not entirely correct, but you should get the idea):

response.getWriter().print(request.getAttribute("firstName"));

So you understand that adding a semicolon would translate to

response.getWriter().print(request.getAttribute("firstName"););

which would be invalid Java code.

You should NOT use scriptlets in your JSPs anyway. So try to forget that scriptlets exist, and learn the JSP EL, the JSTL, and other custom tag libraries. You should instead write:

${firstName}

or, even better:

<c:out value="${firstName}"/>

which would make sure your HTML stays valid even if the firstName happens to contains characters that must be HTML-escaped, like <, >, &, ' or ".

Think about what would happen if a user submitted the following firstName, and if it was not escaped properly:

<script>alert('Got you!');</script>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top