www.webdeveloper.com
Results 1 to 5 of 5

Thread: java parameters and attributes

  1. #1
    Join Date
    Mar 2004
    Posts
    32

    java parameters and attributes

    Can someone give me a quick description of the differences between a request attribute and a request parameter? I have tried to cycle through all the parameters in a request, using getParameterNames and getParameter,in the hopes that I could modify the data and set it back to the request with setAttribute. This doesn't seem to work.

  2. #2
    Join Date
    Nov 2003
    Location
    Jerryville, Tejas
    Posts
    11,715
    A "parameter" is a form field name/value pair passed from the HTML side of the world. Its value is a String.

    An "attribute" is a Java object name/value pair passed only through the internal JavaServer processes. (I.e. it can come from a JSP or servlet but not an HTML page.) Its value is an Object.

    You can't alter the request parameters, just read them. If you could there would be a setParameter() method. Parameters and attributes do not share a name space so a parameter named "foo" and an attribute keyed "foo" are distinct.

  3. #3
    Join Date
    Mar 2004
    Posts
    32
    Thanks. That was very clear. So I am hosed taking this approach. I guess I would have to interogate these fields at the screen level on a submit. I could use JavaScript to go through each and change them before sending them on. More work but is sounds doable.

    If there is a better approach please let me know (anyone).

  4. #4
    Join Date
    Nov 2003
    Location
    Jerryville, Tejas
    Posts
    11,715
    If you know your users have Javascript enabled then you could certainly massage the parameters before submitting the form. A better way might be to let the servlet create an object using the parameter values then using that object as an attribute.

  5. #5
    Join Date
    Apr 2006
    Location
    Houston
    Posts
    1,374
    I know this is a very old thread - but I was looking for something similar in order to create a generic routine to scan the values of incoming parameters and replace/encode characters normally seen as part of an SQL injection attack ( --, ', ") or a Cross site scripting attack ( <, >).

    I ran across this code from the jGuru site that looks potentially useful:
    http://jguru.com/faq/view.jsp?EID=104987
    (Code copy and pasted below)

    I plan (hopefully) to adapt the below technique to "clean" all incoming parameters values so I will not have to go though and edit 300+ exist JSP form pages individually, with all their separate parameter names, etc..

    Code:
    package com.ragingnet.util;
    
    import javax.servlet.*;
    import javax.servlet.http.*;
    import java.io.*;
    import java.util.*;
    import java.net.*;
    
    /** Called by another servlet or jsp page to pass post parameters - both from the original request,
     *  and new ones added to it - on to another page, such as a CGI script.
     *  This is probably not of any use in a pure Servlet/JSP environment, but useful for passing
     *  requests along to existing CGI scripts, etc.
     *
     *  Useage: First call the following:
     *    setUrlForward(url)   [required]
     *    setPassExistingParams(boolean)   [optional - default is TRUE]
     *    setParam(paramName, paramValue)    [multiple times if desired]
     *    setHeader(headerName, headerValue)   [multiple times if desired]
     *
     *  Then call Go(request, response)
     *
     * @author Roger Hand
     * @date  April 2, 2001
     *
     */
    public class PassPostRequestServlet extends HttpServlet {
      private String urlForward = null;
      private Vector vectParams = new Vector();
      private Vector vectHeaders = new Vector();
    
      /* by default, we pass existing params from the originating page,
      but this can be suppressed if desired. */
      private boolean passExistingParams = true;
    
      /**Initialize global variables*/
      private static final String CONTENT_TYPE = "text/html";
      private static final int ARRAY_POS_PARAMNAME = 0;
      private static final int ARRAY_POS_PARAMVALUE = 1;
      private static final int ARRAY_POS_HEADERNAME = 0;
      private static final int ARRAY_POS_HEADERVALUE = 1;
      private static final boolean debug = true;
    
      public void init(ServletConfig config) throws ServletException {
        super.init(config);
      }
    
      public void setParam(String paramName, String paramValue) {
        String[] arrayParamName_Value = {paramName, URLEncoder.encode(paramValue)};
        vectParams.add(arrayParamName_Value);
      }
    
      public void setParam(String paramName, int paramValue) {
        setParam(paramName, Integer.toString(paramValue));
      }
    
      public void setHeader(String headerName, String headerValue) {
        String[] arrayHeaderName_Value = {headerName, headerValue};
        vectHeaders.add(arrayHeaderName_Value);
      }
    
      public void Go(HttpServletRequest request, HttpServletResponse response)  throws ServletException, IOException {
        boolean debug = false;
        response.setContentType(CONTENT_TYPE);
        PrintWriter out = response.getWriter();
    
        try{
    
            /**
             * First we SEND the request to the web server
             */
    
            URL url = new URL(urlForward);
            URLConnection connection = url.openConnection();
            connection.setDoOutput(true);
    
            if (debug) System.out.println("Opened connection to " + urlForward);
    
    
            /* ADD our NEW HEADERS here */
            /* We don't pass on any existing headers
              It could be we may want to pick and choose a few to send on */
            for (int iHeader = 0;iHeader < vectHeaders.size(); iHeader++) {
              String[] arrayHeaderName_Value = (String[])vectHeaders.get(iHeader);
              connection.setRequestProperty(arrayHeaderName_Value[ARRAY_POS_HEADERNAME], arrayHeaderName_Value[ARRAY_POS_HEADERVALUE]);
              if (debug) System.out.println("Added header " + arrayHeaderName_Value[ARRAY_POS_HEADERNAME] +
                " with value " + arrayHeaderName_Value[ARRAY_POS_HEADERVALUE]);
            } //next header
    
            PrintStream outStream =
                   new PrintStream(connection.getOutputStream());
    
            /* Pass on EXISTING PARAMS here (if desired)
              These are parameters set in the original form from the browser.
              It seems we should just be able to pass them on, but I haven't found a way,
              so we've gotta recreate them here.
             */
            String paramString = "";
            if (passExistingParams) {
              Enumeration enumPNames = request.getParameterNames();
    
              while(enumPNames.hasMoreElements()) {
                String paramName = (String)enumPNames.nextElement();
    
                String[] arrayParam = request.getParameterValues(paramName);
    
                if (arrayParam != null) {
                  for(int iParam=0; iParam < arrayParam.length; iParam++) {
                    paramString += paramName + "=" + arrayParam[iParam] + "&";
                  }
                }
              }
            } //if (passExistingParams) {
    
            /* ADD our NEW PARAMS here */
            for (int iParam = 0;iParam < vectParams.size(); iParam++) {
              String[] arrayParamName_Value = (String[])vectParams.get(iParam);
              paramString += arrayParamName_Value[ARRAY_POS_PARAMNAME] + "=" + arrayParamName_Value[ARRAY_POS_PARAMVALUE] + "&";
            } //next parameter
    
            /* get rid of last '&' */
            if (paramString.endsWith("&")) {
              paramString = paramString.substring(0, paramString.length() - 1);
            }
    
            if (debug) System.out.println("paramString is " + paramString);
            //Sending parameter to URL/CGI
            outStream.println(paramString);
    
            outStream.flush();
            outStream.close();
    
            /**
             * Now we RECEIVE response from web server and pass it back to browser client
             */
    
            String inputLine;
    
       BufferedReader inStream =
          new BufferedReader(
          new InputStreamReader(connection.getInputStream()));
    
              /* this was in example, but is deprecated usage */
             //inStream = new DataInputStream(connection.getInputStream());
             while (null != (inputLine = inStream.readLine())) {
                    out.println(inputLine);
             }
             inStream.close();
        } catch (MalformedURLException me) {
            System.err.println("MalformedURLException: " + me);
        } catch (IOException ioe) {
            System.err.println("IOException: " + ioe);
        }
        vectParams.clear();
    
      }
    
      /**Clean up resources*/
      public void destroy() {
      }
      public void setUrlForward(String newUrlForward) {
        urlForward = newUrlForward;
      }
      public void setPassExistingParams(boolean newPassExistingParams) {
        passExistingParams = newPassExistingParams;
      }
    }

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles