By design, getRequestURL() gives you the full URL, missing only the query string. In HttpServletRequest, you can get individual parts of the URI using the methods below: // Example: http://myhost:8080/people?lastname=Fox&age=30 String uri = request.getScheme() + “://” + // “http” + “:// request.getServerName() + // “myhost” “:” + // “:” request.getServerPort() + // “8080” request.getRequestURI() + … Read more
XSS can be prevented in JSP by using JSTL <c:out> tag or fn:escapeXml() EL function when (re)displaying user-controlled input. This includes request parameters, headers, cookies, URL, body, etc. Anything which you extract from the request object. Also the user-controlled input from previous requests which is stored in a database needs to be escaped during redisplaying. … Read more
Servlet Filter is used for monitoring request and response from client to the servlet, or to modify the request and response, or to audit and log. Servlet Listener is used for listening to events in a web containers, such as when you create a session, or place an attribute in an session or if you … Read more
When the Servlet container starts, it: reads web.xml; finds the declared Servlets in the classpath; and loads and instantiates each Servlet only once. Roughly, like this: String urlPattern = parseWebXmlAndRetrieveServletUrlPattern(); String servletClass = parseWebXmlAndRetrieveServletClass(); HttpServlet servlet = (HttpServlet) Class.forName(servletClass).newInstance(); servlet.init(); servlets.put(urlPattern, servlet); // Similar to a map interface. Those Servlets are stored in memory and … Read more
All relative URLs in the HTML page generated by the JSP file are relative to the current request URL (the URL as you see in the browser address bar) and not to the location of the JSP file in the server side as you seem to expect. It’s namely the webbrowser who has to download … Read more
If an URL pattern starts with /, then it’s relative to the context root. The /Admin/* URL pattern would only match pages on http://localhost:8080/EMS2/Admin/* (assuming that /EMS2 is the context path), but you have them actually on http://localhost:8080/EMS2/faces/Html/Admin/*, so your URL pattern never matches. You need to prefix your URL patterns with /faces/Html as well … Read more
You can use request.getQueryString(),if the query string is like username=james&password=pwd To get name you can do this request.getParameter(“username”);
Simple code to implement ReCaptcha v3 The basic JS code <script src=”https://www.google.com/recaptcha/api.js?render=your reCAPTCHA site key here”></script> <script> grecaptcha.ready(function() { // do request for recaptcha token // response is promise with passed token grecaptcha.execute(‘your reCAPTCHA site key here’, {action:’validate_captcha’}) .then(function(token) { // add token value to form document.getElementById(‘g-recaptcha-response’).value = token; }); }); </script> The basic HTML … Read more
<init-param> and <context-param> are static parameters which are stored in web.xml file. If you have any data which doesn’t change frequently you can store it in one of them. If you want to store particular data which is confined to a particular servlet scope, then you can use <init-param> .Anything you declare inside <init-param> is … Read more
UPDATE Just as an update and to be more explicit, these are the main differences between servlets 2.5 and 3 (I’m not trying to be exhaustive, I’m just mentioning the most interesting parts): Annotations to declare servlets, filters and listeners (ease of development) In servlets 2.5, to declare a servlet with one init parameter you … Read more