Results 1 to 2 of 2
  1. #1
    Join Date
    Aug 2003
    Location
    MN
    Posts
    5

    Unanswered: JSP and Servlets

    I am new to the Java environment and had a question(s) about JSP and Servlets.

    It is my understanding that Servlets existed before JSP. Once JSP hit the scene, everything done in Servlets could be replicated in JSP (and then some).

    Is it 'normal' practice to have the two interact with each other, or would you normally choose one over the other but not both?

    The reason I ask is becuase even though you are able to replicatie Servlet capabilities in JSP, if you use JDBC (for example) on your pages, you are in essence giving your web server permissions to sensitive areas . This is a security risk.

    When you put your JDBC logic in a Servlet, you know where that servlet lives and that it's protected. In essence, the security risk is greatly reduced.

    Unless my logic is foolish, how then do you do you facilitate the communication between JSP and Servlet?

    Is it as easy as having the form action point to the servlet (<url-mapping>) and then having the servlet redirect based on the data submitted?

  2. #2
    Join Date
    Jun 2003
    Location
    Toronto, Canada
    Posts
    5,516
    Provided Answers: 1

    Re: JSP and Servlets

    Originally posted by c_monty
    I am new to the Java environment and had a question(s) about JSP and Servlets.

    It is my understanding that Servlets existed before JSP. Once JSP hit the scene, everything done in Servlets could be replicated in JSP (and then some).

    Is it 'normal' practice to have the two interact with each other, or would you normally choose one over the other but not both?

    The reason I ask is becuase even though you are able to replicatie Servlet capabilities in JSP, if you use JDBC (for example) on your pages, you are in essence giving your web server permissions to sensitive areas . This is a security risk.

    When you put your JDBC logic in a Servlet, you know where that servlet lives and that it's protected. In essence, the security risk is greatly reduced.

    Unless my logic is foolish, how then do you do you facilitate the communication between JSP and Servlet?

    Is it as easy as having the form action point to the servlet (<url-mapping>) and then having the servlet redirect based on the data submitted?
    JSPs are servlets: when you call a JSP the app. server generates a servlet source code (you can look at it in the server's temporary directory) and compiles it. Knowing this, you will see that there's no difference between the two from the security point of view (unless you make JSP source code available to users; but then againg, this could happen to the servlet source code too).

    Interaction between servlets (including JSPs) is done by HTTP request redirection or forwarding, or, as with any Java class, by calling other class' methods.
    ---
    "It does not work" is not a valid problem statement.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •