1. I used java.sql.Statement instead of PreparedStatement in preparing the query.
Since it is inside the backend that shouldn't harm any security principle, I hope.
2. Later on, i figured the reason for the problem -
I was closing the ResultSet in the finally block of Stored Procedure - out of habit
I commented that and only closed the Statement and Connection.
3. I was adding a ',' in the end and forgetting to remove it from the query.
Well I removed that.
4. Also I was calling and executeQuery() instead of execute() for calling the Stored Procedure
So, i replaced that too..
java sptest.StudentStoredProcTest
Connection established successfully!
SQL Error:The exception 'java.lang.NullPointerException' was thrown while evaluating an expression.
java.sql.SQLException: The exception 'java.lang.NullPointerException' was thrown while evaluating an expression.
at org.apache.derby.impl.jdbc.SQLExceptionFactory40.getSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.Util.seeNextException(Unknown Source)
at org.apache.derby.impl.jdbc.TransactionResourceImpl.wrapInSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.TransactionResourceImpl.handleException(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedConnection.handleException(Unknown Source)
at org.apache.derby.impl.jdbc.ConnectionChild.handleException(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedStatement.executeStatement(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedPreparedStatement.executeStatement(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedCallableStatement.executeStatement(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedPreparedStatement.executeQuery(Unknown Source)
at sptest.StudentStoredProcTest.testIt(StudentStoredProcTest.java:22)
at sptest.StudentStoredProcTest.main(StudentStoredProcTest.java:58)
Caused by: java.sql.SQLException: The exception 'java.lang.NullPointerException' was thrown while evaluating an expression.
at org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.SQLExceptionFactory40.wrapArgsForTransportAcrossDRDA(Unknown Source)
... 13 more
Caused by: java.sql.SQLException: Java exception: ': java.lang.NullPointerException'.
at org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.SQLExceptionFactory40.wrapArgsForTransportAcrossDRDA(Unknown Source)
at org.apache.derby.impl.jdbc.SQLExceptionFactory40.getSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.Util.javaException(Unknown Source)
at org.apache.derby.impl.jdbc.TransactionResourceImpl.wrapInSQLException(Unknown Source)
... 10 more
Caused by: java.lang.NullPointerException
at derby.pagesortex.StudentStoredProcs.pageStudents(StudentStoredProcs.java:32)
at org.apache.derby.exe.acf81e0010x0142xc795x43dex00000167f4380.g0(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.derby.impl.services.reflect.ReflectMethod.invoke(Unknown Source)
at org.apache.derby.impl.sql.execute.CallStatementResultSet.open(Unknown Source)
at org.apache.derby.impl.sql.GenericPreparedStatement.executeStmt(Unknown Source)
at org.apache.derby.impl.sql.GenericPreparedStatement.execute(Unknown Source)
... 6 more
Pat Farrell wrote:As others have said, just use HTTPS, that's what it was designed for. Its been used in production for well over a decade. Its a solved problem.
Now, if you want to increase system security and reliability, do not ever trust anything coming from the browser.
Ravi Sree wrote:
index.jsp
ajax.js
/src
|
com/ajax/HelloWorld.java
/WEB-INF
|
web.xml
/lib
/classes
|
com/ajax/HelloWorld.class
Line : 10
Char : 1
Error: Object expected
Code : 0
URL: http://localhost:8080/AjaxHW/
Bear Bibeault wrote:You can encrypt values in the URL but not the complete URL. The context path and servlet path must be in clear text. No security issues are introduced by having these paths in clear text.
Madhan Sundararajan Devaki wrote:In my opinion, instead of writing your own Framework (unless you are a Framework developer) you may use the popular frameworks such as Struts2 or Spring etc... to solve your business problems at the earliest. The popular frameworks also offer security and performance.
./user/Home
to handle the request.com.abc.user.Home