This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes JSP and the fly likes problem passing param in included page when using filter Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "problem passing param in included page when using filter" Watch "problem passing param in included page when using filter" New topic
Author

problem passing param in included page when using filter

Gaurav tyagigaurav
Greenhorn

Joined: Jul 30, 2008
Posts: 15
Hi

I have a JSP (ABC.jsp) and a filter that is setup to include this jsp. I have another jsp that is included in ABC.jsp (XYZ.jsp) as:

<jsp:include page="XYZ.jsp">
<jsp:param name="tNumber" value="1" />
</jsp:include>

But in ABC.jsp the value of the param(tNumber) is coming as NULL. If i remove the filter on ABC.jsp then everything works fine. My understanding was, correct me if i am wrong, that the filters do not apply to the included pages anyways.

Any help would be really appreciated.

Cheers
Tyagi
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60806
    
  65

Filters shouldn't affect the parameters in any case.

I think you'll need to show us more of your setup and what the filter is doing.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Gaurav tyagigaurav
Greenhorn

Joined: Jul 30, 2008
Posts: 15
Hi

Thanks for the reply I am using OWASP Stinger filter for input validation. Excerpt from my web.xml and stinger.xml:
web.xml:
<filter>
<filter-name>StingerFilter</filter-name>
<filter-class>org.owasp.stinger.StingerFilter</filter-class>
<init-param>
<param-name>config</param-name>
<param-value>stinger.xml</param-value>
</init-param>
<init-param>
<param-name>error-page</param-name>
<param-value>/Error.html</param-value>
</init-param>
<init-param>
<param-name>reload</param-name>
<param-value>true</param-value>
</init-param>
</filter>

and

<filter-mapping>
<filter-name>StingerFilter</filter-name>
<url-pattern>/ABC.jsp</url-pattern>
</filter-mapping>

Ruleset from stinger.xml:

<ruleset>
<name>ABC</name>
<path>/ABC.jsp</path>

<rule>
<name>load</name>
<regex>safetext</regex>

<missing>
<severity>continue</severity>
</missing>
<malformed>
<severity>continue</severity>
<action class="org.owasp.stinger.actions.Encode" />
</malformed>
</rule>
</ruleset>

Hope this helps. Please let me know if you need any other info.

Cheers
Tyagi
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60806
    
  65

Hmmm. Perhaps the filter (which you did not write, I take it), is reading the input stream before the servlet container can do so. In which case, you will not be able to obtain the parameters via getParameter.

This is not an approach I would personally take.

In any case, you'll probably need to talk to the writers of the filter or get the source code to figure out what it's doing.
Gaurav tyagigaurav
Greenhorn

Joined: Jul 30, 2008
Posts: 15
Hi

Thanks for the reply. On your suggestion i mailed the Stinger author about this issues and this is the reply i got:

The filters apply to every http request, whether they are fielded by an included jsp or a main jsp. It doesn’t look to me like you have defined a rule for your parameter named “tNumber” – you need to tell Stinger what the format of that variable should be. If it’s just a single digit number then the regex would be something like \d or [0-9]. Good luck.

I tried doing this but still getting same errors. This is what i did:

1. Web.xml:

<filter-mapping>
<url-pattern>/ABC.jsp</url-pattern>
<url-pattern>/XYZ.jsp</url-pattern>
.....

stinger.xml:
<ruleset>
<name>ABC</name>
<path>/ABC.jsp</path>

<rule>
<name>load</name>
<regex>safetext</regex>
<missing>
<severity>continue</severity>
</missing>
<malformed>
<severity>continue</severity>
<action class="org.owasp.stinger.actions.Encode" />
</malformed>
</rule>

</ruleset>

<ruleset>
<name>XYZ</name>
<path>/XYZ.jsp</path>
<rule>
<name>tNumber</name>
<regex>safetext1</regex>
<missing>
<severity>continue</severity>
</missing>
<malformed>
<severity>continue</severity>
<action class="org.owasp.stinger.actions.Encode" />
</malformed>
</rule>
</ruleset>

where:

<regex>
<name>safetext</name>
<pattern>^[a-zA-Z0-9.\-_\/ ]+$</pattern>
<description>
Lower and upper case letters and all digits
</description>
</regex>
<regex>
<name>safetext1</name>
<pattern>^\d{1}$</pattern>
<description>
Single digit
</description>
</regex>

And to reiterate I'm passing the param as:

<jsp:include page="XYZ.jsp">
<jsp:param name="tNumber" value="1" />
</jsp:include>

in the ABC.jsp page.

2. I also tried including only the main (ABC.jsp) page in the filter and ignoring the included page.

In both cases I get an error:

java.lang.NumberFormatException: null
at java.lang.Integer.parseInt

When I try to do a
int tNumber = Integer.parseInt(request.getParameter("tNumber"));
In the page XYZ.jsp

Thanks for looking into this.
 
wood burning stoves
 
subject: problem passing param in included page when using filter
 
Similar Threads
using EL in jsp include file
Page is displaying without name in address bar
jamki dcontainer loading
forwarding problem
Filter not working with jsp:include