• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Ignore type conversion errors with EL

 
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi folks,

A small question on whether it is possible to do or not. My application is being checked for bugs and such right now. One of the "issues" has to do with data conversions in JSP using EL. Lets say a page number is passed on to JSP page via URL: ?page=XXX. This page is then being converted into an integer value to be passed on to a bean. But lets say a "malicious" user plays with the URL and puts in ?page=abc444 or ?page=200000000000000000000000000. In both cases that causes an exception to be generated which the clients don't like. In a cases such as these, is it somehow possible to make EL simply convert bad number into a 0 (zero) and ignore any errors? I mean - I really don't care for the number that cannot be converted into an integer. My other solution is to rewrite the beans to accept Strings and do the checking myself, but I really would like not to pollute the code like that.

Any suggestions?

Thanks in advance
 
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

which the clients don't like


So your clients are expected to act like malicious users?
I wouldn't worry about it after all. They are asking for the error themselves and they will get error too.

At any way, a solution is hard to give as it is not clear how you implemented this logic. There are many ways to achieve this.
 
Daniil Sosonkin
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bauke Scholtz wrote:

which the clients don't like


So your clients are expected to act like malicious users?
I wouldn't worry about it after all. They are asking for the error themselves and they will get error too.

At any way, a solution is hard to give as it is not clear how you implemented this logic. There are many ways to achieve this.



Well, the idea is I'm able to handle the errors gracefully. In this particular incident, instead of displaying a general site error I would display the very first page. In another instance, such as an order entry and keyboard got stuck on quantity or a fat finger, I would display quantity has to be greater than zero.

If you have suggestions, please.
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Clear.

At any way, a solution is hard to give as it is not clear how you implemented this logic. There are many ways to achieve this.
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Validate the values in the JSPs page controller prior to forwarding to the JSP.


 
Daniil Sosonkin
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Validate the values in the JSPs page controller prior to forwarding to the JSP.




The exception tree is as follows:

javax.servlet.jsp.el.ELException: An exception occured trying to convert String "4555555555555" to type "int"
org.apache.commons.el.Logger.logError(Logger.java:481)
org.apache.commons.el.Logger.logError(Logger.java:498)
org.apache.commons.el.Logger.logError(Logger.java:566)
org.apache.commons.el.Coercions.coerceToPrimitiveNumber(Coercions.java:440)
org.apache.commons.el.Coercions.coerce(Coercions.java:332)
org.apache.commons.el.FunctionInvocation.evaluate(FunctionInvocation.java:167)
org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:263)
org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:190)
org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:917)
org.apache.jsp.secure.research.news_005fajax_jsp._jspx_meth_c_set_0(news_005fajax_jsp.java:143)
org.apache.jsp.secure.research.news_005fajax_jsp._jspService(news_005fajax_jsp.java:112)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
...SecurityFilter.doFilter(SecurityFilter.java:98)


My thinking is to change that Coercions.java file. Haven't checked whether source is public or not yet. Maybe a better way?
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sigh.

Once again: you need to elaborate HOW you implemented this logic. Only then we can give a more detailed and suitable answer how to solve it.

Are you just aksed to fix someone else's code without having any basic knowledge about the stuff under the hood?
 
Daniil Sosonkin
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Right now the logic is to throw an exception when a string cannot be converted to a target number type. My logic is to silently ignore the exception and return some default value such as 0 (zero). Maybe also log an error as a warning.
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ummm, changing standard code is never a viable option.

You do have page controllers, no?

Your continued refusal or inability to elaborate on your code structure places this post in peril of being unsubscribed by those who would help you.
 
Daniil Sosonkin
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Its a plain JSP code. I don't know what page controller is, to be honest. So far I'm concentrating on the exception, maybe should look into something else. Let me give you a snippet:

<c:set var="news" value="${o:getNews(quote, param.start, 20)}" scope="request" />

Where getNews is defined as:

<function>
<name>getNews</name>
<function-class>com.Quotes</function-class>
<function-signature>java.util.List getNews(com.Quote,int,int)</function-signature>
</function>

The function already takes care of all illegal values for all its parameters. Anything that I'm missing?
 
Those are the largest trousers in the world! Especially when next to this ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic