How to generalize and use the same variable across different jsp pages for the same functionality.

Here we had generalized the email getting part from the contact name search pop-up window in
Request and Notification Letter pages.


Request JSP Page

<input type="hidden" name="lookupField" value="" />

<html:textarea name="RequestForm" property="approvalNoticeCopyTo" cols="35" rows="2"/>
<input type="button" class="secondaryButton" value="<bean:message key="request.btn.LookUp" bundle="gtem"/>" onClick="document.all('lookupField').value='approvalNoticeCopyTo';window.open('searchContactName.do','searchContact','resizable=1,width=710,height=625,status=1,scrollbars=1');" />

Notification Letter JSP Page

<input type="hidden" name="lookupField" value="" />

<html:text name="EMailForm" property="to" size="55" styleClass="rmt-formTxtInput"/>
<input type="button" class="secondaryButton" value="<bean:message key="request.btn.LookUp" bundle="gtem"/>" onClick="document.all('lookupField').value='to';window.open('searchContactName.do','searchContact','resizable=1,width=710,height=625,status=1,scrollbars=1');" />

Common.js

function setContactName(TABLE_NAME)
{
var lookupFieldName = window.opener.document.getElementById("lookupField");
var lookupField = window.opener.document.getElementById(lookupFieldName.value);
var tbl = document.getElementById(TABLE_NAME);
for (var i=0; i<tbl.tBodies[0].rows.length; i++)
{
if (tbl.tBodies[0].rows[i].className.indexOf("rmt-rowClick") != -1)
{
var rowElem = tbl.tBodies[0].rows[i];
var cell = rowElem.getElementsByTagName("td")[7];
if ((document.forms[0].countEmailIDAdded.value != 0) (lookupField.value != ""))
{
lookupField.value = lookupField.value+";"+cell.childNodes[0].data;
}
else
{
lookupField.value = lookupField.value + cell.childNodes[0].data;
}
document.forms[0].countEmailIDAdded.value = 1;
}
}
window.close();
}

How to get the output (Report) in an Excel format with a "Save As" pop-up message

We set the below content type in the JSP page to produce the results of search query in excel sheet.
response.setContentType("application/vnd.ms-excel");

We add the below header in the JSP page to prompt a "Save As" dialog box to user on click of Export button.
response.addHeader("Content-Disposition", "attachment");


<%
response.setContentType("application/vnd.ms-excel");
response.addHeader("Content-Disposition", "attachment");
%%gt;

Safeguarding JSP Pages

Safeguard your JSP pages
Problem

When developers use Web-based applications, they often try to break into the security. The most common habit is to view the source of HTML in the browser and somehow determine the path of JSP pages and access them. The intent is to highlight the vulnerability of JSP pages accessible without authorization. Users who lack authorization to view the source might observe the source URL while sitting with another user who is authorized to work on that specific screen. Later, this unauthorized user could log in to the application and type the URL in the browser. In some cases, such users are able to make their way through.

Struts best practice
The possible solutions to this problem:

Do not let users access any JSP page directly. The starting page can be an HTML document. Add the following lines to the web.xml file to prevent users from accessing any JSP page directly:

<web-app> ... <security-constraint>
<web-resource-collection>
<web-resource-name>no_access</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
...
</web-app>

The most popular option is to keep JSP pages behind the WEB-INF folder. This has a few tradeoffs. For example, you cannot take the JavaScript/CSS (Cascading Style Sheets) files behind WEB-INF, and if using Struts modules, you may encounter some context-related problems. Refer to the section "Context-Related Problems," which appears later in this article, to circumvent such issues.

The second approach allows some JSP pages (which are not behind WEB-INF) to be visible directly. It does not require a descriptor file entry, therefore the best practice is to keep the pages behind WEB-INF.

colspan

To get a column to the left of the row we use colspan. For alignment valign is used.

For example we have a row with three columns in a JSP Page. Let’s say we don’t have any value for 1st and 2nd column. To place the data in 3rd column we use colspan attribute.

<td class="rmt-readOnlyData" valign="top" colspan="2" >

How to freeze/lock the table header

We often face reqirement where header should be locked and should not scroll when the data is scrolling. For that purpose we use the following style attribute in the tr section to get the heading part locked

<tr style="position:relative;top: expression(this.offsetParent.scrollTop-2);" valign="top">

How to enable enter key for searching purpose.

We have a drop-down box for selecting the search criteria and a textbox for entering the search value. we have a "search" button besides the textbox for searching the related values.

Now we need to enable the enter key (Keyboard) functionality for search purpose.

JSP Code:

<html:text name="ABCForm" size="30" property="searchCriteriaText" onkeypress="normalSearchEnter(event);" />

JS Code:

function normalSearchEnter(oEvent) {
if ((oEvent.keyCode && oEvent.keyCode==13) (oEvent.which && oEvent.which==13)) {
normalSearch(); // Call the usual function that will be invoked when search button is clicked
}
}

FAQ

Tutorial - One

To prevent intra-screen jumps

I have a link on click of which I need a new pop-up window and that pop-up window should stay in the
same place and shouldn't jump to the top of the screen.

<a href="#abc" class="actionButtonDis" onClick="clicked('ABCTable',this);window.open('searchABCName.do?param=contact','searchContact','resizable=1,width=710,height=625,status=1,scrollbars=1');" >lt;/a>


For this requirement href="#" is the one that we usually give to enable a link on screen. To get the pop-up to stay in the same location and not jump to the top of the screen we need to add junk alphabets besides the #.