• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Bear Bibeault
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • salvin francis
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Frits Walraven
Bartenders:
  • Jj Roberts
  • Carey Brown
  • Scott Selikoff

Using Class Method in JSTL

 
Ranch Hand
Posts: 2110
2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have bee trying to rewrite some of my classes to match patterns suggested on this forum.
Now I have an issue with legacy JSTL code I have previously.

This is my class:



This is my legacy JSTL. Used over 1000 times in my JSP

 
Saloon Keeper
Posts: 6838
163
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What is the issue you're having?
 
Steve Dyke
Ranch Hand
Posts: 2110
2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tim Moores wrote:What is the issue you're having?



I realize now that JSTL will treat methods just like properties.

However, I think I have a bigger issue. In my class I posted earlier I am using the getUserObject method to define a User object
and use properties of the user object in the rest of my app.

But if I then use logOn.getObject().userid for example in other places in my code it will create another User object.

Do I set the public User getUserObject() to final?
 
Marshal
Posts: 26383
81
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Steve Dyke wrote:But if I then use logOn.getObject().userid for example in other places in my code it will create another User object.



Is that a problem? If so, why?

Do I set the public User getUserObject() to final?



If you want subclasses of LogOn to be unable to extend the getUserObject() method, then yes. But that question comes out of nowhere and I don't understand what problem you intend to fix with it.
 
Saloon Keeper
Posts: 23268
158
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Not to rain on the parade, but JSTL is just one step away from scriptlets, and scriptlets make the Bear growl.

More tellingly, this looks like a user-designed login/security system. The technical name for user-designed security is "hacked" or "pwned".

JEE provides a very secure container-managed authentication and authorization system along with a security API. In almost all cases, it's what I recommend for managing security.

Unless your job and training is full-time security, there's almost certainly going to be gaping loopholes in anything you design, and by "you design" I also mean the "resident genius" of most corporate shops.

In fact, about 90% of the user-designed systems I've seen could be bypassed by non-technical people in under 15 minutes.

Even professionally-designed security systems often fail, although as far as I know, no one has broken through JEE container security.

And one of the biggest advantages of JEE standard security is that many attacks get repulsed by the container itself, and never get near any vulnerable application code. You can't exploit holes if you can't even reach the holes.

 
pie. tiny ad:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic