JSPSourceServletpublic class JSPSourceServlet extends HttpServlet This servlet is intended only for learning about JSP. It returns
the JSP file corresponding to the path passed as pathInfo in a form
that shows the unprocessed JSP and HTML elements. If it wasn't for
Internet Explorer, all this servlet would have to do would be to
set the Content-Type to "text/plain" and send the file. But Internet
Explorer believes it knows better than the application developer,
so it bluntantly ignores this header and treats any response that
contains HTML elements as "text/html", and therefore renders all
HTML elements and ignores the JSP elements. To work around this, the
servlet sends the response as "text/html", with all special HTML
characters converted to the corresponding HTML character entities.
Note! Do not install this servlet on a production server. Doing so
may be a security risk, since the source of any file can be delivered
to the client, revealing things like database account names and passwords. |
Methods Summary |
---|
private void | copyFile(java.io.BufferedReader in, java.io.PrintWriter out)Copies the "in" reader to the "out" writer.
int chars;
char[] buf = new char[4096];
while ((chars = in.read(buf, 0, buf.length)) != -1) {
out.write(buf, 0, chars);
out.flush();
}
| public void | doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)Handles a GET request by sending the contents of the resource
specified by the servlet path to the client.
// Get the pathInfo
String path = req.getPathInfo();
// Check for invalid characters in the path. For files under
// WEB-INF, only accept tag files
if (path.indexOf("..") != -1 ||
(path.toUpperCase().indexOf("WEB-INF") != -1) &&
!path.endsWith(".tag")){
res.sendError(HttpServletResponse.SC_FORBIDDEN,
"Illegal characters found in path " + path);
return;
}
sendFile(path, res);
| private void | sendFile(java.lang.String path, javax.servlet.http.HttpServletResponse res)Sends the contents of a file to the client.
URL file = getServletContext().getResource(path);
if (file == null) {
res.sendError(HttpServletResponse.SC_NOT_FOUND,
path + " not found.");
return;
}
res.setStatus(HttpServletResponse.SC_OK);
/*
* Use "text/html" and convert HTML characters to
* character entities, to fool IE as explained above
*/
res.setContentType("text/html");
PrintWriter out = res.getWriter();
// Add HTML header
out.println("<html><head><title>" + path + "</title></head>");
out.println("<body><pre>");
// Read the file and convert it
BufferedReader in =
new BufferedReader(new InputStreamReader(file.openStream()));
StringWriter rawText = new StringWriter();
copyFile(in, new PrintWriter(rawText));
in.close();
out.write(toHTMLString(rawText.toString()));
// Add HTML footer
out.println("</pre></body></html>");
out.close();
| public java.lang.String | toHTMLString(java.lang.String in)Returns the specified string converted to a format suitable for
HTML. All signle-quote, double-quote, greater-than, less-than and
ampersand characters are replaces with their corresponding HTML
Character Entity code.
StringBuffer out = new StringBuffer();
for (int i = 0; in != null && i < in.length(); i++) {
char c = in.charAt(i);
if (c == '\'") {
out.append("'");
}
else if (c == '\"") {
out.append(""");
}
else if (c == '<") {
out.append("<");
}
else if (c == '>") {
out.append(">");
}
else if (c == '&") {
out.append("&");
}
else {
out.append(c);
}
}
return out.toString();
|
|