2

The JSP code is :

<jsp:useBean id="person" class="org.example.model.PersonModel" scope="session">
</jsp:useBean>
<br> Name : <jsp:getProperty property="name" name="person"/>
<br> Surname : <jsp:getProperty property="surname" name="person"/>

Although I set java object in the request scope and not in the session scope in the Controller Servlet from where I am forwarding the request to this Servlet . How does the <jsp:useBean> gets hold of the request attribute although scope mentioned in the tag is session? If it uses pageContext.findAttribute() to get the attribute, then what is the use of having the scope attribute in that <jsp:useBean> tag ?

icedwater
  • 4,701
  • 3
  • 35
  • 50
AllTooSir
  • 48,828
  • 16
  • 130
  • 164

1 Answers1

11

The PageContext#findAttribute() scans in respectively the page, request, session and application scopes until the first non-null attribute value is found for a given attribute key. See also the javadoc:

Searches for the named attribute in page, request, session (if valid), and application scope(s) in order and returns the value associated or null.

That explains why it finds the request scoped one set in the forwarding servlet instead of the session scoped one declared in the JSP. This is also explained in our EL wiki page.

In any case, if you're using a servlet, you should not be using <jsp:useBean> on model objects which are supposed to be managed by a servlet. The <jsp:useBean> follows namely a different MVC level which would only lead to confusion and maintenance trouble when actually using a servlet as controller. This is also explicitly mentioned in "Coding style and recommendations" section of our Servlets wiki page.

So, instead of all those <jsp:xxx> things, you can just do:

<br>Name: ${person.name}
<br>Surname: ${person.surname}

You only need to add JSTL <c:out> to prevent potential XSS attack holes while redisplaying user-controlled data (note that <jsp:getProperty> doesn't do that!)

<br>Name: <c:out value="${person.name}" />
<br>Surname: <c:out value="${person.surname}" />

To learn more about JSTL, check our JSTL wiki page.

Community
  • 1
  • 1
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • But I have a doubt , when i set an attribute it request object and try to retrieve it in scope="session" or scope="request" it works , but if i use scope="page" or scope="application" , why it doesn't work , if the object is in request scope and findAttribute() searches every scope then it should get the attribute anyhow ? – AllTooSir Jan 29 '13 at 17:39
  • 3
    It searches the scopes in the specified order page-request-session-application until the first non-null value is found. So if you use `` then `${person}` it will return the one from the page scope instead of the one from the request scope as set by the servlet. Please note that you effectively end up with 2 completely separate instances of `Person` object (one created by servlet and another one created by `jsp:useBean`), not only one. You need the one set by the servlet, so that `jsp:useBean` mess is totally unnecessary. – BalusC Jan 29 '13 at 17:49
  • By the way, as you're a "noob" ;) I recommend to follow the links to the wiki pages which I've carefully composed together. They should be enlightening to starters. – BalusC Jan 29 '13 at 17:52