How to mock RequestDispatcher so that it goes to the .jsp file? - java

I am trying to write the JUnit test case for the code:
In SearchController class
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
List<AlbumSimplified> items = spotifyService.searchAlbum(searchName);
request.setAttribute("items", items);
request.getRequestDispatcher("searchResult.jsp").forward(request, response);
}
as
public void SearchControllerTesting() throws ServletException, IOException {
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
//mocked myalbums
when(searchServiceMock.searchAlbum(anyString())).thenReturn(myalbums); when(request.getRequestDispatcher(anyString())).thenReturn(request.getRequestDispatcher("searchResult.jsp"));
searchController.doGet(request, response);
}
The error I am facing is:
java.lang.NullPointerException: Cannot invoke "jakarta.servlet.RequestDispatcher.forward(jakarta.servlet.ServletRequest, jakarta.servlet.ServletResponse)" because the return value of "jakarta.servlet.http.HttpServletRequest.getRequestDispatcher(String)" is null
I believe that it is due to the fact that the uri is not identified for the request and so, it is not able to find the "searchResult.jsp" located at "/app/src/main/webapp/searchResult.jsp" where app is the root of the project directory.
Hence I tried to set the
when(request.getRequestedURI()).thenReturn("app/search"), which is the URL of the request in the browser for non-testing usage.
However, I am not able to move ahead and solve the issue.
I want the items in the request to go to the searchResult.jsp, and return me a response of type "text/html".
Thanks.

Related

Is it possible to redirect to the same JSP page from a Servlet?

A JSP page named Test.jsp is mapped to the following Servlet.
#WebServlet(name = "TestServlet", urlPatterns = {"/TestServlet"})
public final class TestServlet extends HttpServlet
{
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
//request.getRequestDispatcher("/WEB-INF/admin_side/Test.jsp").forward(request, response);
response.sendRedirect("TestServlet");
}
#Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
processRequest(request, response);
}
#Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
processRequest(request, response);
}
#Override
public String getServletInfo() {
return "Short description";
}
}
This Servlet is mapped to a JSP page Test.jsp. The doGet() method is invoked, when a URL like http://localhost:8080/Assignment/TestServlet is entered in the address bar.
The request can be forwarded to the given URL as commented out. Is it possible to redirect to the same JSP page, Test.jsp?
If an attempt is made to do so, Google Chrome complains,
This webpage has a redirect loop
It can however, redirect to other pages under WEB-INF/admin_side.
The POST-REDIRECT-GET pattern works like so: a client sends a POST request, your server handles it and responds with a redirect, ie. a response with a 302 status code and Location header to the appropriate URI. The client makes a GET request to that URI.
Currently, your server is redirecting on both GET and POSTS requests. What's worse is that your GET is redirecting to the same URI that it is handling, creating the redirect loop you are seeing.
Change your Servlet implementation so that the POST sends a redirect, but the GET actually serves up a normal 200 response with HTML, AJAX, etc.

how to prevent servlet from being invoked directly through browser

I was working on a web project using java servlet and jsp pages. In one of the servlet we have RequestDispatcher method and which is calling another servlet.
#WebServlet("/Demo")
public class DemoServlet extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
res.sendRedirect("testing"); //calling other servlet
}
}
#WebServlet("/testing")
public class TestingServlet extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
out.println("Hello World");
}
}
So, now I wanted to prevent contextRoot/testing from being invoked directly from the browser but instead only let it invoked from the other servlet(Demo)
Please suggest me if there is any way to do that.
Couple of techniques exist:
Look at writing a HTTP Request Filter. You can then inspect the incoming request and the url and reject it if the pattern matches the servlet paths that you do not want to be invoked directly.
Another mechanism is to use the security constraints in your web.xml to allow access to various paths in your application only to authorized users/roles. Look at <security-constraint> tag in web.xml
Answer given by "Romin" is correct. You have to use Filters for this. what you can do is, you can set a new session variable whenever "/Demo" url is accessed and in the filter check for the condition that session exists, if it exists allow the url or else throw error. You could do something similar like this. In "Demo" servlet
#WebServlet("/Demo")
public class DemoServlet extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
HttpSession session = request.getSession() //get new session
res.sendRedirect("testing"); //calling other servlet
}
}
In Filter class add the below code
#WebFilter("/login")
public class MyFilter implements Filter{
public void init(FilterConfig arg0) throws ServletException {}
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpRequest request = (HttpRequest) req;
HttpResponse respone = (HttpResponse) res;
HttpSession session = request.getSession(false) //get the existing session object
if(null != session) {
chain.doFilter(req, resp);
} else {
"redirect to some error page or home page"
}
}
public void destroy() {}
}
One approach is to check the caller's ip using ServletRequest.getRemoteAddr() and rejects it if it's not called locally
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
if(!req.getRemoteAddr().equals("127.0.0.1")) { // reject }
}
However this method wouldn't work legitimate caller (eg: proxy) is also using the same ip.

Cause of IllegalStateException: Cannot forward after response has been committed [duplicate]

This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
java.lang.IllegalStateException: Cannot forward after response has been committed
What is the usual cause of this kind of error:
com.mycompany.myapp.servlet.TxnDetailsServlet doRequest
ERROR: View failed
java.lang.IllegalStateException: Cannot forward after response has been committed
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:312)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
at com.mycompany.myapp.servlet.TxnDetailsServlet.doRequest(TxnDetailsServlet.java:82)
at com.mycompany.myapp.servlet.TxnDetailsServlet.doGet(TxnDetailsServlet.java:131)
The servlet process the request (i.e set attributes) then call:
private void doRequest(HttpServletRequest request) throws IOException, ServletException {
// Code omitted
getServletContext().getRequestDispatcher("/Some.jsp").forward(this.request, this.response);
// Code omitted
}
#Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
super.doGet(request, response);
doRequest(request);
}
#Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
super.doPost(request, response);
doRequest(request);
}
The servlet does not do anything in reponse.
to add to what others said, response need not be transferred to client(browser) in a single shot. Instead it can be transferred to client in multiple shots as, whenever you call a response.flushBuffer . Once the response starts transferring data to client, you cant do anything that changes response state(setStatus, forward etc)
Don't write to the response output stream if you forward to another servlet/jsp.

Cannot access filter Servlet's session attribute from another normal Http Servlet

I have a problem here:
After i use a filter servlet to set session attribute, i try to retrieve the session attribute in another normal http servlet, but it looks getAttribute('system.userinfo') cannot retrieve anything. what's wrong with this? Thanks!
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpReq = (HttpServletRequest) request;
HttpServletResponse httpResp = (HttpServletResponse) response;
HttpSession session = httpReq.getSession();
httpReq.setCharacterEncoding("UTF-8");
UserDTO dto = new UserDTO();
session.setAttribute("system.userinfo", dto);
chain.doFilter(request, response);
}
public class FileUpload extends HttpServlet {
#SuppressWarnings("unchecked")
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
response.setCharacterEncoding("UTF-8");
// cannot get anything here
UserDTO userinfo = (UserDTO)request.getSession(false).getAttribute("system.userinfo");
}
}
Both servlets are in same web application.
Seems like you are not getting the session in the servlet that you think got created in the Filter. In the filter you are using req.getSession() which is always creating a new session. In the servlet you are giving request.getSession(false), the container is supposed to return null if no session exists or return an existing session. Which servlet container are you using? If you are using an IDE, can you put a debug point and compare the session IDs to confirm they are the same? Also, is your UserDTO serializable?

Calling service() of servlet from another servlet

I have a url-mapping in my web.xml such that requests for a specific url x.pt gets mapped to a Servlet say Servlet1. In the service() of this servlet I check if the request has some specific parameter.
If so, the call is delegated to another servlet Servlet2 by instantiating it and calling its service method.
public void service(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
// if the call is for some special events (request has some specific parameter)
if (req.getParameter(conditionCheck()) {
doPost(req, res);
} else {
// Report parsing
}
}
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
try {
// instantiate Servlet2 object
servlet2.init(this.getServletConfig());
servlet2.service(req, res);
servlet2.destroy();
} catch (Exception e) {
LOG.error("Unable to execute event", e);
}
}
The browser returns some JSON text when the request is for special events( i.e. to Servlet2)
Do let me know if I need to do something extra for getting response of Servlet2 to the brwoser.
Thanks in advance!
You can forward your request using RequestDispacher:
RequestDispatcher rd = getServletContext().getRequestDispatcher(destination);
rd.forward(request, response);
As Kris says, I'd expect a RequestDispatcher to work, but I'm always uncomfortable when I see a servlet being called directly like this. Do you have the opportunity to move the logic that is provided by servlet2 into a separate object that both servlet1 and servlet2 can call upon? If you can, I think it'll give you a better, more easily testable solution.

Categories