JSP pages should only reference Java Objects associated to J2EE Scoped Bean

Rule Definition
In a Struts implementation, JSP pages are responsible for the presentation and must not call specific Java objects other than those associated to scoped attributes. The consequences of combining HTML and Java code in the same JSP file are: - no separation of technology: Java skilled people and Web designers/HTML coders must work on the same file. - less reusable: the Java component can't be reused elsewhere in the application - maintenance difficulties because of the lack of modularization

Remediation
Use taglib or change the architecture of the application so that the JSP page only rely on classes associated to scoped attributes.

Violation Code Sample

<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>My JSP 'error.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page">  </head> <body> ERROR!!!! <br> </body> </html>

Fixed Code Sample

<%@ taglib prefix="bean" uri="/tags/struts-bean" %> <%@ taglib prefix="html" uri="/tags/struts-html" %> <html:html> <head> <meta http-equiv="content-type" content="text/html;charset=ISO-8859-1"> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="description" content="MAM"> <title><bean:message bundle="application" key="app.name"/></title> </head> <body>  <html:form action ="init.do" method ="post"> <table width="100%" border="1"> <tr> <td align="center"> <a> <bean:message bundle="application" key="app.login"/> <html:text property="login"></html:text> </a> </td> </tr> <tr> <td align="center"> <a> <bean:message bundle="application" key="app.password"/> <html:text property="password"></html:text> </a> </td> </tr> <tr align="middle"> <td align="right"> <html:submit>connexion</html:submit> </td> </tr> </table> </html:form> </body> </html:html>

Reference

http://www.javaworld.com/javaworld/jw-11-2001/jw-1130-jsp.html

Related Technologies
JEE

Health Factor

Changeability

Technical Criterion
Architecture - Multi-Layers and Data Access

About CAST Appmarq

CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.

Benchmark Statistics

Global Compliance

32.67%

Total Violations

46,279

Total Opportunities

68,733

Average Violations / App.

192.03

The compliance score represents 1 minus the ratio between the number of times a rule has been violated compared to the number of opportunities in a set of applications that the rule could have been violated.

Industry Insights

Financial Services

30.82%

Manufacturing

19.29%

Telecommunications

30.79%

Want more stats? Register now!