Restructured the baseline to remove extra src/main directory structure. Added eclipes project file
git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
114
webapp/lessons/Ajax/clientSideFiltering.jsp
Normal file
114
webapp/lessons/Ajax/clientSideFiltering.jsp
Normal file
@ -0,0 +1,114 @@
|
||||
|
||||
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
|
||||
pageEncoding="ISO-8859-1"%>
|
||||
|
||||
<%@ page import="java.io.*, javax.xml.xpath.*, org.xml.sax.InputSource,org.w3c.dom.*,org.apache.ecs.html.* " %>
|
||||
|
||||
<%
|
||||
|
||||
String userId = request.getParameter("userId");
|
||||
|
||||
|
||||
NodeList nodes = null;
|
||||
|
||||
|
||||
|
||||
File d = new File(this.getServletContext().getRealPath("lessons/Ajax/employees.xml"));
|
||||
|
||||
if(d.exists()){
|
||||
System.out.print("File does exist");
|
||||
}
|
||||
else{
|
||||
System.out.print("File DOES NOT exist");
|
||||
}
|
||||
|
||||
System.out.println(d.getAbsolutePath());
|
||||
XPathFactory factory = XPathFactory.newInstance();
|
||||
XPath xPath = factory.newXPath();
|
||||
InputSource inputSource = new InputSource(new FileInputStream(d));
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
StringBuffer sb = new StringBuffer();
|
||||
|
||||
sb.append("/Employees/Employee/UserID | ");
|
||||
sb.append("/Employees/Employee/FirstName | ");
|
||||
sb.append("/Employees/Employee/LastName | ");
|
||||
sb.append("/Employees/Employee/SSN | ");
|
||||
sb.append("/Employees/Employee/Salary ");
|
||||
|
||||
String expression = sb.toString();
|
||||
|
||||
|
||||
System.out.print("expression:" + expression);
|
||||
|
||||
|
||||
|
||||
nodes = (NodeList) xPath.evaluate(expression, inputSource,
|
||||
XPathConstants.NODESET);
|
||||
int nodesLength = nodes.getLength();
|
||||
|
||||
|
||||
System.out.println("nodesLength:" + nodesLength);
|
||||
|
||||
TR tr;
|
||||
|
||||
int COLUMNS = 5;
|
||||
|
||||
Table t2 = null;
|
||||
if (nodesLength > 0)
|
||||
{
|
||||
t2 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(
|
||||
1).setWidth("90%").setAlign("center");
|
||||
tr = new TR();
|
||||
tr.addElement(new TD().addElement("UserID"));
|
||||
tr.addElement(new TD().addElement("First Name"));
|
||||
tr.addElement(new TD().addElement("Last Name"));
|
||||
tr.addElement(new TD().addElement("SSN"));
|
||||
tr.addElement(new TD().addElement("Salary"));
|
||||
t2.addElement(tr);
|
||||
}
|
||||
|
||||
|
||||
|
||||
tr = new TR();
|
||||
|
||||
for (int i = 0; i < nodesLength; i++)
|
||||
{
|
||||
Node node = nodes.item(i);
|
||||
|
||||
if(i%COLUMNS==0){
|
||||
tr = new TR();
|
||||
tr.setID(node.getTextContent());
|
||||
//tr.setStyle("display: none");
|
||||
}
|
||||
|
||||
tr.addElement(new TD().addElement(node.getTextContent()));
|
||||
|
||||
if(i%COLUMNS==(COLUMNS-1)){
|
||||
t2.addElement(tr);
|
||||
}
|
||||
}
|
||||
|
||||
if(t2 != null){
|
||||
out.println(t2.toString());
|
||||
}
|
||||
else{
|
||||
out.println("No Results");
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
%>
|
||||
|
114
webapp/lessons/Ajax/clientSideFiltering_backup.jsp
Normal file
114
webapp/lessons/Ajax/clientSideFiltering_backup.jsp
Normal file
@ -0,0 +1,114 @@
|
||||
|
||||
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
|
||||
pageEncoding="ISO-8859-1"%>
|
||||
|
||||
<%@ page import="java.io.*, javax.xml.xpath.*, org.xml.sax.InputSource,org.w3c.dom.*,org.apache.ecs.html.* " %>
|
||||
|
||||
<%
|
||||
|
||||
String userId = request.getParameter("userID");
|
||||
|
||||
|
||||
NodeList nodes = null;
|
||||
|
||||
|
||||
|
||||
File d = new File(this.getServletContext().getRealPath("lessons/Ajax/employees.xml"));
|
||||
|
||||
if(d.exists()){
|
||||
System.out.print("File does exist");
|
||||
}
|
||||
else{
|
||||
System.out.print("File DOES NOT exist");
|
||||
}
|
||||
|
||||
System.out.println(d.getAbsolutePath());
|
||||
XPathFactory factory = XPathFactory.newInstance();
|
||||
XPath xPath = factory.newXPath();
|
||||
InputSource inputSource = new InputSource(new FileInputStream(d));
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
StringBuffer sb = new StringBuffer();
|
||||
|
||||
sb.append("/Employees/Employee/UserID | ");
|
||||
sb.append("/Employees/Employee/FirstName | ");
|
||||
sb.append("/Employees/Employee/LastName | ");
|
||||
sb.append("/Employees/Employee/SSN | ");
|
||||
sb.append("/Employees/Employee/Salary ");
|
||||
|
||||
String expression = sb.toString();
|
||||
|
||||
|
||||
System.out.print("expression:" + expression);
|
||||
|
||||
|
||||
|
||||
nodes = (NodeList) xPath.evaluate(expression, inputSource,
|
||||
XPathConstants.NODESET);
|
||||
int nodesLength = nodes.getLength();
|
||||
|
||||
|
||||
System.out.println("nodesLength:" + nodesLength);
|
||||
|
||||
TR tr;
|
||||
|
||||
int COLUMNS = 5;
|
||||
|
||||
Table t2 = null;
|
||||
if (nodesLength > 0)
|
||||
{
|
||||
t2 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(
|
||||
1).setWidth("90%").setAlign("center");
|
||||
tr = new TR();
|
||||
tr.addElement(new TD().addElement("UserID"));
|
||||
tr.addElement(new TD().addElement("First Name"));
|
||||
tr.addElement(new TD().addElement("Last Name"));
|
||||
tr.addElement(new TD().addElement("SSN"));
|
||||
tr.addElement(new TD().addElement("Salary"));
|
||||
t2.addElement(tr);
|
||||
}
|
||||
|
||||
|
||||
|
||||
tr = new TR();
|
||||
|
||||
for (int i = 0; i < nodesLength; i++)
|
||||
{
|
||||
Node node = nodes.item(i);
|
||||
|
||||
if(i%COLUMNS==0){
|
||||
tr = new TR();
|
||||
tr.setID(node.getTextContent());
|
||||
//tr.setStyle("display: none");
|
||||
}
|
||||
|
||||
tr.addElement(new TD().addElement(node.getTextContent()));
|
||||
|
||||
if(i%COLUMNS==(COLUMNS-1)){
|
||||
t2.addElement(tr);
|
||||
}
|
||||
}
|
||||
|
||||
if(t2 != null){
|
||||
out.println(t2.toString());
|
||||
}
|
||||
else{
|
||||
out.println("No Results");
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
%>
|
||||
|
30
webapp/lessons/Ajax/clientSideValidation.jsp
Normal file
30
webapp/lessons/Ajax/clientSideValidation.jsp
Normal file
@ -0,0 +1,30 @@
|
||||
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
|
||||
pageEncoding="ISO-8859-1"%>
|
||||
|
||||
|
||||
|
||||
<% String coupon = request.getParameter("coupon");
|
||||
|
||||
if (coupon.equalsIgnoreCase("PLATINUM")){
|
||||
out.print(".25");
|
||||
}
|
||||
else if (coupon.equalsIgnoreCase("GOLD")){
|
||||
out.print(".5");
|
||||
}
|
||||
else if (coupon.equalsIgnoreCase("SILVER")){
|
||||
out.print(".75");
|
||||
}
|
||||
else if (coupon.equalsIgnoreCase("BRONZE")){
|
||||
out.print(".8");
|
||||
}
|
||||
else if (coupon.equalsIgnoreCase("PRESSONE")){
|
||||
out.print(".9");
|
||||
}
|
||||
else if (coupon.equalsIgnoreCase("PRESSTWO")){
|
||||
out.print(".95");
|
||||
}
|
||||
|
||||
|
||||
|
||||
%>
|
||||
|
254
webapp/lessons/Ajax/employees.xml
Normal file
254
webapp/lessons/Ajax/employees.xml
Normal file
@ -0,0 +1,254 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<Employees>
|
||||
<Employee >
|
||||
<UserID>101</UserID>
|
||||
<FirstName>Larry</FirstName>
|
||||
<LastName>Stooge</LastName>
|
||||
<Street>9175 Guilford Rd</Street>
|
||||
<CS>New York, NY</CS>
|
||||
<Phone>443-689-0192</Phone>
|
||||
<StartDate>1012000</StartDate>
|
||||
<SSN>386-09-5451</SSN>
|
||||
<Salary>55000</Salary>
|
||||
<CreditCard>2578546969853547</CreditCard>
|
||||
<Limit>5000</Limit>
|
||||
<Comments>Does not work well with others</Comments>
|
||||
<DisciplinaryExplanation>Constantly harassing coworkers</DisciplinaryExplanation>
|
||||
<DisciplinaryDate>10106</DisciplinaryDate>
|
||||
<Managers>
|
||||
<Manager>102</Manager>
|
||||
<Manager>111</Manager>
|
||||
<Manager>112</Manager>
|
||||
</Managers>
|
||||
</Employee>
|
||||
<Employee>
|
||||
<UserID>102</UserID>
|
||||
<FirstName>Moe</FirstName>
|
||||
<LastName>Stooge</LastName>
|
||||
<Street>3013 AMD Ave</Street>
|
||||
<CS>New York, NY</CS>
|
||||
<Phone>443-938-5301</Phone>
|
||||
<StartDate>3082003</StartDate>
|
||||
<SSN>936-18-4524</SSN>
|
||||
<Salary>140000</Salary>
|
||||
<CreditCard>NA</CreditCard>
|
||||
<Limit>0</Limit>
|
||||
<Comments>Very dominating over Larry and Curly</Comments>
|
||||
<DisciplinaryExplanation>Hit Curly over head</DisciplinaryExplanation>
|
||||
<DisciplinaryDate>101013</DisciplinaryDate>
|
||||
<Managers>
|
||||
<Manager>112</Manager>
|
||||
</Managers>
|
||||
</Employee>
|
||||
<Employee>
|
||||
<UserID>103</UserID>
|
||||
<FirstName>Curly</FirstName>
|
||||
<LastName>Stooge</LastName>
|
||||
<Street>1112 Crusoe Lane</Street>
|
||||
<CS>New York, NY</CS>
|
||||
<Phone>410-667-6654</Phone>
|
||||
<StartDate>2122001</StartDate>
|
||||
<SSN>961-08-0047</SSN>
|
||||
<Salary>50000</Salary>
|
||||
<CreditCard>NA</CreditCard>
|
||||
<Limit>0</Limit>
|
||||
<Comments>Owes three-thousand to company for fradulent purchases</Comments>
|
||||
<DisciplinaryExplanation>Hit Moe back</DisciplinaryExplanation>
|
||||
<DisciplinaryDate>101014</DisciplinaryDate>
|
||||
<Managers>
|
||||
<Manager>102</Manager>
|
||||
<Manager>111</Manager>
|
||||
<Manager>112</Manager>
|
||||
</Managers>
|
||||
</Employee>
|
||||
<Employee>
|
||||
<UserID>104</UserID>
|
||||
<FirstName>Eric</FirstName>
|
||||
<LastName>Walker</LastName>
|
||||
<Street>1160 Prescott Rd</Street>
|
||||
<CS>New York, NY</CS>
|
||||
<Phone>410-887-1193</Phone>
|
||||
<StartDate>12152005</StartDate>
|
||||
<SSN>445-66-5565</SSN>
|
||||
<Salary>13000</Salary>
|
||||
<CreditCard>NA</CreditCard>
|
||||
<Limit>0</Limit>
|
||||
<Comments>Late. Always needs help. Too intern-ish.</Comments>
|
||||
<DisciplinaryExplanation>Bothering Larry about webgoat problems</DisciplinaryExplanation>
|
||||
<DisciplinaryDate>101013</DisciplinaryDate>
|
||||
<Managers>
|
||||
<Manager>107</Manager>
|
||||
<Manager>102</Manager>
|
||||
<Manager>111</Manager>
|
||||
<Manager>112</Manager>
|
||||
</Managers>
|
||||
</Employee>
|
||||
<Employee>
|
||||
<UserID>105</UserID>
|
||||
<FirstName>Tom</FirstName>
|
||||
<LastName>Cat</LastName>
|
||||
<Street>2211 HyperThread Rd.</Street>
|
||||
<CS>New York, NY</CS>
|
||||
<Phone>443-599-0762</Phone>
|
||||
<StartDate>1011999</StartDate>
|
||||
<SSN>792-14-6364</SSN>
|
||||
<Salary>80000</Salary>
|
||||
<CreditCard>5481360857968521</CreditCard>
|
||||
<Limit>30000</Limit>
|
||||
<Comments>Co-Owner.</Comments>
|
||||
<DisciplinaryExplanation>NA</DisciplinaryExplanation>
|
||||
<DisciplinaryDate>0</DisciplinaryDate>
|
||||
<Managers>
|
||||
<Manager>106</Manager>
|
||||
<Manager>102</Manager>
|
||||
<Manager>111</Manager>
|
||||
<Manager>112</Manager>
|
||||
</Managers>
|
||||
</Employee>
|
||||
<Employee>
|
||||
<UserID>106</UserID>
|
||||
<FirstName>Jerry</FirstName>
|
||||
<LastName>Mouse</LastName>
|
||||
<Street>3011 Unix Drive</Street>
|
||||
<CS>New York, NY</CS>
|
||||
<Phone>443-699-3366</Phone>
|
||||
<StartDate>1011999</StartDate>
|
||||
<SSN>858-55-4452</SSN>
|
||||
<Salary>70000</Salary>
|
||||
<CreditCard>6981754825013564</CreditCard>
|
||||
<Limit>20000</Limit>
|
||||
<Comments>Co-Owner.</Comments>
|
||||
<DisciplinaryExplanation>NA</DisciplinaryExplanation>
|
||||
<DisciplinaryDate>0</DisciplinaryDate>
|
||||
<Managers>
|
||||
<Manager>102</Manager>
|
||||
<Manager>111</Manager>
|
||||
<Manager>112</Manager>
|
||||
</Managers>
|
||||
</Employee>
|
||||
<Employee>
|
||||
<UserID>107</UserID>
|
||||
<FirstName>David</FirstName>
|
||||
<LastName>Giambi</LastName>
|
||||
<Street>5132 DIMM Avenue</Street>
|
||||
<CS>New York, NY</CS>
|
||||
<Phone>610-521-8413</Phone>
|
||||
<StartDate>5011999</StartDate>
|
||||
<SSN>439-20-9405</SSN>
|
||||
<Salary>100000</Salary>
|
||||
<CreditCard>6981754825018101</CreditCard>
|
||||
<Limit>10000</Limit>
|
||||
<Comments>Strong work habbit. Questionable ethics.</Comments>
|
||||
<DisciplinaryExplanation>Hacked into accounting server. Modified personal pay.</DisciplinaryExplanation>
|
||||
<DisciplinaryDate>61402</DisciplinaryDate>
|
||||
<Managers>
|
||||
<Manager>102</Manager>
|
||||
<Manager>111</Manager>
|
||||
<Manager>112</Manager>
|
||||
</Managers>
|
||||
</Employee>
|
||||
<Employee>
|
||||
<UserID>108</UserID>
|
||||
<FirstName>Bruce</FirstName>
|
||||
<LastName>McGuirre</LastName>
|
||||
<Street>8899 FreeBSD Drive<script>alert(document.cookie)</script> </Street>
|
||||
<CS>New York, NY</CS>
|
||||
<Phone>610-282-1103</Phone>
|
||||
<StartDate>3012000</StartDate>
|
||||
<SSN>707-95-9482</SSN>
|
||||
<Salary>110000</Salary>
|
||||
<CreditCard>6981754825854136</CreditCard>
|
||||
<Limit>30000</Limit>
|
||||
<Comments>Enjoys watching others struggle in exercises.</Comments>
|
||||
<DisciplinaryExplanation>Tortuous Boot Camp workout at 5am. Employees felt sick.</DisciplinaryExplanation>
|
||||
<DisciplinaryDate>61502</DisciplinaryDate>
|
||||
<Managers>
|
||||
<Manager>107</Manager>
|
||||
<Manager>102</Manager>
|
||||
<Manager>111</Manager>
|
||||
<Manager>112</Manager>
|
||||
</Managers>
|
||||
</Employee>
|
||||
<Employee>
|
||||
<UserID>109</UserID>
|
||||
<FirstName>Sean</FirstName>
|
||||
<LastName>Livingston</LastName>
|
||||
<Street>6422 dFlyBSD Road</Street>
|
||||
<CS>New York, NY</CS>
|
||||
<Phone>610-878-9549</Phone>
|
||||
<StartDate>6012003</StartDate>
|
||||
<SSN>136-55-1046</SSN>
|
||||
<Salary>130000</Salary>
|
||||
<CreditCard>6981754825014510</CreditCard>
|
||||
<Limit>5000</Limit>
|
||||
<Comments>Has some fascination with Steelers. Go Ravens.</Comments>
|
||||
<DisciplinaryExplanation>Late to work 30 days in row due to excessive Halo 2</DisciplinaryExplanation>
|
||||
<DisciplinaryDate>72804</DisciplinaryDate>
|
||||
<Managers>
|
||||
<Manager>107</Manager>
|
||||
<Manager>102</Manager>
|
||||
<Manager>111</Manager>
|
||||
<Manager>112</Manager>
|
||||
</Managers>
|
||||
</Employee>
|
||||
<Employee>
|
||||
<UserID>110</UserID>
|
||||
<FirstName>Joanne</FirstName>
|
||||
<LastName>McDougal</LastName>
|
||||
<Street>5567 Broadband Lane</Street>
|
||||
<CS>New York, NY</CS>
|
||||
<Phone>610-213-6341</Phone>
|
||||
<StartDate>1012001</StartDate>
|
||||
<SSN>789-54-2413</SSN>
|
||||
<Salary>90000</Salary>
|
||||
<CreditCard>6981754825081054</CreditCard>
|
||||
<Limit>300</Limit>
|
||||
<Comments>Finds it necessary to leave early every day.</Comments>
|
||||
<DisciplinaryExplanation>Used company cc to purchase new car. Limit adjusted.</DisciplinaryExplanation>
|
||||
<DisciplinaryDate>112005</DisciplinaryDate>
|
||||
<Managers>
|
||||
<Manager>106</Manager>
|
||||
<Manager>102</Manager>
|
||||
<Manager>111</Manager>
|
||||
<Manager>112</Manager>
|
||||
</Managers>
|
||||
</Employee>
|
||||
<Employee>
|
||||
<UserID>111</UserID>
|
||||
<FirstName>John</FirstName>
|
||||
<LastName>Wayne</LastName>
|
||||
<Street>129 Third St</Street>
|
||||
<CS>New York, NY</CS>
|
||||
<Phone>610-213-1134</Phone>
|
||||
<StartDate>1012001</StartDate>
|
||||
<SSN>129-69-4572</SSN>
|
||||
<Salary>200000</Salary>
|
||||
<CreditCard>4437334565679921</CreditCard>
|
||||
<Limit>300</Limit>
|
||||
<Comments></Comments>
|
||||
<DisciplinaryExplanation></DisciplinaryExplanation>
|
||||
<DisciplinaryDate>112005</DisciplinaryDate>
|
||||
<Managers>
|
||||
<Manager>112</Manager>
|
||||
</Managers>
|
||||
</Employee>
|
||||
<Employee>
|
||||
<UserID>112</UserID>
|
||||
<FirstName>Neville</FirstName>
|
||||
<LastName>Bartholomew</LastName>
|
||||
<Street>1 Corporate Headquarters</Street>
|
||||
<CS>San Jose, CA</CS>
|
||||
<Phone>408-587-0024</Phone>
|
||||
<StartDate>3012000</StartDate>
|
||||
<SSN>111-111-1111</SSN>
|
||||
<Salary>450000</Salary>
|
||||
<CreditCard>4803389267684109</CreditCard>
|
||||
<Limit>300</Limit>
|
||||
<Comments></Comments>
|
||||
<DisciplinaryExplanation></DisciplinaryExplanation>
|
||||
<DisciplinaryDate>112005</DisciplinaryDate>
|
||||
<Managers>
|
||||
<Manager>112</Manager>
|
||||
</Managers>
|
||||
</Employee>
|
||||
</Employees>
|
38
webapp/lessons/Ajax/eval.jsp
Normal file
38
webapp/lessons/Ajax/eval.jsp
Normal file
@ -0,0 +1,38 @@
|
||||
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" import="java.util.regex.*" import="org.owasp.webgoat.lessons.DangerousEval"
|
||||
pageEncoding="ISO-8859-1"%>
|
||||
<%
|
||||
String action = request.getParameter("action");
|
||||
String field1 = request.getParameter("field1");
|
||||
String field2 = request.getParameter("field2");
|
||||
String regex1 = "^[0-9]{3}$";// any three digits
|
||||
Pattern pattern1 = Pattern.compile(regex1);
|
||||
|
||||
if(action == null) action = "Purchase";
|
||||
if(field1 == null) field1 = "123";
|
||||
if(field2 == null) field2 = "-1";
|
||||
|
||||
/** For security reasons, we remove all '<' and '>' characters to prevent XSS **/
|
||||
// Thank you Victor Bucutea for noticing replaceAll only cleans taint to the return value.
|
||||
field1 = field1.replaceAll("<", "");
|
||||
field1 = field1.replaceAll(">", "");
|
||||
field2 = field2.replaceAll("<", "");
|
||||
field2 = field2.replaceAll(">", "");
|
||||
|
||||
if("Purchase".equals(action))
|
||||
{
|
||||
if(!pattern1.matcher(field1).matches())
|
||||
{
|
||||
/** If they supplied the right attack, pass them **/
|
||||
if(field1.indexOf("');") != -1 && field1.indexOf("alert") != -1 && field1.indexOf("document.cookie") != -1)
|
||||
{
|
||||
session.setAttribute(DangerousEval.PASSED, "true");
|
||||
}
|
||||
|
||||
out.write("alert('Whoops: You entered an incorrect access code of \"" + field1 + "\"');");
|
||||
}
|
||||
else
|
||||
{
|
||||
out.write("alert('Purchase completed successfully with credit card \"" + field2 + "\" and access code \"" + field1 + "\"');");
|
||||
}
|
||||
}
|
||||
%>
|
BIN
webapp/lessons/Ajax/images/lesson1_header.jpg
Normal file
BIN
webapp/lessons/Ajax/images/lesson1_header.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 44 KiB |
BIN
webapp/lessons/Ajax/images/lesson1_workspace.jpg
Normal file
BIN
webapp/lessons/Ajax/images/lesson1_workspace.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 23 KiB |
111
webapp/lessons/Ajax/instructor/clientSideFiltering_i.jsp
Normal file
111
webapp/lessons/Ajax/instructor/clientSideFiltering_i.jsp
Normal file
@ -0,0 +1,111 @@
|
||||
|
||||
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
|
||||
pageEncoding="ISO-8859-1"%>
|
||||
|
||||
<%@ page import="java.io.*, javax.xml.xpath.*, org.xml.sax.InputSource,org.w3c.dom.*,org.apache.ecs.html.* " %>
|
||||
|
||||
<%
|
||||
|
||||
String userId = request.getParameter("userId");
|
||||
|
||||
|
||||
NodeList nodes = null;
|
||||
|
||||
|
||||
|
||||
File d = new File(this.getServletContext().getRealPath("lessons/Ajax/employees.xml"));
|
||||
|
||||
if(d.exists()){
|
||||
System.out.print("File does exist");
|
||||
}
|
||||
else{
|
||||
System.out.print("File DOES NOT exist");
|
||||
}
|
||||
|
||||
System.out.println(d.getAbsolutePath());
|
||||
XPathFactory factory = XPathFactory.newInstance();
|
||||
XPath xPath = factory.newXPath();
|
||||
InputSource inputSource = new InputSource(new FileInputStream(d));
|
||||
|
||||
|
||||
StringBuffer sb = new StringBuffer();
|
||||
|
||||
sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/UserID | ");
|
||||
sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/FirstName | ");
|
||||
sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/LastName | ");
|
||||
sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/SSN | ");
|
||||
sb.append("/Employees/Employee [Managers/Manager/text()='" + userId + "']/Salary ");
|
||||
|
||||
String expression = sb.toString();
|
||||
|
||||
System.out.print("expression:" + expression);
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
nodes = (NodeList) xPath.evaluate(expression, inputSource,
|
||||
XPathConstants.NODESET);
|
||||
int nodesLength = nodes.getLength();
|
||||
|
||||
|
||||
System.out.println("nodesLength:" + nodesLength);
|
||||
|
||||
TR tr;
|
||||
|
||||
int COLUMNS = 5;
|
||||
|
||||
Table t2 = null;
|
||||
if (nodesLength > 0)
|
||||
{
|
||||
t2 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(
|
||||
1).setWidth("90%").setAlign("center");
|
||||
tr = new TR();
|
||||
tr.addElement(new TD().addElement("UserID"));
|
||||
tr.addElement(new TD().addElement("First Name"));
|
||||
tr.addElement(new TD().addElement("Last Name"));
|
||||
tr.addElement(new TD().addElement("SSN"));
|
||||
tr.addElement(new TD().addElement("Salary"));
|
||||
t2.addElement(tr);
|
||||
}
|
||||
|
||||
|
||||
|
||||
tr = new TR();
|
||||
|
||||
for (int i = 0; i < nodesLength; i++)
|
||||
{
|
||||
Node node = nodes.item(i);
|
||||
|
||||
if(i%COLUMNS==0){
|
||||
tr = new TR();
|
||||
tr.setID(node.getTextContent());
|
||||
//tr.setStyle("display: none");
|
||||
}
|
||||
|
||||
tr.addElement(new TD().addElement(node.getTextContent()));
|
||||
|
||||
if(i%COLUMNS==(COLUMNS-1)){
|
||||
t2.addElement(tr);
|
||||
}
|
||||
}
|
||||
|
||||
if(t2 != null){
|
||||
out.println(t2.toString());
|
||||
}
|
||||
else{
|
||||
out.println("No Results");
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
%>
|
||||
|
1
webapp/lessons/Ajax/sameOrigin.jsp
Normal file
1
webapp/lessons/Ajax/sameOrigin.jsp
Normal file
@ -0,0 +1 @@
|
||||
Good Response
|
Reference in New Issue
Block a user