I am not implying that you cannot currently use XML with JavaServer Pages technology. I simply prefer to wait for better tools to manage the JSP-to-XML mapping as outlined in the 1.2 specification before pursuing XML-compliant JSPs (also called JSP documents). There are, however, other ways the two technologies can be used together. See Resources for articles on using XML with JSPs.
Be sure to keep abreast of the latest JSP specification and the tools your preferred vendors provide that implement that spec's new features, such as JSP-to-XML mapping. Apache provides Tomcat 4.0 as a reference implementation of the JSP 1.2 Specification.
Use JSP comments in most cases
Appropriate commenting seems to challenge software developers. JSPs, like other types of code, should include comments that describe complex or extraordinary functionality, the pages' purpose, and other general information typically commented out in source code.
Since JSPs allow developers to intermix Java, JSP tags, and HTML tags in the same page, there are multiple ways to comment a JSP page. Developers should carefully consider which type of comment to employ in the page. HTML comments will be viewable in the compiled JSP's HTML source code, and both major browsers make viewing this source easy. JSP comments, on the other hand, are not placed in the HTML document created by the JSP compilation process. These comments cannot be viewed as part of the page's source through the browser, and they do not increase the size of the rendered page's generated source. Java comments can also occur in a JSP inside Java scriptlet sections. These are not viewable in the browser either, but including Java comments in the JSP page violates the principle of separating Java from the HTML.
Code comments are usually meant for developers who write and maintain code. Therefore, use JSP comments unless there is a compelling reason to have the comments display in the browser upon request.
Note that you should not place sensitive data in JSP source code, not even inside JSP comments. Although the text inside JSP comments is not compiled into the source used to render the Webpage, Web servers might allow users to view JSP source code. Place sensitive data in a database, where access to the data can be controlled and monitored using triggers or other database mechanisms.
Follow HTML best practices
When Java is factored out of the JSP and into JavaBeans and custom tag handlers, the JSP consists mostly of JSP tags, including custom tags, and HTML tags. To make the JSP easier to understand and maintain, follow best practices related to HTML development.
One HTML best practice I follow: include closing tags recommended by the HTML specification even when the browsers do not require them. Most HTML generation tools will match opening tags with corresponding closing tags, but hand-typed HTML documents often lack closing tags (note that there is a small set of HTML tags that lack closing tags). Browsers usually render the page despite missing closing tags, but don't count on the browser to work correctly when standards are violated. Some missing closing tags, such as </table>, can dramatically affect a page's rendering in the browser. In addition, you should avoid using deprecated HTML tags, and use lowercase letters for all HTML tags.
The W3C (World Wide Web Consortium) has some resources related to HTML best practices and validation.
Utilize the JSP exception mechanism
While a thrown exception's stack trace proves extremely useful for developers when debugging their code, it is rarely desirable to share an entire exception stack trace with the software's users. Lengthy stack traces are not aesthetically pleasing and can increase security risks by exposing information that does not need to be released. JSPs allow developers to catch and handle exceptions in the code, resulting in more secure and aesthetically pleasing exception handling. See Resources for details on the mechanics of JSP exception handling.
Exception information is more useful if information besides the stack trace is included. JSPs can use session variables to store information about the current page and current operation being performed. Then, if an exception does occur, the exception page will be called; it will have access to both the thrown exception and the information about the original page that caused the exception. The exception page can utilize underlying Java code, in JavaBeans or EJBs, to store in the database the complete exception information, related session information, and the exception's date and time.
To reduce the unsightly error messages printed to the screen and improve security, the exception page need only print out a simple error message and perhaps an identifying number that allows developers to locate more detailed exception information in the database. For aesthetic and security reasons, I prefer storing most of the exception information in a database or flat file rather than printing it all to the screen. Storing the exception information in a database or flat file also allows the information to be persisted even when a user exits the application. Note that during development you should print full exception information to the screen for regular testing and debugging.
Now start developing JSPs
If abused, many JSP conveniences can lead to unnecessary complexity. This article summarizes some JSP practices that allow developers to take advantage of these conveniences without triggering unnecessary complexity. By following the best practices discussed here, you will increase your software's maintainability and reusability as well as its aesthetic qualities.
Situations might arise where the overhead of some of these recommended JSP practices is not worth the cost, such as in extremely simple applications. However, my experience is that even the simplest applications often evolve into more complex systems. In most cases, the sooner you follow best practices such as these, the better.
Learn more about this topic
- The JavaServer Pages Syntax Reference provides a quick summary of basic JSP tags
http://java.sun.com/products/jsp/tags/11/tags11.html - "Hans's Top Ten JSP Tips," Hans Bergsten (O'Reilly, November 2000) contains 10 useful tips for JSP development, including discussions on the two include mechanisms and when to use forward and when to use redirect
http://java.oreilly.com/news/jsptips_1100.html - Aurora Information Systems' "JSP Design Notes" discusses using EJBs with JavaServer Pages
http://www.aurorainfo.com/wp8/ - These excerpts from Professional JSP, Simon Brown et al. (Wrox Press, April 2001; ISBN1861004958) provide useful information on JSPs, the relationship of JSPs to the rest of J2EE, and architectural considerations when using JSPs
http://www.enterprisedeveloper.com/wrox/profjsp/contents.htm - The Sun J2EE Blueprints documentation presents some best practices and architectural considerations for developing J2EE applications. JSP developers often find the "Web Tier" portion most useful
http://java.sun.com/blueprints/enterprise/ - This section of Sun's J2EE Blueprints answers common questions related to J2EE applications' Web tiers. This section also discusses the differences between the two JSP include mechanisms and offers suggestions for deciding which mechanism to use for a given situation
http://java.sun.com/j2ee/blueprints/web_tier/qanda/index.html#directive - This Blueprints description of the Model-View-Controller architecture is helpful for understanding MVC
http://java.sun.com/j2ee/blueprints/design_patterns/model_view_controller/index.html - I highly recommend using and extending Struts to facilitate MVC architectures with JSPs
http://jakarta.apache.org/struts/index.html - Part of Struts, the template custom tag library is a subproject under Apache's Jakarta Project
http://jakarta.apache.org/struts/struts-template.html - "Strut Your Stuff with JSP Tags," Thor Kristmundsson (JavaWorld, December 2000) describes how to use and extend the open source Struts JSP tag library
http://www.javaworld.com/javaworld/jw-12-2000/jw-1201-struts.html - "Encapsulate Reusable Functionality in JSP Tags," Simon Brown (JavaWorld, August 2000) shows how to build your own custom JSP tags with Tomcat
http://www.javaworld.com/javaworld/jw-08-2000/jw-0811-jsptags.html - "JSP Templates," David Geary (JavaWorld, September 2000) discusses using templates to encapsulate Web design and encourage modularization
http://www.javaworld.com/javaworld/jw-09-2000/jw-0915-jspweb.html - "Understanding JavaServer Pages Model 2 Architecture," Govind Seshadri (JavaWorld, December 1999) discusses the Model 2 architecture and MVC
http://www.javaworld.com/javaworld/jw-12-1999/jw-12-ssj-jspmvc.html - In "E++A Pattern Language for J2EE Applications, Part 1" (JavaWorld, April 2001), Bin Yang overviews the E++ pattern language and explains how MVC and JSPs fit into the J2EE framework process described by E++
http://www.javaworld.com/javaworld/jw-04-2001/jw-0420-eplus.html - Core J2EE PatternsBest Practices and Design Strategies, Deepak Alur, John Crupi, and Dan Malks (Prentice Hall PTR, 2001; ISBN0130648841) discusses several design patterns related to application presentation tiers
http://www.amazon.com/exec/obidos/ASIN/0130648841/javaworld - Here's a good starting point for locating publicly available custom tag libraries
http://jsptags.com/ - Taglibs is an Apache subproject that focuses on JSP custom tag libraries (note that this subproject is different from Struts, which has its own custom tag libraries)
http://jakarta.apache.org/taglibs/index.html - The JSP specifications (currently 1.1 Final Release and 1.2 Final Release) are available for download. They are highly recommended reading for understanding the steps needed to convert traditional shorthand JSPs to XML-compliant JSP documents
http://java.sun.com/products/jsp/download.html#specs - Although the JavaServer Pages specifications are straightforward, Hans Bergsten provides a nice overview of 1.2's features in this two-part series
- "JSP 1.2Great News for the JSP Community, Part 1" (OnJava.com, October 2001)
- "JSP 1.2Great News for the JSP Community, Part 2" (OnJava.com, November 2001)
- "JSP Syntax and Semantics," a chapter from Professional Java XML Programming with Servlets and JSP, Tom Myers and Alexander Nakhimovsky (Wrox Press, 1999; ISBN1861002858), discusses in detail the differences between XML syntax and shorthand JSP syntax
http://www.perfectxml.com/wp/2858/28581002.htm - "Developing XML Solutions with JavaServer Pages Technology" discusses ways that XML and JSPs can be used together for effective Web solutions
http://java.sun.com/products/jsp/html/JSPXML.html - "Using XML and JSP Together," Alex Chaffee (JavaWorld, March 2000) discusses building a dynamic Website with XML and JSPs
http://www.javaworld.com/javaworld/jw-03-2000/jw-0331-ssj-jspxml.html - The HyperText Markup Language Home Page contains links to many useful sites related to the World Wide Web Consortium's markup languages and specifications
http://www.w3.org/MarkUp/ - The W3C's HTML 4.01 Specification covers the latest HTML specification
http://www.w3.org/TR/html4/ - The W3C's HTML Validation Service is useful for validating your HTML
http://validator.w3.org/ - The W3C's recommendation on the Extensible HyperText Markup Language explains the direction HTML is taking to create JSPs that will work well with future HTML developments
http://www.w3.org/TR/xhtml1/ - The mechanics of using the JSP exception-handling capability
http://java.sun.com/products/jsp/html/exceptions.fm.html - Java Specification Request (JSR) 127 on JavaServer Faces relates directly to GUIs built for Java server applications and is something JSP developers should be aware of as it progresses
http://jcp.org/jsr/detail/127.jsp - To read more articles about JavaServer Pages, browse our Topical Index
http://www.javaworld.com/channel_content/jw-jsp-index.shtml - To share your JSP best practices, log in to JavaWorld's Enterprise Java discussion
http://forums.idg.net/webx?50@@.ee6b80a - Sign up for the free JavaWorld This Week's Enterprise Java newsletter
http://www.idg.net/jw-subscribe - You'll find a wealth of IT-related articles from our sister publications at IDG.net
This story, "JSP best practices" was originally published by JavaWorld.