Iterating list and array by passing as a parameterClass in iBATIS sql map

December 14, 2011

A list/map can be passed as a parameterClass to an iBATIS sql map to iterate. A IN clause is the basic example of iteration over a list and create comma separated query. For example, if a list have 3 elements (10,20,30). It is passed as parameterClass in the query for a IN clause, the syntax is like following:

<select id="getAllScore" resultClass="score" parameterClass="java.util.List">
    SELECT * FROM score WHERE id IN
        <iterate open="(" close=")" conjunction=",">
            #value[]#
        </iterate>
</select>

You can define a list in the parameterClass. But what about a array? You cannot define array like int[] in the parameter class. Most surprising thing is, for an array you do not have to define a parameterClass in iBATIS. If nothing is defined as parameterClass then it is considered as Array.

If you want to iterate over an array with then the following code works fine. Every array elements will be printed in the code #[]#.

<select id="getAllScore" resultClass="score">
    SELECT * FROM score WHERE id IN
        <iterate open="(" close=")" conjunction=",">
            #[]#
        </iterate>
</select>

 

By: Md. Shahjalal


Beginning Android 4 with Intellij IDEA: Unable to find a userdata.img file to copy into the AVD folder

November 17, 2011

Android 4 (API level-14) has changed it’s userdata.img file location. On other versions (upto andoid 3.2, api level 13), it was kept in location -/android-sdk-linux/platforms/android-(api level)/images/userdata.img. Intellij IDEA (up to 10.5.2) is not up to date with this current change. Therefore shows “Unable to find a ‘userdata.img’ file to copy into the AVD folder” when you will try to create a new “Android Virtual Device”.

Even the idea site is misleading to the solution of this problem. They ask to follow a solution from stack overflow site. But that is not a solution too.

Solution:From idea’s Run/Debug configuration click on browse besides “Prefer Android Virtual Device for deployment”. Then from “Select Android Virtual Device” screen click on Android SDK Manage Then from Android SDK Manager, click on Tools and choose Manage AVDs. Then from Android Virtual Device Manage Click New and create the AVD for version 4.

Now run the project for version 4. Hello World. :)

By: Md. Shahjalal


Interesting behavior of JSP If tag for comparing Enum value

July 17, 2011

If anyone like to compare a Enum value with JSP if tag there is a little surprise for him. JSP if tag do not support to compare a enum value directly in the test condition. For example a java Enum Employee.


public enum Employee {
    PART_TIME,
    FULL_TIME;
}

Now if you want to compare the Enum value in jsp if tag directly like following,

<c:if test="${bean.employee == '<%=Employee.PART_TIME%>'}">
.........
</c:if>

JSP generates error. But if you assign the value to a variable and compare then this is allowed as following


<c:set var="partTime" value="<%=Employee.PART_TIME%>"/>
<c:if test="${bean.employee == partTime'}">
.........
</c:if>

By Md. Shahjalal


Groovy and Grails Security: Denial of Service (DoS) Case 2

August 9, 2010

Denial of Service Case 2:

Scenario: For showing list of Clients with pagination (max 10 per page).
def list = {
if(!params.max) params.max = 10
[clientList: Client.list(params)]
}

Possible Attack: Changing the max value to 100000000 in the request

Result: Query result loads 100000000 client data and again occurs an out of memory error

Possible Solutions in Groovy and Grails:
def list = {
params.max = Math.min( params.max?.toInteger() ?: 0, 100)
[clientList: Client.list(params)]
}

at worst case it will load just 100 records.

Reference: The Definite Guide to Grails, 2nd Edition


Groovy and Grails Security: Denial of Service (DoS) Case 1

August 9, 2010

Denial of Service:

Scenario: We have a client object with not null last name. A search query like following:
search = {
Client.findAll("from Client where lastName='"+ params.lastName +"'")
}

Possible Attack:
if param.lastName = ‘ or id > 0 send with request the query becomes:
search = {
Client.findAll("from Client where lastName='' or id > 0")
}

Result:
All the client from the database will be fetched and resulted out of memory error

Possible Solutions in Groovy and Grails:

search = {
Client.findAll("from Client where lastName= :lastName", [lastName: params.lastName)
}
or
search = {
Client.findAll("from Client where lastName= ?", [lastName: params.lastName)
}
or
Client.withCriteria {
eq('lastName', params.lastName)
}
or

Client.findAllByLastName(params.lastName)


Reference: Definite Guide to Grails, 2nd Edition

Dynamic runtime difference Java and Groovy

August 4, 2010

At runtime in java, actual method invocation depends on type of the object to which it refers not on the type of the target object. While groovy depends on the type of the target object. For example in the following java code, where DecimalNumber class extends FullNumber.

public class TestNumber {

void getNumberDescription(FullNumber number) {
number.getDescription(5.0);
}

public static void main(String args[]) throws Exception {
TestNumber testNumber = new TestNumber();
testNumber.getNumberDescription(new FullNumber());
testNumber.getNumberDescription(new DecimalNumber());
}
}

class FullNumber {
void getDescription(Number value) {
System.out.println("Full number");
}
}

class DecimalNumber extends FullNumber {
void getDescription(Number value) {
System.out.println("Full number");
}

void getDescription(BigDecimal value) {
System.out.println("Decimal number");
}
}

Outputs are:
Full number
Full number

On the other hand in Groovy:

public class TestNumber {

void getNumberDescription(FullNumber number) {
number.getDescription(5.0)
}

public static void main() {
TestNumber testNumber = new TestNumber()
testNumber.getNumberDescription(new FullNumber())
testNumber.getNumberDescription(new DecimalNumber())
}
}

class FullNumber {
void getDescription(Number value) {
System.out.println("Full number")
}
}

class DecimalNumber extends FullNumber {
void getDescription(Number value) {
System.out.println("Full number")
}

void getDescription(BigDecimal value) {
System.out.println("Decimal number")
}
}

Outputs are:
Full number
Decimal number

Reference:
Programming Groovy (The Pragmatic Programmers)


Groovy and Grails: Sorting Problem of Customize Search Result

July 4, 2010

GSP tag g:sortableColumn is used for sorting list in Grails. A list by default shows all the rows stored in database. A user can sort the list ascending/descending order by clicking on that column header.

But the same thing do not works for a customized search result (Criteria Search). For example a search result fetch 6 of 10 rows from database. If you display the result by tag, clicking on the column header for sorting will display all the 10 sorted rows in place of 6. This is happened because search parameters are missing in result page. Lets see the example below: Suppose we have a Book Class, Saerch Cmd and a criteria search for this class


class Book {
Integer id
String name
Date entryDate
}

class BookController{
def search() {
def searchCmd = new BookSearchCmd()
return [searchCmd: searchCmd]
}

def result() {
def cmd = new BookSearchCmd()
bindData cmd: params

def crit = Book.createCriteria()
bookList = crit.list(params) {
if (cmd[id]) le(‘id’, cmd[id])
}
}

class BookSearchCmd{
Integer id
String name
Date entryDate
}

Now if the id parameter is 6 and there is 10 id 1..10 it will display 6 rows but when you try to sort the result using <g:sortableColumn> in result.gsp page it will display all 10 result as there is no params in the result page. In the code crit.list(params) works when it gets search paramter, otherwise it execute default list() method.

A easy way out of the problem is saving searchCmd in the session and re-use for sorting the customized search result while the request comes from result page (params.search indicates request from search page). Some minor modification of the above code can do it as following code:

class BookController{
def search() {
session.removeAttribute(“searchCmd”)
def searchCmd = new BookSearchCmd()
return [searchCmd: searchCmd]
}

def result() {
def searchCmd = session.getAttribute(“searchCmd”)
if (params.search || searchCmd==null) {
searchCmd = new BookSearchCmd()
bindData searchCmd: params
session.setAttribute(“searchCmd”, searchCmd)
}

def crit = Book.createCriteria()
bookList = crit.list(params) {
if (searchCmd[id]) le(‘id’, searchCmd[id])
}
}

By: Md. Shahjalal


Follow

Get every new post delivered to your Inbox.