Skip to content

Commit 7341dd3

Browse files
dschadowdschadow
committed
Refactored bean names
1 parent cbcd4d9 commit 7341dd3

File tree

10 files changed

+38
-35
lines changed

10 files changed

+38
-35
lines changed

Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/beans/CustomerBean.java renamed to Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/beans/CustomerController.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -29,13 +29,13 @@
2929
*
3030
* @author Dominik Schadow
3131
*/
32-
@ManagedBean(name = "customerBean")
32+
@ManagedBean(name = "customer")
3333
@RequestScoped
34-
public class CustomerBean {
34+
public class CustomerController {
3535
private Customer customer;
3636
private CustomerDAO customerDAO;
3737

38-
public CustomerBean() {
38+
public CustomerController() {
3939
customer = new Customer();
4040
customerDAO = new CustomerDAO();
4141
}

Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/beans/SearchBean.java renamed to Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/beans/SearchController.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -34,14 +34,14 @@
3434
*
3535
* @author Dominik Schadow
3636
*/
37-
@ManagedBean(name = "searchBean")
37+
@ManagedBean(name = "search")
3838
@RequestScoped
39-
public class SearchBean {
39+
public class SearchController {
4040
private String customerName;
4141
private CustomerDAO customerDAO;
4242
private List<Customer> customers;
4343

44-
public SearchBean() {
44+
public SearchController() {
4545
customerDAO = new CustomerDAO();
4646
}
4747

Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/daos/CustomerDAO.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@
3333
* Loads customers from the in-memory-database for the managed beans.
3434
*
3535
* @author Dominik Schadow
36-
* @see de.dominikschadow.webappsecurity.beans.CustomerBean
36+
* @see de.dominikschadow.webappsecurity.beans.CustomerController
3737
*/
3838
public class CustomerDAO {
3939
private Logger logger = LoggerFactory.getLogger(getClass());

Ch07_XSS/src/main/resources/customerDB.properties

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
11
#HSQL Database Engine 2.3.2
2-
#Sun Feb 23 10:52:14 CET 2014
2+
#Sun Feb 23 11:11:00 CET 2014
33
version=2.3.2
44
modified=yes

Ch07_XSS/src/main/resources/customerDB.script

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,10 @@ SET DATABASE UNIQUE NAME HSQLDB3BEC7E8F2A
22
SET DATABASE GC 0
33
SET DATABASE DEFAULT RESULT MEMORY ROWS 0
44
SET DATABASE EVENT LOG LEVEL 0
5+
SET DATABASE TRANSACTION CONTROL LOCKS
6+
SET DATABASE DEFAULT ISOLATION LEVEL READ COMMITTED
7+
SET DATABASE TRANSACTION ROLLBACK ON CONFLICT TRUE
8+
SET DATABASE TEXT TABLE DEFAULTS ''
59
SET DATABASE SQL NAMES FALSE
610
SET DATABASE SQL REFERENCES FALSE
711
SET DATABASE SQL SIZE TRUE
@@ -14,10 +18,6 @@ SET DATABASE SQL UNIQUE NULLS TRUE
1418
SET DATABASE SQL CONVERT TRUNCATE TRUE
1519
SET DATABASE SQL AVG SCALE 0
1620
SET DATABASE SQL DOUBLE NAN TRUE
17-
SET DATABASE TRANSACTION CONTROL LOCKS
18-
SET DATABASE DEFAULT ISOLATION LEVEL READ COMMITTED
19-
SET DATABASE TRANSACTION ROLLBACK ON CONFLICT TRUE
20-
SET DATABASE TEXT TABLE DEFAULTS ''
2121
SET FILES WRITE DELAY 500 MILLIS
2222
SET FILES BACKUP INCREMENT TRUE
2323
SET FILES CACHE SIZE 10000
@@ -51,4 +51,7 @@ INSERT INTO CUSTOMER VALUES(3,'Tricia Trillian McMillan','C',1000,'')
5151
INSERT INTO CUSTOMER VALUES(4,'Zaphod Beeblebrox','D',500,'President of the Galaxy')
5252
INSERT INTO CUSTOMER VALUES(5,'Marvin','A',100000,'Depressive')
5353
INSERT INTO CUSTOMER VALUES(6,'Slartibartfast','D',100,'42')
54-
INSERT INTO CUSTOMER VALUES(7,'Stored XSS','X',9999,'<script>alert("Stored XSS - Session ID: " + document.cookie)</script>')
54+
INSERT INTO CUSTOMER VALUES(7,'Stored XSS','X',9999,'<script>alert("Stored XSS - Session ID: " + document.cookie)</script>')
55+
INSERT INTO CUSTOMER VALUES(8,'Bla','1',1,'Test')
56+
INSERT INTO CUSTOMER VALUES(9,'Hallo','A',0,'Test')
57+
INSERT INTO CUSTOMER VALUES(10,'Neuer Versuch','B',0,'')

Ch07_XSS/src/main/webapp/createCustomer.xhtml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,18 +18,18 @@
1818
<h:form id="createCustomer">
1919
<h:panelGrid columns="2">
2020
<h:outputLabel value="Name" for="cName"/>
21-
<h:inputText value="#{customerBean.customer.name}" label="Name" id="cName"/>
21+
<h:inputText value="#{customer.customer.name}" label="Name" id="cName"/>
2222

2323
<h:outputLabel value="Status" for="cStatus"/>
24-
<h:inputText value="#{customerBean.customer.status}" label="Status" id="cStatus"/>
24+
<h:inputText value="#{customer.customer.status}" label="Status" id="cStatus"/>
2525

2626
<h:outputLabel value="Order Limit" for="cOrderLimit"/>
27-
<h:inputText value="#{customerBean.customer.orderLimit}" label="Order Limit" id="cOrderLimit"/>
27+
<h:inputText value="#{customer.customer.orderLimit}" label="Order Limit" id="cOrderLimit"/>
2828

2929
<h:outputLabel value="Comment" for="cComment" title="Customer comment with HTML enabled"/>
30-
<h:inputTextarea value="#{customerBean.customer.comment}" label="Comment" id="cComment"/>
30+
<h:inputTextarea value="#{customer.customer.comment}" label="Comment" id="cComment"/>
3131
</h:panelGrid>
32-
<h:commandButton value="Save" action="#{customerBean.save}" styleClass="send-button"/>
32+
<h:commandButton value="Save" action="#{customer.save}" styleClass="send-button"/>
3333
</h:form>
3434
</h:body>
3535
</html>

Ch07_XSS/src/main/webapp/index.xhtml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
<li><h:link outcome="showCustomers" value="Stored XSS"/></li>
2929
<li>
3030
<h:form>
31-
<h:commandLink action="#{searchBean.search}" value="Reflected XSS">
31+
<h:commandLink action="#{search.search}" value="Reflected XSS">
3232
<f:param name="customerName"
3333
value="Dummy&lt;script&gt;alert('Reflected XSS - Session ID: ' + document.cookie)&lt;/script&gt;"/>
3434
</h:commandLink>

Ch07_XSS/src/main/webapp/search.xhtml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,9 @@
1818
<h:form id="searchCustomers">
1919
<h:panelGrid columns="2">
2020
<h:outputLabel value="Name" for="cName"/>
21-
<h:inputText value="#{searchBean.customerName}" label="Name" id="cName"/>
21+
<h:inputText value="#{search.customerName}" label="Name" id="cName"/>
2222
</h:panelGrid>
23-
<h:commandButton value="Search" action="#{searchBean.search}" styleClass="send-button"/>
23+
<h:commandButton value="Search" action="#{search.search}" styleClass="send-button"/>
2424
</h:form>
2525
</h:body>
2626
</html>

Ch07_XSS/src/main/webapp/searchCustomer.xhtml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://xmlns.jcp.org/jsf/html"
55
xmlns:f="http://xmlns.jcp.org/jsf/core">
66
<h:head>
7-
<h:outputStylesheet library="css" value="styles.css" name="styles.css" />
7+
<h:outputStylesheet library="css" value="styles.css" name="styles.css"/>
88
<title>Ch07_XSS</title>
99
</h:head>
1010
<h:body>
@@ -16,30 +16,30 @@
1616
outcome="search" value="Search Customer"/>
1717
</h:form>
1818

19-
<p>Your search for <strong><h:outputText value="#{searchBean.customerName}"
19+
<p>Your search for <strong><h:outputText value="#{search.customerName}"
2020
escape="false"/></strong> returned the following results:</p>
2121

2222
<h:form>
23-
<h:dataTable var="customer" value="#{searchBean.customers}">
23+
<h:dataTable var="c" value="#{search.customers}">
2424
<h:column>
2525
<f:facet name="header">ID</f:facet>
26-
<h:outputText value="#{customer.custId}"/>
26+
<h:outputText value="#{c.custId}"/>
2727
</h:column>
2828
<h:column>
2929
<f:facet name="header">Name</f:facet>
30-
<h:outputText value="#{customer.name}"/>
30+
<h:outputText value="#{c.name}"/>
3131
</h:column>
3232
<h:column>
3333
<f:facet name="header">Status</f:facet>
34-
<h:outputText value="#{customer.status}"/>
34+
<h:outputText value="#{c.status}"/>
3535
</h:column>
3636
<h:column>
3737
<f:facet name="header">Order Limit</f:facet>
38-
<h:outputText value="#{customer.orderLimit}"/>
38+
<h:outputText value="#{c.orderLimit}"/>
3939
</h:column>
4040
<h:column>
4141
<f:facet name="header">Comment</f:facet>
42-
<h:outputText escape="false" value="#{customer.comment}"/>
42+
<h:outputText escape="false" value="#{c.comment}"/>
4343
</h:column>
4444
</h:dataTable>
4545
</h:form>

Ch07_XSS/src/main/webapp/showCustomers.xhtml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -16,22 +16,22 @@
1616
</h:form>
1717

1818
<h:form>
19-
<h:dataTable var="customer" value="#{customerBean.customers}">
19+
<h:dataTable var="c" value="#{customer.customers}">
2020
<h:column>
2121
<f:facet name="header">ID</f:facet>
22-
<h:outputText value="#{customer.custId}"/>
22+
<h:outputText value="#{c.custId}"/>
2323
</h:column>
2424
<h:column>
2525
<f:facet name="header">Name</f:facet>
26-
<h:outputText value="#{customer.name}"/>
26+
<h:outputText value="#{c.name}"/>
2727
</h:column>
2828
<h:column>
2929
<f:facet name="header">Status</f:facet>
30-
<h:outputText value="#{customer.status}"/>
30+
<h:outputText value="#{c.status}"/>
3131
</h:column>
3232
<h:column>
3333
<f:facet name="header">Order Limit</f:facet>
34-
<h:outputText value="#{customer.orderLimit}"/>
34+
<h:outputText value="#{c.orderLimit}"/>
3535
<script type="text/javascript">
3636
var pos = document.URL.indexOf("currency=") + 9;
3737
var currency = document.URL.substring(pos, document.URL.length);
@@ -40,7 +40,7 @@
4040
</h:column>
4141
<h:column>
4242
<f:facet name="header">Comment</f:facet>
43-
<h:outputText escape="false" value="#{customer.comment}"/>
43+
<h:outputText escape="false" value="#{c.comment}"/>
4444
</h:column>
4545
</h:dataTable>
4646
</h:form>

0 commit comments

Comments
 (0)