Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What are the alternatives to JSTL?

Are there any alternatives to JSTL? One company I worked for 3 years ago used JSTL and custom tag libraries to separate presentation from logic. Front-end developers used EL to do complex presentation logic, generate layouts in JSP pages and it worked out great. Perhaps new technologies have come out. Anything better these days?

like image 886
Christopher Tokar Avatar asked Dec 04 '08 17:12

Christopher Tokar


2 Answers

JSTL and EL are two distinct concepts.

JSTL is just one tag library. Most frameworks provide their own taglib that approximately duplicates the functionality of JSTL. I say approximately, because these often misuse or overlook key principles of JSP and the Servlet API.

The strength of JSTL is that it was designed by the authors of JSP, with a solid understanding of JSP and servlets. Third-party taglibs are often created by some guy who didn't want to RTFM and decided to "start from scratch" and come up with "something simpler". However, JSTL wasn't intended to do everything. It can be used very successfully in conjunction with other taglibs, including your own custom tags.

Expression language is fundamental to JSP. It is interpreted by the container, and can be used in many contexts. It is also largely side-effect free, and has a simple, easily comprehensible syntax that doesn't allow a lot of logic to get stuffed into the presentation layer. Being part of the Java EE spec, it also enjoys wide tool support. For example, many IDEs can refactor dependent EL expression when you rename a property.

Struts2 introduced OGNL to a wider audience. OGNL is a throwback to the evil days of scriptlets. It is more powerful, and so developers happily abuse it to invoke arbitrary methods in the presentation layer and other atrocities. Attackers happily exploit it too; it is a common source of vulnerabilities in Struts2-based applications.

I was familiar with OGNL from years of previous experience with WebWork, and my greatest disappointment in Struts2 was the failure to jettison this dreck. Even WebWork founder, Patrick Lightbody, acknowledges that adoption was a mistake.* Luckily, it can only be used in limited contexts, like OGNL-aware tags (and some other surprising places), unlike EL, which is supported by the container itself and can be used anywhere in a page.

If you want to get away from JSP, but aren't into a component-based approach like JSF, you might check out Terrence Parr's StringTemplate project. The focus there is to be side-effect–free, which gives valuable improvements to safety and scalability.

* QFT: After a successful attack on the Struts2-based Apple Developer site, Patrick Lightbody said, "Sadly, I feel some responsibility for this pretty major security hole. There have been a few like this and they are all rooted in the fact that almost 9 years ago I made the (bad) decision to use OGNL as WebWork's expression language. I did so because it was 'powerful' but it opened up all sorts of extra binding trickery I never intended."

like image 200
erickson Avatar answered Oct 02 '22 11:10

erickson


I've used velocity with great success and it works great as a simple way to separate business logic from presentation logic. And it's simple enough that your average web developer can understand it. Freemarker is another templating alternative that a lot of people like, as well.

like image 39
Marc Novakowski Avatar answered Oct 02 '22 11:10

Marc Novakowski