Check for valid configuration of the getQueryString method in JSP welcome files

This rule detects the method call request.getQueryString() in JSP welcome files of a web module. These calls are flagged so the user can verify correct usage and avoid null values for the query string.

In WebSphere the method request.getQueryString() will return null if the welcome file is called, either directly or through a forward, with a query string that does not contain the welcome file name in the URL. For example, if the welcome file is index.jsp, and the user enters the URL (or another system component forwards to the URL): http://mycompany.com/?param=value then WebSphere will send the request to index.jsp. The call request.getQueryString() in index.jsp however will return null instead of param=value . This is only applicable to welcome files as defined in the web.xml deployment descriptor.

The user can obtain the query string value in a JSP welcome file in three ways:

1. Make sure the URL includes the JSP welcome file name. For example, change the URL from: http://mycompany.com/?param=value to http://mycompany.com/index.jsp?param=value . This solution will work for the components that forward to the JSP, but will not work for JSP welcome files that can be accessed directly by external users who can enter the URL directly, for example, using a web browser.
2. The user can obtain the query string by calling request.getAttribute("javax.servlet.forward.query_string") instead of request.getQueryString() .
3. The user can set the WebSphere custom property com.ibm.ws.webcontainer.provideQStringToWelcomeFile to true in the web container properties. Setting this property to true will change the behavior of the container to pass the query string to the welcome file.

For additional information see:

• PK78371: THE QUERY STRING IS NOT INCLUDED DURING THE DISPATCHER FORWARD TO A WELCOME FILE
• Web container custom properties
• Setting web container custom properties