Drew Varner has published guidelines for writing a JSR-168
Porlet in the Dev2Dev
forum at BEA. Drew starts the piece by noting that following the specification is not just about portability, it is also about ease of federation.
The best practices that Drew focuses on are;
- Always Utilize the URL Rewriting APIs for Content in Your Portlet
- Do Not Append Paths to a Rewritten URL
- Qualify Client-side Script Variables and Methods with Namespaces
- Ensure Inline Client-side Scripts that Refer to Portlet Resources Follow the Spec
- Always Declare a Content Type for Portlet Responses
- Do Not Send Cookies from Portlets
- Separate Business Logic from Presentation
On the first point Drew offers advice on a commonly used pattern.
Java developers often write the URL to an image from a JSP like this:
This is incorrect in a JSR-168 portlet. The correct method is:
<img src="<%= renderResponse.encodeURL(renderRequest.getContextPath()+
This advice is tempered with a number of rules that depend on the locality of the given resource. This advice ties into the second point regarding appending information to the end of the URL. Drew supplies code snippets to demonstrate how to append paths to an encoded base.
The article includes code example to demonstrate all of the remaining points in the article. These code examples do include example of things that may work but shouldn’t.
According to the JSR-168 portlet specification, calling addCookie() on HttpServletResponse does not actually set a cookie. Portlet containers that allow you to set a cookie are broken. Do not call this method.
This example packed entry offers many tips on how you can ensure that you’re portlets meet the spec.