Struts 2中对验证概念的理解 [英] The validation concept understanding in Struts 2
问题描述
在接下来的情况下,我不了解Struts2验证的概念:
我的应用程序包含2个操作:
- login.action
- drive.action
我可以从浏览器命令行运行 drive.action ,而无需在 login.action
如果用户未成功在 login.action 中填写用户名和密码,我如何实现验证代码以防止从命令行运行 drive.action ?
验证概念
Struts 2验证是通过XML或注释配置的.手动的动作中的验证也是可能的,并且可以与XML和注释驱动的验证.
验证还取决于验证和工作流程拦截器(均包含在默认拦截器堆栈中).这验证拦截器自己进行验证并创建一个列表特定于字段的错误.工作流拦截器检查存在验证错误:如果找到任何错误,则返回输入"结果(默认情况下),将用户带回到以下形式包含验证错误.
如果我们使用默认设置,但我们的操作没有输入"定义结果并进行验证(或者,顺便说一句,类型转换)错误,我们将收到一条错误消息,告诉我们没有输入"为操作定义的结果.
这很简单,您可以通过验证配置文件或注释将验证器映射到字段.然后将 validation 拦截器应用于通过拦截器堆栈,自定义堆栈或 工作流拦截器检查这些错误,如果发现任何错误,则会重定向到 PrincipalAware 或使用 roles 拦截器将访问限制为检查 Action.如果未像 解决方案
The validation concept
Struts 2 validation is configured via XML or annotations. Manual validation in the action is also possible, and may be combined with XML and annotation-driven validation.
Validation also depends on both the validation and workflow interceptors (both are included in the default interceptor stack). The validation interceptor does the validation itself and creates a list of field-specific errors. The workflow interceptor checks for the presence of validation errors: if any are found, it returns the "input" result (by default), taking the user back to the form which contained the validation errors.
If we're using the default settings and our action doesn't have an "input" result defined and there are validation (or, incidentally, type conversion) errors, we'll get an error message back telling us there's no "input" result defined for the action.
It is simple, you map the validators to the fields via the validation configuration file, or via annotations. Then apply a validation interceptor to the action via referencing it explicitly or implicitly via the interceptor stack, custom stack or defaultStack.
When validation started it invokes the validation manager to perform actual validation and save errors to the ValidationAware action.
Your action should implement this interface, or just extend the ActionSupport where it's already implemented, to save the errors. Then workflow interceptor checks for those errors and if found any of them redirect to the INPUT result, if no errors found the action invocation is executed. You may also add a programmatic validation to the action by implementing Validateable interface, which ActionSupport is implemented by default, hence to override the validate() method(s).
As a supplement to XML based validation you could also apply annotation based configuration. This only the server-side validation, the client-side validation applied to the browser enabled javascript via Struts tags used for rendering a validation content to the page being validated.
All of this concept is not applicable to the action which requires authentication (unless the authentication interceptor is applied to the action). If you use JAAS authentication, then you should consider your action to implement PrincipalAware or use roles interceptor to restrict access to the action which checks the isUserInRole(). You may use Action.LOGIN result to return to the login page in authentication interceptor if the user is not authenticated like in Is there a way to redirect to another action class without using on struts.xml example.
这篇关于Struts 2中对验证概念的理解的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
