在JSP中验证参数的最佳实践是什么? [英] What is the best practice for validating parameters in JSP?
问题描述
我正在实现一个JSP,该JSP希望在运行jsp之前需要验证一些参数.
I'm implementing a JSP which expects a few parameters which have to be validated before running the jsp.
- 建议:使用以下命令验证JSP内部的参数 标签库
- 建议:在过滤器中预先解析参数
- Suggestion: Validate the parameters inside the JSP using Taglibraries
- Suggestion: Pre-parse the Parameters in a Filter
您怎么看?
修改
谢谢您的好答案,但是我想知道,如果您提供的服务是google chart API之类的服务,而您无法期望在发送参数之前先检查表单,那么这是最佳做法吗? 例子: https://chart.googleapis.com/chart?cht= & chd =& chs =& ... additional_parameters ...
Thank you for the good answers, but I was wondering what would be the best practice in case you are offering a service like google chart API where you can't expect that the parameters are checked by a form before they are sent. example: https://chart.googleapis.com/chart?cht=&chd=&chs=&...additional_parameters...
推荐答案
两者都不是好方法.控制器/业务逻辑不属于JSP(标记).过滤器几乎是不错的选择,但不够具体.这项工作应由Servlet完成.您正在将表单提交给Servlet进行后处理,对吧?听起来您还没有这样做,否则答案很简单.
None of both are good approaches. Controller/business logic doesn't belong in a JSP (tag). A filter is almost good, but it's not specific enough. This job should be done by a servlet. You're submitting the form to a servlet to postprocess it, right? It sounds like that you're not already doing that, the answer would otherwise have been pretty straightforward.
在我们的servlets标签Wiki页面中,您可以找到一个很好的例子,说明了将JSP与Servlet对表单提交进行后处理.这是相关的摘录:
In our servlets tag wiki page you can find a hello world example of a good approach of using a JSP with a Servlet to postprocess a form submit. Here's an extract of relevance:
<input id="name" name="name" value="${fn:escapeXml(param.name)}">
<span class="error">${messages.name}</span>
使用
String name = request.getParameter("name");
if (name == null || name.trim().isEmpty()) {
messages.put("name", "Please enter name");
}
// ...
request.getRequestDispatcher("/WEB-INF/hello.jsp").forward(request, response);
此外,对于这种用例,例如JSF,Spring MVC,Wicket,Stripes,Struts2等,存在删除所有样板文件(重复的/重复的)servlet代码的MVC框架.例如,使用 JSF 它看起来像这样:
Further, there exist MVC frameworks which removes all the boilerplate (duplicated/repeated) servlet code for this kind of use cases, such as JSF, Spring MVC, Wicket, Stripes, Struts2, etc. With for example JSF it look just something like this:
<h:inputText id="name" value="#{bean.name}" required="true" requiredMessage="Please enter name" />
<h:message for="name" />
仅此而已. JSF的FacesServlet控制器servlet将验证它是否已被填充并在给定位置显示(可配置)消息,而无需任何自定义Java代码.您甚至可以将其移至模型,JSF也对JSR303 bean验证也提供透明支持.例如
That's all. The JSF's FacesServlet controller servlet will validate if it's been filled in and display a (configureable) message at the given location, without any need for custom Java code. You could even move it to the model, JSF has transparent support for JSR303 bean validation as well. E.g.
<h:inputText id="name" value="#{bean.name}" />
<h:message for="name" />
使用
@NotNull(message="Please enter name")
private String name;
根据您的编辑
更新:
Update as per your edit:
感谢您的良好回答,但我想知道,如果您提供的服务是google chart API之类的服务,而您无法期望参数会在表单之前被检查过,那将是最佳做法已发送.示例: https://chart.googleapis .com/chart?cht =& chd =& chs =& ... additional_parameters ...
Thank you for the good answers, but I was wondering what would be the best practice in case you are offering a service like google chart API where you can't expect that the parameters are checked by a form before they are sent. example: https://chart.googleapis.com/chart?cht=&chd=&chs=&...additional_parameters...
只需以相同的方式使用servlet.唯一的区别是您必须在doGet()中而不是在doPost()中实现该作业,并且如有必要,请在错误时返回HTTP 400 :)再次,请检查
Just use a servlet the same way. The only difference is that you've to implement the job in doGet() instead of doPost() and if necessary return HTTP 400 on an error :) Once again, check our servlets tag wiki page to understand their purpose better. Or to go a step further, use a webservice framework instead, such as JAX-WS or JAX-RS which do this job transparently like a MVC framework does for HTML pages.
这篇关于在JSP中验证参数的最佳实践是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
