Struts 2中的验证概念理解 [英] The validation concept understanding in Struts 2
问题描述
我不明白下一种情况下 Struts2 验证的概念:
我的应用程序包含 2 个操作:
- 登录.操作
- 驱动器操作
我可以从浏览器命令行运行 drive.action 而无需在 login.action
如果用户未在 login.action 中成功填写用户名和密码,我如何实施验证代码以防止从命令行运行 drive.action?
验证概念
Struts 2 验证是通过 XML 或注解配置的.手动的动作中的验证也是可能的,并且可以与XML 和注释驱动的验证.
验证还取决于验证和工作流程拦截器(两者都包含在默认拦截器堆栈中).这验证拦截器自己进行验证并创建一个列表特定领域的错误.工作流拦截器检查验证错误的存在:如果发现任何错误,则返回输入"结果(默认情况下),将用户带回表单包含验证错误.
如果我们使用默认设置并且我们的操作没有输入"结果定义并有验证(或者,顺便说一句,类型转换)错误,我们会收到一条错误消息告诉我们没有输入"为动作定义的结果.
很简单,您可以通过验证配置文件或注释将验证器映射到字段.然后将 validation 拦截器应用于通过拦截器堆栈、自定义堆栈或 defaultStack.
当验证开始时,它会调用验证管理器来执行实际验证并将错误保存到 ValidationAware 操作.
你的 action 应该实现这个接口,或者只是扩展 ActionSupport 已经实现的地方,以保存错误.然后 workflow 拦截器检查这些错误,如果发现它们中的任何一个重定向到 INPUT 结果,如果没有发现错误,则执行动作调用.您还可以通过实施 Validateable 接口,其中 ActionSupport 是默认实现的,因此覆盖了 validate() 方法.>
作为对基于 XML 的验证的补充,您还可以应用基于注释的配置.这只是服务器端验证,客户端验证通过 Struts 标签应用于浏览器启用的 javascript,用于将验证内容呈现给正在验证的页面.
所有这些概念都不适用于需要身份验证的操作(除非将身份验证拦截器应用于该操作).如果您使用 JAAS 身份验证,那么您应该考虑实施 PrincipalAware 或使用 roles 拦截器来限制对检查 isUserInRole().您可以使用 Action.如果用户没有像 有没有办法在不使用 struts.xml 的情况下重定向到另一个动作类代码> 示例.
I don't understand conception of Struts2 validation in next case :
My application consists of 2 actions:
- login.action
- drive.action
I can run drive.action from browser command line without filling user and password in login.action
How can I implement validation code which prevents the run of drive.action from command line if user hasn't successfully filled user and password in login.action?
The validation concept
Struts 2 validation is configured via XML or annotations. Manual validation in the action is also possible, and may be combined with XML and annotation-driven validation.
Validation also depends on both the validation and workflow interceptors (both are included in the default interceptor stack). The validation interceptor does the validation itself and creates a list of field-specific errors. The workflow interceptor checks for the presence of validation errors: if any are found, it returns the "input" result (by default), taking the user back to the form which contained the validation errors.
If we're using the default settings and our action doesn't have an "input" result defined and there are validation (or, incidentally, type conversion) errors, we'll get an error message back telling us there's no "input" result defined for the action.
It is simple, you map the validators to the fields via the validation configuration file, or via annotations. Then apply a validation interceptor to the action via referencing it explicitly or implicitly via the interceptor stack, custom stack or defaultStack.
When validation started it invokes the validation manager to perform actual validation and save errors to the ValidationAware action.
Your action should implement this interface, or just extend the ActionSupport where it's already implemented, to save the errors. Then workflow interceptor checks for those errors and if found any of them redirect to the INPUT result, if no errors found the action invocation is executed. You may also add a programmatic validation to the action by implementing Validateable interface, which ActionSupport is implemented by default, hence to override the validate() method(s).
As a supplement to XML based validation you could also apply annotation based configuration. This only the server-side validation, the client-side validation applied to the browser enabled javascript via Struts tags used for rendering a validation content to the page being validated.
All of this concept is not applicable to the action which requires authentication (unless the authentication interceptor is applied to the action). If you use JAAS authentication, then you should consider your action to implement PrincipalAware or use roles interceptor to restrict access to the action which checks the isUserInRole(). You may use Action.LOGIN result to return to the login page in authentication interceptor if the user is not authenticated like in Is there a way to redirect to another action class without using on struts.xml example.
这篇关于Struts 2中的验证概念理解的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
