Struts 2的验证概念的理解 [英] Struts 2 validation concept understanding
问题描述
我不明白,在接下来的情况下,Struts2的验证概念:
我的应用程序由2动作:
- login.action
- drive.action
我可以运行 drive.action 从浏览器的命令行而不 login.action
我如何能实现验证code这prevents drive.action 的命令行运行,如果用户没有成功填写用户名和密码 login.action ?
验证概念
Struts 2的验证是通过XML或注解配置。手册
在动作验证也是可能的,并且可以与结合
XML和注解驱动的验证。
验证还取决于验证和工作流程都
拦截器(二者都包括在默认拦截器栈)。该
验证拦截器确实验证本身并创建一个列表
具体的现场错误。工作流拦截器将检查
验证错误的presence:如果找到,则返回
输入的结果(默认),从而将用户返回到形式
包含验证错误。
如果我们使用默认的设置和我们的行动不具有
输入的结果定义,并有验证(或顺便说一下,
类型转换)的错误,我们会得到一个错误信息回来告诉我们
还有的行动中没有定义输入的结果。这很简单,你通过验证配置文件验证器的字段映射,或通过注释。然后通过通过拦截器栈,自定义堆栈或明或暗地引用它
验证拦截器适用于该诉讼或defaultStack。在验证开始它调用验证经理进行实际的验证和错误保存到
ValidationAware的行动。您操作应该实现这个接口,或只是延长
ActionSupport的其中,它已经实施,以节省错误。然后工作流程拦截检查这些错误,如果发现其中的任何重定向到输入的结果,如果没有错误发现动作调用执行。您也可以添加一个的计划的验证,通过实施Validateable接口,这个动作的ActionSupport的默认情况下实现的,因此重写的validate()办法(S)。作为补充,以基于XML验证你也可以采用基于注解的配置。这只有服务器端验证,客户端验证适用于通过用于渲染验证内容的页面被验证Struts标签的浏览器的JavaScript。
所有这些概念并不适用于需要身份验证(除非认证拦截被施加到动作)的动作。如果使用JAAS身份验证,那么你应该考虑你的行动,落实
PrincipalAware或使用角色拦截器来限制访问它检查的isUserInRole动作()。您可以使用Action.LOGIN结果返回到登录页面身份验证拦截器,如果用户没有通过验证像<一个href=\"http://stackoverflow.com/questions/16254934/is-there-a-way-to-redirect-to-another-action-class-without-using-on-struts-xml/16256030#16256030\">Is有没有办法来重定向到另一个动作类,而不使用在struts.xml中的例子。I don't understand conception of Struts2 validation in next case :
My application consists of 2 actions:
- login.action
- drive.action
I can run
drive.actionfrom browser command line without filling user and password inlogin.actionHow can I implement validation code which prevents the run of
drive.actionfrom command line if user hasn't successfully filled user and password inlogin.action?解决方案The validation concept
Struts 2 validation is configured via XML or annotations. Manual validation in the action is also possible, and may be combined with XML and annotation-driven validation.
Validation also depends on both the validation and workflow interceptors (both are included in the default interceptor stack). The validation interceptor does the validation itself and creates a list of field-specific errors. The workflow interceptor checks for the presence of validation errors: if any are found, it returns the "input" result (by default), taking the user back to the form which contained the validation errors.
If we're using the default settings and our action doesn't have an "input" result defined and there are validation (or, incidentally, type conversion) errors, we'll get an error message back telling us there's no "input" result defined for the action.
It is simple, you map the validators to the fields via the validation configuration file, or via annotations. Then apply a
validationinterceptor to the action via referencing it explicitly or implicitly via the interceptor stack, custom stack ordefaultStack.When validation started it invokes the validation manager to perform actual validation and save errors to the
ValidationAwareaction.Your action should implement this interface, or just extend the
ActionSupportwhere it's already implemented, to save the errors. Thenworkflowinterceptor checks for those errors and if found any of them redirect to theinputresult, if no errors found the action invocation is executed. You may also add a programmatic validation to the action by implementingValidateableinterface, whichActionSupportis implemented by default, hence to override thevalidate()method(s).As a supplement to XML based validation you could also apply annotation based configuration. This only the server-side validation, the client-side validation applied to the browser enabled javascript via Struts tags used for rendering a validation content to the page being validated.
All of this concept is not applicable to the action which requires authentication (unless the authentication interceptor is applied to the action). If you use JAAS authentication, then you should consider your action to implement
PrincipalAwareor userolesinterceptor to restrict access to the action which checks theisUserInRole(). You may useAction.LOGINresult to return to the login page in authentication interceptor if the user is not authenticated like in Is there a way to redirect to another action class without using on struts.xml example.这篇关于Struts 2的验证概念的理解的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
