Struts Web应用程序：可重复使用的验证客户端&服务器端 [英] Struts Web Application: Reusable Validation Client-Side & Server-Side

问题描述

我们的Struts应用程序复制了许多表单的验证检查：（1）jQuery / JS中的客户端，以及（2）Java中的服务器端。

Our Struts application duplicates a lot of validation checks for forms: (1) Client-side in jQuery/JS, and (2) separately, Server-side in Java.

我问我的主角为什么，他说你永远不能相信客户端。但另一方面，为方便起见，他也想在浏览器中提供JS / jQuery验证。

I asked my lead why, and he said "you can never trust the client-side." But on the other hand, as a convenience, he wants to provide JS/jQuery validation too in the browser.

有很多冗余代码。在双方都有可重复使用的验证的正确策略是什么？这些天人们手动复制客户端/服务器端验证吗？

There is a lot of redundant code. What's the right strategy to have reusable validation on both sides? Do people manually duplicate client-side/server-side validation these days?

推荐答案

• 服务器端验证是强制性的：请求可以来自修改后的网页，例如使用FireBug或任何类型的DevTools更改规则。或者更简单的是，请求可以由恶意用户制作，来自页面（或javascript块，或其他）创建的 ad-hoc ，完全绕过您的页面。


• Server side validation is mandatory : the request can come from a modified webpage, for example with rules altered with FireBug or any kind of DevTools. Or even easier, the request can be crafted by a malicious user, coming from a page (or a javascript block, or else) created ad-hoc, completely bypassing your page.




把它想象成你家的门：有了它，没有没有正确钥匙的人就可以进入。没有它，任何人都可以进入。

Think of it like the door of your house: with it, noone without the right key can enter. Without it, anyone can enter.







• 客户端验证用户友好和性能友好：它可以防止用户等待服务器的否定响应，它可以防止网络充斥着可能已被停止的错误请求（考虑到用户数量和上传的可能性）文件和表格数据，很快就会达到临界质量。）


• Client side validation is user-friendly and performance friendly: it prevents the user to wait for the server's negative response, it prevents the network from being flooded with wrong requests that could have been stopped (given the number of users and the possibility of uploading files along with form data, this could reach a critical mass very soon).




想想它在建筑物外面有对讲机的门。有了它，如果你不回答对讲机，人们会立即离开。没有它，人们需要进入建筑物，爬楼梯，敲门......只是发现你不在家。

Think of it like the door with the intercom outside the building. With it, if you don't answer to the intercom, people goes away immediately. Without it, people need to enter the building, climb the stairs, knock to your door... just to discover that you are not at home.

你需要来应用服务器端验证，在Struts2的情况下是 validate（） 或 validateXXX（）方法，或者通过 XML验证 ，或使用注释（使用内置的 Struts2 Annotations 每次操作，或使用@ umeshAwasthi每个实体的 jsr303-validator-plugin 。

You NEED to apply a server-side validation, that in the case of Struts2 is either by validate() or validateXXX() method, or by XML Validation, or using annotations (with the inbuilt Struts2 Annotations per-action, or with the jsr303-validator-plugin by @UmeshAwasthi per-entity).

如果您想重复使用 服务器端验证作为客户端-si de 验证您可以使用 Struts2-jQuery-plugin 如在此答案中所述。

If you want to reuse your server-side validation as client-side validation you can use the Struts2-jQuery-plugin as described in this answer.

BTW，HTML5（带有后备）和客户端的基本jQuery验证应该足够了。

BTW, HTML5 (with fallbacks) and a basic jQuery validation on client side should be enough.

Put在服务器端的真正努力，如果你还有时间和预算，增强客户端。

Put the real effort on server-side, then if you still have time and budget, enhance client side.

这篇关于Struts Web应用程序：可重复使用的验证客户端&服务器端的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！