Struts 2 中的验证概念理解

我不明白下一个案例中 Struts2 验证的概念:

我的应用程序包含 2 个操作:

  1. login.action
  2. drive.action

我可以从浏览器命令行运行 drive.action 而无需在 login.action

中填写用户名和密码

如果用户未在 login.action 中成功填写用户名和密码,我如何实现验证代码以防止从命令行运行 drive.action?

解决方案

验证概念

Struts 2 验证是通过 XML 或注释配置的.手动的动作中的验证也是可能的,并且可以与XML 和注释驱动的验证.

验证还取决于验证和工作流程拦截器(两者都包含在默认拦截器堆栈中).这验证拦截器自己进行验证并创建一个列表特定领域的错误.工作流拦截器检查存在验证错误:如果发现任何错误,则返回输入"结果(默认情况下),将用户带回包含验证错误.

如果我们使用默认设置并且我们的操作没有输入"结果定义并且有验证(或者,顺便说一下,类型转换)错误,我们会收到一条错误消息告诉我们没有输入";为操作定义的结果.


很简单,您可以通过验证配置文件或注释将验证器映射到字段.然后将 validation 拦截器应用于通过拦截器堆栈、自定义堆栈或 defaultStack.

当验证开始时,它会调用验证管理器来执行实际验证并将错误保存到 ValidationAware 动作.

你的动作应该实现这个接口,或者只是扩展 ActionSupport 已经实现,以保存错误.然后 workflow 拦截器 检查这些错误,如果发现其中任何一个重定向到 INPUT 结果,如果未发现错误,则执行操作调用.您还可以通过实现 程序化 验证.html" rel="nofollow noreferrer">Validateable 接口,其中ActionSupport 默认实现,因此要覆盖 validate() 方法.p>

作为基于 XML 的验证的补充,您还可以应用基于注释的配置.这只是服务器端验证,应用于浏览器的客户端验证通过 Struts 标记启用 javascript,用于将验证内容呈现给正在验证的页面.

所有这个概念都不适用于需要身份验证的动作(除非身份验证拦截器应用于动作).如果您使用 JAAS 身份验证,那么您应该考虑实施 PrincipalAware 或使用 roles 拦截器来限制对检查 isUserInRole().您可以使用 Action.如果用户未像 结果返回到身份验证拦截器中的登录页面way-to-redirect-to-another-action-class-without-using-on-struts-xml/16256030#16256030">有没有办法重定向到另一个动作类而不使用 struts.xml 示例.

I don't understand conception of Struts2 validation in next case :

My application consists of 2 actions:

  1. login.action
  2. drive.action

I can run drive.action from browser command line without filling user and password in login.action

How can I implement validation code which prevents the run of drive.action from command line if user hasn't successfully filled user and password in login.action?

解决方案

The validation concept

Struts 2 validation is configured via XML or annotations. Manual validation in the action is also possible, and may be combined with XML and annotation-driven validation.

Validation also depends on both the validation and workflow interceptors (both are included in the default interceptor stack). The validation interceptor does the validation itself and creates a list of field-specific errors. The workflow interceptor checks for the presence of validation errors: if any are found, it returns the "input" result (by default), taking the user back to the form which contained the validation errors.

If we're using the default settings and our action doesn't have an "input" result defined and there are validation (or, incidentally, type conversion) errors, we'll get an error message back telling us there's no "input" result defined for the action.


It is simple, you map the validators to the fields via the validation configuration file, or via annotations. Then apply a validation interceptor to the action via referencing it explicitly or implicitly via the interceptor stack, custom stack or defaultStack.

When validation started it invokes the validation manager to perform actual validation and save errors to the ValidationAware action.

Your action should implement this interface, or just extend the ActionSupport where it's already implemented, to save the errors. Then workflow interceptor checks for those errors and if found any of them redirect to the INPUT result, if no errors found the action invocation is executed. You may also add a programmatic validation to the action by implementing Validateable interface, which ActionSupport is implemented by default, hence to override the validate() method(s).

As a supplement to XML based validation you could also apply annotation based configuration. This only the server-side validation, the client-side validation applied to the browser enabled javascript via Struts tags used for rendering a validation content to the page being validated.

All of this concept is not applicable to the action which requires authentication (unless the authentication interceptor is applied to the action). If you use JAAS authentication, then you should consider your action to implement PrincipalAware or use roles interceptor to restrict access to the action which checks the isUserInRole(). You may use Action.LOGIN result to return to the login page in authentication interceptor if the user is not authenticated like in Is there a way to redirect to another action class without using on struts.xml example.

相关文章