问题描述
我不明白,在接下来的情况下,Struts2的验证概念:
我的应用程序由2动作:
- login.action
- drive.action
我可以运行 drive.action 从浏览器的命令行而不 login.action
我如何能实现验证code这prevents drive.action 的命令行运行,如果用户没有成功填写用户名和密码 login.action ?
It is simple, you map the validators to the fields via the validation configuration file, or via annotations. Then apply a validation interceptor to the action via referencing it explicitly or implicitly via the interceptor stack, custom stack or defaultStack.
When validation started it invokes the validation manager to perform actual validation and save errors to the ValidationAware action.
Your action should implement this interface, or just extend the ActionSupport where it's already implemented, to save the errors. Then workflow interceptor checks for those errors and if found any of them redirect to the input result, if no errors found the action invocation is executed. You may also add a programmatic validation to the action by implementing Validateable interface, which ActionSupport is implemented by default, hence to override the validate() method(s).
As a supplement to XML based validation you could also apply annotation based configuration. This only the server-side validation, the client-side validation applied to the browser enabled javascript via Struts tags used for rendering a validation content to the page being validated.
All of this concept is not applicable to the action which requires authentication (unless the authentication interceptor is applied to the action). If you use JAAS authentication, then you should consider your action to implement PrincipalAware or use roles interceptor to restrict access to the action which checks the isUserInRole(). You may use Action.LOGIN result to return to the login page in authentication interceptor if the user is not authenticated like in Is there a way to redirect to another action class without using on struts.xml example.
这篇关于Struts 2的验证概念的理解的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!