问题描述

我不明白下一种情况下 Struts2 验证的概念:

我的应用程序包含 2 个操作:

1. 登录.操作
2. 驱动器操作

我可以从浏览器命令行运行 drive.action 而无需在 login.action

如果用户未在 login.action 中成功填写用户名和密码，我如何实施验证代码以防止从命令行运行 drive.action?

很简单，您可以通过验证配置文件或注释将验证器映射到字段.然后将 validation 拦截器应用于通过拦截器堆栈、自定义堆栈或 defaultStack.

当验证开始时，它会调用验证管理器来执行实际验证并将错误保存到 ValidationAware 操作.

你的 action 应该实现这个接口，或者只是扩展 ActionSupport 已经实现的地方，以保存错误.然后 workflow 拦截器检查这些错误，如果发现它们中的任何一个重定向到 INPUT 结果，如果没有发现错误，则执行动作调用.您还可以通过实施 接口，其中 ActionSupport 是默认实现的，因此覆盖了 validate() 方法.>

作为对基于 XML 的验证的补充，您还可以应用基于注释的配置.这只是服务器端验证，客户端验证通过 Struts 标签应用于浏览器启用的 javascript，用于将验证内容呈现给正在验证的页面.

所有这些概念都不适用于需要身份验证的操作(除非将身份验证拦截器应用于该操作).如果您使用 JAAS 身份验证，那么您应该考虑实施 PrincipalAware 或使用 roles 拦截器来限制对检查 isUserInRole().您可以使用 Action.如果用户没有像 有没有办法在不使用 struts.xml 的情况下重定向到另一个动作类代码> 示例.

I don't understand conception of Struts2 validation in next case :

My application consists of 2 actions:

1. login.action
2. drive.action

I can run drive.action from browser command line without filling user and password in login.action

How can I implement validation code which prevents the run of drive.action from command line if user hasn't successfully filled user and password in login.action?

It is simple, you map the validators to the fields via the validation configuration file, or via annotations. Then apply a validation interceptor to the action via referencing it explicitly or implicitly via the interceptor stack, custom stack or defaultStack.

When validation started it invokes the validation manager to perform actual validation and save errors to the ValidationAware action.

Your action should implement this interface, or just extend the ActionSupport where it's already implemented, to save the errors. Then workflow interceptor checks for those errors and if found any of them redirect to the INPUT result, if no errors found the action invocation is executed. You may also add a programmatic validation to the action by implementing Validateable interface, which ActionSupport is implemented by default, hence to override the validate() method(s).

As a supplement to XML based validation you could also apply annotation based configuration. This only the server-side validation, the client-side validation applied to the browser enabled javascript via Struts tags used for rendering a validation content to the page being validated.

All of this concept is not applicable to the action which requires authentication (unless the authentication interceptor is applied to the action). If you use JAAS authentication, then you should consider your action to implement PrincipalAware or use roles interceptor to restrict access to the action which checks the isUserInRole(). You may use Action.LOGIN result to return to the login page in authentication interceptor if the user is not authenticated like in Is there a way to redirect to another action class without using on struts.xml example.