struts 数据 验证

08/20/2010

用户提交数据是需要验证才能保证程序运行安全。
Struts 数据验证简单分为:

  • 表单验证
  • 业务验证


验证基本过程是:

  1. 创建消息资源文件
  2. # Resources for parameter 'demo.ApplicationResources'
    # Project strutsprj2
    
    #username.null=用户名不能为空!
    #userpass.null=密码不能为空!
    #userpass.len=密码不能小于8位!
    #username.exist=用户名已被占用!
    
    #特殊标记:用于设置消息格式
    errors.header=<font color="red"><b>
    errors.footer=</b></font>
    
    username.null=\u7528\u6237\u540d\u4e0d\u80fd\u4e3a\u7a7a!
    userpass.null=\u5bc6\u7801\u4e0d\u80fd\u4e3a\u7a7a!
    userpass.len=\u5bc6\u7801\u4e0d\u80fd\u5c0f\u4e8e8\u4f4d!
    username.exist=\u7528\u6237\u540d\u5df2\u88ab\u5360\u7528!
  3. 修改表单bean的validate()方法,添加验证代码
  4. //....
    	/** 
    	 * 表单验证 验证表单数据
    	 * @param mapping
    	 * @param request
    	 * @return ActionErrors
    	 */
    	public ActionErrors validate(ActionMapping mapping,
    			HttpServletRequest request) {
    		// TODO Auto-generated method stub
    		ActionErrors errors = new ActionErrors();
    		//验证 用户名是否为空
    		if (user.getUserName().length() < 1) {
    			ActionMessage msg=new ActionMessage("username.null");
                errors.add("username",msg);
    		}
    		//验证 用户密码是否大于 8 位
    		if (user.getUserPass().length() < 8) {
    			ActionMessage msg=new ActionMessage("userpass.len");
                errors.add("userpass",msg);
    		}
    		//返回null或返回空的消息集合,代表验证通过.
    		return errors;
    	}
    //....
  5. 修改struts-config.xml,添加如下属性
  6.     <!-- validate 是否要进行验证  -->
        <!-- input 验证失败后跳转的页面 -->
        <action
          validate="true"  
          input="/index.jsp"  
          attribute="loginForm"
          name="loginForm"
          path="/login"
          scope="request"
          type="cn.net.royakon.action.LoginAction">
          <forward name="result" path="/result.jsp" />
          <forward name="fail" path="/index.jsp" />
        </action>
  7. 显示错误消息
  8. <%@ page language="java" pageEncoding="GB2312"%>
    <%@ taglib uri="http://struts.apache.org/tags-html" prefix="html" %>
    <form action="login.do" method="post">
    	USERNAME
    	<input type="text" name="user.userName" />
    	<!-- 添加显示错误的标签 -->
    	<html:errors property="username"/>
    	</br>
    	USERPASS
    	<input type="text" name="user.userPass" />
    	<!-- 添加显示错误的标签 -->
    	<html:errors property="userpass"/>
    	</br>
    	<input type="submit" value="登陆" />
    </form>
  9. 添加业务验证
  10. //....
    	public ActionForward execute(ActionMapping mapping, ActionForm form,
    			HttpServletRequest request, HttpServletResponse response) {
    		LoginForm loginForm = (LoginForm) form;
    		// TODO Auto-generated method stub
    		User user = loginForm.getUser();
    		LoginModel model = new LoginModel();
    		//业务验证
    		if (model.isExist(user)) {
    			//生成消息
    			ActionErrors errors=new ActionErrors();
    			ActionMessage msg=new ActionMessage("username.exist");
    			errors.add("username",msg);
    			super.saveErrors(request, errors);
    			return mapping.findForward("fail");
    		}
    		else {
    			request.setAttribute("result", "Sucess!");
    			return mapping.findForward("result");
    		}
    	}
    //....