表单验证分三种:客户端格式验证,服务端格式验证,数据库中的数据有效性验证;基于客户端格式验证很不安全,如果软件需求高,通常需要在服务端进行验证。
一)、手工验证:
-------验证Action的所有方法
(1)jsp代码:
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%@ taglib uri = "/struts-tags" prefix="s"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'index.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<s:fielderror/>
<br> ${fieldErrors }
<form action="login.action" method = "post">
用户名:<input name = "name" type = "text"><br><br>
电话号:<input name = "mobile" type = "text"><br><br>
<input type = "submit" value = "提交">
</form>
</body>
</html>
action代码:
package com.action;
import com.opensymphony.xwork2.ActionSupport;
public class LoginAction extends ActionSupport{
private static final long serialVersionUID = 1L;
private String name ;
private String mobile;
public String execute(){
//重写validate方法后不用手动调用
return "success";
}
//重写此方法后,可以使用struts2提供的error类,如果fieldError有内容,需要指定input视图
public void validate(){
System.out.println("validate");
if(name == null || "".equals(name)){
this.addFieldError("name", "用户名不能为空");
}
if(mobile == null || "".equals(mobile)){
this.addFieldError("mobile", "电话号码不能为空");
}else{
if(!this.mobile.matches("^1[34578]\\d{9}$")){
this.addFieldError("mobile", "手机号格式不正确");
}
}
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getMobile() {
return mobile;
}
public void setMobile(String mobile) {
this.mobile = mobile;
}
public static long getSerialversionuid() {
return serialVersionUID;
}
}
通过以上,表单验证会在action的执行之前自动调用,fieldErrors中没有内容才调用execute方法。
问题,Action中可能存在多个方法,那么每个方法执行之前都会调用验证方法(有的方法可能不需要验证!)
-----------验证Action指定的方法:只需要将validate方法名改成 validate+要验证的方法名。注意:方法名首字母大写
struts.xml配置文件:
<package name = "default" namespace = "/" extends = "struts-default">
<action name = "login_*" class = "com.action.LoginAction" method = "{1}">
<result name = "success">/welcome.jsp</result>
<result name = "input" >/index.jsp</result>
</action>
</package>
jsp页面:
<br> ${fieldErrors }
<form action="login_doOther.action" method = "post">
用户名:<input name = "name" type = "text"><br><br>
电话号:<input name = "mobile" type = "text"><br><br>
<input type = "submit" value = "提交">
</form>
Action代码:
public class LoginAction extends ActionSupport{
private static final long serialVersionUID = 1L;
private String name ;
private String mobile;
public String doFirst(){
//重写validate方法后不用手动调用
return "success";
}
public String doOther(){
//重写validate方法后不用手动调用
return "success";
}
//重写此方法后,可以使用struts2提供的error类,如果fieldError有内容,需要指定input视图
public void validateDoFirst(){
System.out.println("validate");
if(name == null || "".equals(name)){
this.addFieldError("name", "用户名不能为空");
}
if(mobile == null || "".equals(mobile)){
this.addFieldError("mobile", "电话号码不能为空");
}else{
if(!this.mobile.matches("^1[34578]\\d{9}$")){
this.addFieldError("mobile", "手机号格式不正确");
}
}
}
二)、基于XML验证:
基于配置文件的表单验证方式,可以减少java代码的编写。
如果要验证的Action是LoginAction,那么配置文件名需要命名为"LoginAction-validation.xml"
LoginAction-validation.xml配置文件:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE validators PUBLIC
"-//OpenSymphony Group//XWork Validator 1.0.3//EN"
"http://www.opensymphony.com/xwork/xwork-validator-1.0.3.dtd">
<validators>
<field name = "name">
<field-validator type = "requiredstring">
<message>用户名不能为空</message>
</field-validator>
</field>
<field name = "mobile">
<field-validator type = "requiredstring">
<message>电话号不能为空</message>
</field-validator>
<field-validator type = "regex">
<param name = "Expression"><![CDATA[^1[34578]\d{9}$]]></param>
<message>电话号格式不正确</message>
</field-validator>
</field>
</validators>
Action代码:
package com.action;
import com.opensymphony.xwork2.ActionSupport;
public class LoginAction extends ActionSupport{
private String name ;
private String mobile;
public String doFirst(){
//重写validate方法后不用手动调用
System.out.println("doFirst");
return "success";
}
public String doOther(){
System.out.println("doOther");
//重写validate方法后不用手动调用
return "success";
}
以上代码也是对Action中的所以方法进行验证,但通常不需要全部进行验证,也需要对指定方法进行验证;基于XML的验证方法也很简单,执行将配置文件名改为如下格式,
“ActionClassName-ActionMethodName-validation.xml”