问题
Let's say I have this URL here
<s:url action ="profile" var ="profile_url">
<s:param name = "id">${user.userId}</s:param>
</s:url>
<s:a href = "%{profile_url}">My Profile</s:a>
Where the parameter id will only have an int value. So inside my Action class.
public class ViewProfileAction extends ActionSupport{
public String execute(){
//someServiceLayer.getUser(id);
return "success";
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
private int id;
}
Everything seems to go well as long as the user will click the link, so if the user click the link the url will be something like this
localhost:8090/HelloStruts2/profile?id=1
but what if the user manipulated the URL directly? he manually typed in his browser a letter or a character? like this
localhost:8090/HelloStruts2/profile?id=b
if the user did that I am sure there will be an exception or an error will occur.
My question how would I then validate the URL parameter? or if the user did such thing (entered a letter or a negative number in the parameter id) I would redirect him to another page.
回答1:
You have a parameter field as int but you have set it as String in the URL. To eliminate the errors of that kind you need to put some interceptor before (or after it doesn't matter) the params interceptor to check that value. For example you put the validation interceptor.
@Action(value = "youraction", results = {
@Result(location = "/path/to/page.jsp"),
}, interceptorRefs = {@InterceptorRef("validation"), @InterceptorRef("basicStack")})
then you need implement validate() method in your action
public void validate() {}
and finally add the method that will handle wrong and also good results, so OGNL will not complain
public void setId(String id) {
try {
this.id = Integer.parseInt(id);
} catch (NumberFormatException nfe){}
}
that's all, you have no exception anymore and parameter of type String is checked in the setter.
To your question: if you parameter didn't parsed correctly you will have value of 0 in the execute() method. So, you decide what result to return. You can also check the value in the validate() method if the validation interceptor placed after params interceptor do parse or GenericValidator.isInt after that setFieldError() and show it in the JSP or redirect right after validation.
回答2:
ParametersInterceptor, using the XWorkConverter, would raise an Exception of type
ognl.MethodFailedException: java.lang.NoSuchMethodException setId(java.lang.String);
because it would search (through reflection) a Setter for a String, instead of an int.
This error would stop the invocation in the middle of the InterceptorStack, and would send it back with the input result, that is the default result for input errors in the request.
If you don't have an input result declared in your struts.xml, you will get an Exception of type
No result defined for action your.package.your.Action and result input
If you have it, then you will be redirected back to the result declared in your struts.xml (the same JSP, another JSP or an Action).
You can handle this by outputting field errors through <s:fielderror /> tag in your JSP, and eventually coloring with red borders the fields with javascript (not in your case, because they're URL parameters).
To validate this kind of stuff properly (instead of asking Struts2 to fails and raises errors for you), you can use XML Validation, declaring an XML file in the same package of the Action with the name YourActionName-validation.xml
In your case, you should use Required Validator and Int Validator
(and specify 0 as min param in your Int Validator, to prevent negative values)
来源:https://stackoverflow.com/questions/14396601/struts-2-request-parameter-validations-int-and-strings