This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Struts Validation in validator.xml using an ActionForm

From OWASP
Jump to: navigation, search
  • Integration with commons validator
  • A bit awkward, but it gets the job done.


  • struts-config.xml
    <struts-config>
      <form-beans>
          <form-bean name="logonForm" type="net.jcj.LogonForm"/>
      </form-beans>
      <action-mappings>
          <action path="/Logon" forward="/pages/Logon.jsp"/>
          <action path="/LogonSubmit" type="app.jcj.LogonAction" name="logonForm" 
             scope="request" validate="true" input="/pages/Logon.jsp">
              <forward name="success" path="/pages/Welcome.jsp"/>
              <forward name="failure" path="/pages/Logon.jsp"/>
          </action>
      </action-mappings>
      <message-resources parameter="resources.application"/>
        <plug-in className="org.apache.struts.validator.ValidatorPlugIn">
        <set-property property="pathnames" value="/technology/WEB-INF/validator-rules.xml, /WEB-INF/validation.xml"/>
      </plug-in>
    </struts-config>
  • net.jcj.LogonForm
package net.jcj;

import javax.servlet.http.HttpServletRequest;
import org.apache.struts.action.*;

public class LogonForm extends ActionForm
{
  private String userId = null;
  private String password = null;

  public void setUserId (String userId){
    this.userId = userId ;
  }

  public String getUserId(){
    return this.userId ;
  }

  public void setPassword (String password){
    this.password = password;
  }

  public String getPassword(){
    return this.password;
  }

    /**
     * Resets all properties to their default values.
     */
    public void reset(ActionMapping mapping, HttpServletRequest request) {
      this.userId = null;
      this.password = null;
    }

    /**
     * Validates the form.  Returns a list of action
     * Of course in a production environment, your rules would be far more strict than this.
     */
  public ActionErrors validate( 
      ActionMapping mapping, HttpServletRequest request ) {
      return new ActionErrors();
  }

}
  • validation.xml
<form-validation>
  <formset>
    <form name="logonForm">
      <field property="userId" depends="required">
        <arg0 key="prompt.userId"/>
      </field>
      <field property="password" depends="required">
        <arg0 key="prompt.password"/>
      </field>
    </form>
  </formset>
</form-validation>