This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Struts Validation in validator.xml using an ActionForm

Jump to: navigation, search
  • Integration with commons validator
  • A bit awkward, but it gets the job done.

  • struts-config.xml
          <form-bean name="logonForm" type="net.jcj.LogonForm"/>
          <action path="/Logon" forward="/pages/Logon.jsp"/>
          <action path="/LogonSubmit" type="app.jcj.LogonAction" name="logonForm" 
             scope="request" validate="true" input="/pages/Logon.jsp">
              <forward name="success" path="/pages/Welcome.jsp"/>
              <forward name="failure" path="/pages/Logon.jsp"/>
      <message-resources parameter="resources.application"/>
        <plug-in className="org.apache.struts.validator.ValidatorPlugIn">
        <set-property property="pathnames" value="/technology/WEB-INF/validator-rules.xml, /WEB-INF/validation.xml"/>
  • net.jcj.LogonForm
package net.jcj;

import javax.servlet.http.HttpServletRequest;
import org.apache.struts.action.*;

public class LogonForm extends ActionForm
  private String userId = null;
  private String password = null;

  public void setUserId (String userId){
    this.userId = userId ;

  public String getUserId(){
    return this.userId ;

  public void setPassword (String password){
    this.password = password;

  public String getPassword(){
    return this.password;

     * Resets all properties to their default values.
    public void reset(ActionMapping mapping, HttpServletRequest request) {
      this.userId = null;
      this.password = null;

     * Validates the form.  Returns a list of action
     * Of course in a production environment, your rules would be far more strict than this.
  public ActionErrors validate( 
      ActionMapping mapping, HttpServletRequest request ) {
      return new ActionErrors();

  • validation.xml
    <form name="logonForm">
      <field property="userId" depends="required">
        <arg0 key="prompt.userId"/>
      <field property="password" depends="required">
        <arg0 key="prompt.password"/>