This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Struts Validation in an ActionForm"

Jump to: navigation, search
m (fixing category)
m (Moved page into the right category. See Java space page for me details. Content has not been reviewed in this edit.)
Line 73: Line 73:
[[Category:OWASP Java Project]]
[[Category:OWASP Java Project]]

Revision as of 21:53, 10 November 2017

  • struts-config.xml
            <form-bean name="logonForm" type="net.jcj.LogonForm"/>
            <action path="/Logon" forward="/pages/Logon.jsp"/>
            <action path="/LogonSubmit" type="app.jcj.LogonAction" name="logonForm" 
               scope="request" validate="true" input="/pages/Logon.jsp">
                <forward name="success" path="/pages/Welcome.jsp"/>
                <forward name="failure" path="/pages/Logon.jsp"/>
        <message-resources parameter="resources.application"/>
  • net.jcj.LogonForm
package net.jcj;

import javax.servlet.http.HttpServletRequest;
import org.apache.struts.action.*;

public class LogonForm extends ActionForm
  private String userId = null;
  private String password = null;

  public void setUserId (String userId){
    this.userId = userId ;

  public String getUserId(){
    return this.userId ;

  public void setPassword (String password){
    this.password = password;

  public String getPassword(){
    return this.password;

     * Resets all properties to their default values.
    public void reset(ActionMapping mapping, HttpServletRequest request) {
      this.userId = null;
      this.password = null;

     * Validates the form.  Returns a list of action
     * Of course in a production environment, your rules would be far more strict than this.
  public ActionErrors validate( 
      ActionMapping mapping, HttpServletRequest request ) {
      ActionErrors errors = new ActionErrors();
      if( getUserId() == null || getUserId().length() < 1 ) {
        errors.add("userId",new ActionMessage("error.userid.required"));
      if( getPassword() == null || getPassword().length() < 1 ) {
        errors.add("password",new ActionMessage("error.password.required"));

      return errors;