Re: Role Based Struts Validation
Peter, I have also been involved with a cutomer that wants client side field validation and even page sections that magically appear when certain radio buttons and check boxes are clicked. These are people that have been using an Oracle forms based solution for many years and have become attached to the way the that those kind of screen behave. As a result, the last web based system that i helped them with involved a whole bunch of pop-up windows to try to emulate what they are used to seeing. A long time ago, an ex-project leader of mine once told me that the first task of any software development project has to reduce customer expectations. But this is easier said than done. I have even tried the approach of painting a negative view of javascript... but many end user only really care about how good it looks on the screen and not how well it is engineered under the skin. About the only way I have seen to sell good engineering practices is to talk about the $$ saved on maintenance costs. "Peter A. Pilgrim" <[EMAIL PROTECTED]> wrote:David Graham wrote: >> In fact my client has made a major decision, to do a lot of validation >> using JavaScript using a massive library with minimum server-side >> validation if they can help it. > > > Does your client realize the security problems associated with that > decision? It's trivial to write a program that posts data to a web > application; without server side checks a hacker could craft a malicious > piece of data. > What I meant by minimum validation is "simple validation" without hard and fast interfield and security credential dependency rules. In any case I going to have check that a String can covert to Date, or Integer. It will be just going to back in time 9 months ago to Struts 1.02 and Action Form and custom validation utility classes which I wrote. I have been unable to prove the concept that Struts Validator can do what they want. And they want complex role based validation for form fields. -- Peter Pilgrim __ _ _ _ / //__ // ___// ___/ + Serverside Java / /___/ // /__ / /__ + Struts / // ___// ___// ___/ + Expresso Committer __/ // /__ / /__ / /__ + Independent Contractor /___/////// + Intrinsic Motivation On Line Resume || \\===> `` http://www.xenonsoft.demon.co.uk/no-it-striker.html '' - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now
Re: Role Based Struts Validation
David Graham wrote: In fact my client has made a major decision, to do a lot of validation using JavaScript using a massive library with minimum server-side validation if they can help it. Does your client realize the security problems associated with that decision? It's trivial to write a program that posts data to a web application; without server side checks a hacker could craft a malicious piece of data. What I meant by minimum validation is "simple validation" without hard and fast interfield and security credential dependency rules. In any case I going to have check that a String can covert to Date, or Integer. It will be just going to back in time 9 months ago to Struts 1.02 and Action Form and custom validation utility classes which I wrote. I have been unable to prove the concept that Struts Validator can do what they want. And they want complex role based validation for form fields. -- Peter Pilgrim __ _ _ _ / //__ // ___// ___/ + Serverside Java / /___/ // /__ / /__ + Struts / // ___// ___// ___/ + Expresso Committer __/ // /__ / /__ / /__ + Independent Contractor /___/////// + Intrinsic Motivation On Line Resume || \\===> `` http://www.xenonsoft.demon.co.uk/no-it-striker.html '' - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Role Based Struts Validation
In fact my client has made a major decision, to do a lot of validation using JavaScript using a massive library with minimum server-side validation if they can help it. Does your client realize the security problems associated with that decision? It's trivial to write a program that posts data to a web application; without server side checks a hacker could craft a malicious piece of data. David _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Role Based Struts Validation
> -Original Message-
> From: Evan Schnell [mailto:[EMAIL PROTECTED]]
>
> PILGRIM, Peter, FM wrote:
> >
----
> >
> >Actually I think that my understanding of the validator is flawed.
> >By default the validator will not check a field unless you
> >specify the "required". The way that "requiredif" is
> >implemented might be clue to what I need to do.
> >
/---
>
> The "required" and "requiredIf" rules have no special short-circuit
> behavior or impact on other rules. It seems that all required fields
> must be specified before any other rules are executed, but I
> have never
> seen this behavior formally documented anywhere. This
> behavior is (or
> has been) specific to Struts and does not occur when one uses the
> commons-validator from a non-struts application. The point
> is that the
> specification of a field as not required does not inhibit
> execution of
> other rules on that field.
I have been looking at the source code to `FieldChecks' I cant
see anything that describes this short cut either.
Neither
public static boolean validateRequired(Object bean,
ValidatorAction va, Field field,
ActionErrors errors,
HttpServletRequest request) {
or
public static boolean validateRequiredIf(Object bean,
ValidatorAction va, Field
field,
ActionErrors errors,
org.apache.commons.validator.Validator validator,
HttpServletRequest request) {
In fact my client has made a major decision, to do a lot of validation
using JavaScript using a massive library with minimum server-side
validation if they can help it.
I have been looking hard at the Struts Validator for a couple of days.
At first the XML config looked pretty cool for fast configuration.
But it is pretty inflexible when you want to extend the validation
to conditional validation. No short circuiting.
Default JavaScript also has its limitations.
I rendered my ActionMessages like this
errors.required={0} is required.
errors.minlength={0} cannot be less than {1} characters.
errors.maxlength={0} cannot be greater than
{1} characters.
The JavaScript pop-up renders the HTML code embedded.
First Name is required.
Who ever pays the bill decides in the end. Ah well!
> The required rule really only has application when the field
> really is
> _required_. It is still possible to validate the content of
> an optional
> field. For example:
>
>
>
>
>
> This declaration guarantees that if the user enters a value for the
> email field it must be a valid email address. If the user enters
> nothing, because the field is not required no error will be
> generated.
--
Peter Pilgrim,
Struts/J2EE Consultant, RBoS FM, Risk IT
Tel: +44 (0)207-375-4923
Visit our Internet site at http://www.rbsmarkets.com
This e-mail is intended only for the addressee named above.
As this e-mail may contain confidential or privileged information,
if you are not the named addressee, you are not authorised to
retain, read, copy or disseminate this message or any part of it.
The Royal Bank of Scotland plc is registered in Scotland No 90312
Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB
Regulated by the Financial Services Authority
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Role Based Struts Validation
PILGRIM, Peter, FM wrote: Actually I think that my understanding of the validator is flawed. By default the validator will not check a field unless you specify the "required". The way that "requiredif" is implemented might be clue to what I need to do. The "required" and "requiredIf" rules have no special short-circuit behavior or impact on other rules. It seems that all required fields must be specified before any other rules are executed, but I have never seen this behavior formally documented anywhere. This behavior is (or has been) specific to Struts and does not occur when one uses the commons-validator from a non-struts application. The point is that the specification of a field as not required does not inhibit execution of other rules on that field. The required rule really only has application when the field really is _required_. It is still possible to validate the content of an optional field. For example: This declaration guarantees that if the user enters a value for the email field it must be a valid email address. If the user enters nothing, because the field is not required no error will be generated. Evan. -- Evan Schnell, Technical Lead nVISIA, Twin Cities "Digital Architecture and Construction" 7701 France Ave. S, Edina, MN 55435 Voice: 952.837.2577 -- Fax: 952.837.2578 -- Mobile: 612.232.5972 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Role Based Struts Validation
> -Original Message-
> From: V. Cekvenich [mailto:[EMAIL PROTECTED]]
>
> I can't help on XML, but if it does not work, you are not
> sunk since ...
> stating the obvious ... of course you can implement the form Beans
> validate method in which you can write ... Java.
>
> .V
>
> PILGRIM, Peter, FM wrote:
> > My XML skills are brain dead. I just had a thought that my role base
> > struts validation will not work as intended.
> >
> > I intended to customise FieldChecks with validators that checks
> > against a "role" attribute in the action form. I realise that
> > the Validator does not quite work that way.
> >
> > Normally when you write the depends attribute you want
> > to do something like this
> >
> >
> >
> >
> >
> >
> > min
> > 18
> >
> >
> > max
> > 125
> >
> >
> >
> > Execute the "required" validator first, then the "integer"
> and "range"
> > ones.
> >
> > Now with role base validation. Say I have validator that checks that
> > role was in the administration category.
> >
> > depends="role,required,integer,range" >
> >
> >
> >
> >
> > min
> > 18
> >
> >
> > max
> > 125
> >
> >
> >
> > roleProperty
> > role
> >
> >
> > roleGroup
> > admin
> >
> >
> >
> >
> > This validator rule say that the action form has a property called
> > "role" and the group it should check for is "admin".
> >
> > If the action form has the role "admin" then the validation should
> > continue, if the action form does not have the role "admin"
> > then further validation should terminate. It should skip the
> > remaining validations "required", "integer" and "range"
> >
> > Of course I dont think the Validator works this way?
> > Is it possible to skip validations? If not, then I am sunk.
> >
----
Actually I think that my understanding of the validator is flawed.
By default the validator will not check a field unless you
specify the "required". The way that "requiredif" is
implemented might be clue to what I need to do.
The example given in the Struts User Guide in the section
"Conditionally required fields" is a bit too complicated.
I really do not need indexed properties so this is why it is
confusing me.
(http://jakarta.apache.org/struts/userGuide/printer/dev_validator.html)
What it describes though is validation on a conditional field.
It seems that customising my own copy of the "requiredif" rule
might be the path. I would like to do the following with the
role
(1) role is member of ("admin", "management" )
straight comparision with comma delimited list.
(2) role matches a regular expression
role =~ /admin|management/i
--
Peter Pilgrim,
Struts/J2EE Consultant, RBoS FM, Risk IT
Tel: +44 (0)207-375-4923
***
Visit our Internet site at http://www.rbsmarkets.com
This e-mail is intended only for the addressee named above.
As this e-mail may contain confidential or privileged information,
if you are not the named addressee, you are not authorised to
retain, read, copy or disseminate this message or any part of it.
The Royal Bank of Scotland plc is registered in Scotland No 90312
Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB
Regulated by the Financial Services Authority
***
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Role Based Struts Validation
V. Cekvenich wrote: I can't help on XML, but if it does not work, you are not sunk since ... stating the obvious ... of course you can implement the form Beans validate method in which you can write ... Java. This is just an *idea*. It has fairly sizable drawbacks but I have used the same principles when using the commons-validator outside of Struts. It would be possible to define a for each role and then override the validate() for role-based forms to use the correct form name. Ideally it should be a concatenation of the form bean name and the role name. Evan. -- Evan Schnell, Technical Lead nVISIA, Twin Cities "Digital Architecture and Construction" 7701 France Ave. S, Edina, MN 55435 Voice: 952.837.2577 -- Fax: 952.837.2578 -- Mobile: 612.232.5972 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Role Based Struts Validation
I can't help on XML, but if it does not work, you are not sunk since ... stating the obvious ... of course you can implement the form Beans validate method in which you can write ... Java. .V PILGRIM, Peter, FM wrote: My XML skills are brain dead. I just had a thought that my role base struts validation will not work as intended. I intended to customise FieldChecks with validators that checks against a "role" attribute in the action form. I realise that the Validator does not quite work that way. Normally when you write the depends attribute you want to do something like this min 18 max 125 Execute the "required" validator first, then the "integer" and "range" ones. Now with role base validation. Say I have validator that checks that role was in the administration category. min 18 max 125 roleProperty role roleGroup admin This validator rule say that the action form has a property called "role" and the group it should check for is "admin". If the action form has the role "admin" then the validation should continue, if the action form does not have the role "admin" then further validation should terminate. It should skip the remaining validations "required", "integer" and "range" Of course I dont think the Validator works this way? Is it possible to skip validations? If not, then I am sunk. -- Peter Pilgrim, Struts/J2EE Consultant, RBoS FM, Risk IT Tel: +44 (0)207-375-4923 Visit our Internet site at http://www.rbsmarkets.com This e-mail is intended only for the addressee named above. As this e-mail may contain confidential or privileged information, if you are not the named addressee, you are not authorised to retain, read, copy or disseminate this message or any part of it. The Royal Bank of Scotland plc is registered in Scotland No 90312 Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB Regulated by the Financial Services Authority - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Role Based Struts Validation
My XML skills are brain dead. I just had a thought that my role base struts validation will not work as intended. I intended to customise FieldChecks with validators that checks against a "role" attribute in the action form. I realise that the Validator does not quite work that way. Normally when you write the depends attribute you want to do something like this min 18 max 125 Execute the "required" validator first, then the "integer" and "range" ones. Now with role base validation. Say I have validator that checks that role was in the administration category. min 18 max 125 roleProperty role roleGroup admin This validator rule say that the action form has a property called "role" and the group it should check for is "admin". If the action form has the role "admin" then the validation should continue, if the action form does not have the role "admin" then further validation should terminate. It should skip the remaining validations "required", "integer" and "range" Of course I dont think the Validator works this way? Is it possible to skip validations? If not, then I am sunk. -- Peter Pilgrim, Struts/J2EE Consultant, RBoS FM, Risk IT Tel: +44 (0)207-375-4923 Visit our Internet site at http://www.rbsmarkets.com This e-mail is intended only for the addressee named above. As this e-mail may contain confidential or privileged information, if you are not the named addressee, you are not authorised to retain, read, copy or disseminate this message or any part of it. The Royal Bank of Scotland plc is registered in Scotland No 90312 Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB Regulated by the Financial Services Authority - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
