Hi all,
Cheers for the suggestions - I guess I was just looking for a sanity
check from the list.
My current method (almost exactly the same as below) is to check a
choice form field for null in the validateXXX() method - this is the
case when you call the action without POST from a form. If null, I can
return INPUT from the validation method (which, interestingly enough,
lets me set the return type as String, and have it honoured as a valid
result - I thought void was the only valid validateXXX result type).
The input result kicks the user to the form they should've used. Job
done.
I'm not using XML or annotation validators - 95% of my validation is
more complex than those allow.
The reasoning behind wanting to do this is my users are somewhat
curious, and are prone to poking. I'd prefer for them to not see blank
pages, stack traces, or otherwise!
Andy.
On 24 Jan 2009, at 02:52, Dave Newton wrote:
Andy Sykes wrote:
My forms all submit to a different action than that which renders
the pages.
Is there a recommended way to prevent/mitigate the effect of users
directly calling the actions (via their URL) that forms are
submitted to? In this case, the actions' fields are null, which is
somewhat irritating in an action method that has associated
validation..
The simplest solution, although somewhat hacky, might be to just
check for a hidden form token in the action's validate method. If
it's not there, it wasn't reached from the form. If it is, call
super.validate() which will run any XML/annotation-based validation.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org