我有 struts.xml 中提到的 Struts 验证拦截器.
<!-- Configuration for the default package. -->
<package name="default" extends="struts-default">
<interceptors>
<!-- Interceptor to handle allowing only admins to certain actions -->
<interceptor name="adminOnly" class="adminInterceptor"/>
<!-- Interceptor to handle accessDenied exceptions thrown from service/model layer called from within actions -->
<interceptor name="accessDenied" class="accessDeniedInterceptor"/>
<!-- Copied from struts-default.xml and changed validation exclude methods -->
<interceptor-stack name="defaultStack">
<interceptor-ref name="accessDenied"/>
<interceptor-ref name="exception"/>
<interceptor-ref name="alias"/>
<interceptor-ref name="servletConfig"/>
<interceptor-ref name="prepare"/>
<interceptor-ref name="i18n"/>
<interceptor-ref name="chain"/>
<interceptor-ref name="debugging"/>
<interceptor-ref name="profiling"/>
<interceptor-ref name="scopedModelDriven"/>
<interceptor-ref name="modelDriven"/>
<interceptor-ref name="fileUpload"/>
<interceptor-ref name="checkbox"/>
<interceptor-ref name="staticParams"/>
<interceptor-ref name="params">
<param name="excludeParams">dojo\..*</param>
</interceptor-ref>
<interceptor-ref name="conversionError"/>
<interceptor-ref name="validation">
<param name="excludeMethods">cancel,execute,delete,edit,list</param>
</interceptor-ref>
<interceptor-ref name="workflow">
<param name="excludeMethods">input,back,browse,cancel</param>
</interceptor-ref>
</interceptor-stack>
<interceptor-stack name="fileUploadStack">
<interceptor-ref name="fileUpload"/>
<interceptor-ref name="defaultStack"/>
</interceptor-stack>
<interceptor-stack name="adminCheck">
<interceptor-ref name="defaultStack"/>
<interceptor-ref name="adminOnly"/>
</interceptor-stack>
</interceptors>
<action name="editUser" class="userAction" method="edit">
<interceptor-ref name="adminCheck"/>
<result name="success">/WEB-INF/pages/userForm.jsp</result>
<result name="input">/WEB-INF/pages/admin/userList.jsp</result>
</action>
<action name="cancelUser" class="userAction" method="cancel">
<result name="cancel" type="redirectAction">admin/users</result>
<!-- <result name="cancel">/WEB-INF/pages/admin/userList.jsp</result> -->
</action>
<action name="saveUser" class="userAction" method="save">
<!-- <result name="cancel" type="redirectAction">admin/users</result> -->
<result name="input">/WEB-INF/pages/userForm.jsp</result>
<result name="success" type="redirectAction">admin/users</result>
</action>
然后我有 JSP 页面,其中我提到
<s:form name="userForm" action="saveUser" method="post" validate="true" cssClass="well" autocomplete="off">
表单有 3 个提交按钮。
<div id="actions" class="form-group">
<s:submit type="button" cssClass="btn btn-primary" method="save" key="button.save" theme="simple">
<i class="icon-ok icon-white"></i>
<fmt:message key="button.save"/>
</s:submit>
<c:if test="${param.from == 'list' and not empty user.id}">
<s:submit type="button" cssClass="btn btn-danger" method="delete" key="button.delete"
onclick="return confirmMessage(msgDelConfirm)" theme="simple">
<i class="icon-trash"></i>
<fmt:message key="button.delete"/>
</s:submit>
</c:if>
<s:submit type="button" cssClass="btn btn-default" method="cancel" action="cancelUser" key="button.cancel" theme="simple">
<i class="icon-remove"></i>
<fmt:message key="button.cancel"/>
</s:submit>
</div>
</s:form>
我的 Action 类有这些方法:
public String execute() {
return SUCCESS;
}
public String cancel() {
if (!"list".equals(from)) {
return "home";
}
return "cancel";
}
public String save() throws Exception {
Integer originalVersion = user.getVersion();
boolean isNew = ("".equals(getRequest().getParameter("user.version")));
// only attempt to change roles if user is admin
// for other users, prepare() method will handle populating
if (getRequest().isUserInRole(Constants.ADMIN_ROLE)) {
user.getRoles().clear(); // APF-788: Removing roles from user
// doesn't work
String[] userRoles = getRequest().getParameterValues("userRoles");
for (int i = 0; userRoles != null && i < userRoles.length; i++) {
String roleName = userRoles[i];
try {
user.addRole(roleManager.getRole(roleName));
} catch (DataIntegrityViolationException e) {
return showUserExistsException(originalVersion);
}
}
单击“取消”按钮也会触发验证。有没有办法阻止点击“取消”时触发验证?
更改的代码:
<!-- Configuration for the default package. -->
<package name="default" extends="struts-default">
<interceptors>
<!-- Interceptor to handle allowing only admins to certain actions -->
<interceptor name="adminOnly" class="adminInterceptor"/>
<!-- Interceptor to handle accessDenied exceptions thrown from service/model layer called from within actions -->
<interceptor name="accessDenied" class="accessDeniedInterceptor"/>
<!-- Copied from struts-default.xml and changed validation exclude methods -->
<interceptor-stack name="myDefaultStack">
<interceptor-ref name="accessDenied"/>
<interceptor-ref name="exception"/>
<interceptor-ref name="alias"/>
<interceptor-ref name="servletConfig"/>
<interceptor-ref name="prepare"/>
<interceptor-ref name="i18n"/>
<interceptor-ref name="chain"/>
<interceptor-ref name="debugging"/>
<interceptor-ref name="profiling"/>
<interceptor-ref name="scopedModelDriven"/>
<interceptor-ref name="modelDriven"/>
<interceptor-ref name="fileUpload"/>
<interceptor-ref name="checkbox"/>
<interceptor-ref name="staticParams"/>
<interceptor-ref name="params">
<param name="excludeParams">dojo\..*</param>
</interceptor-ref>
<interceptor-ref name="conversionError"/>
<interceptor-ref name="validation">
<param name="excludeMethods">cancel,execute,delete,edit,list</param>
</interceptor-ref>
<interceptor-ref name="workflow">
<param name="excludeMethods">input, back, browse, cancel</param>
</interceptor-ref>
</interceptor-stack>
<interceptor-stack name="fileUploadStack">
<interceptor-ref name="fileUpload"/>
<interceptor-ref name="myDefaultStack"/>
</interceptor-stack>
<!-- <default-interceptor-ref name="myDefaultStack"/> -->
<interceptor-stack name="adminCheck">
<interceptor-ref name="myDefaultStack"/>
<interceptor-ref name="adminOnly"/>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="myDefaultStack"/>
最佳答案
I had done the configuration. I was asking what is wrong with it. Probably my title for question is wrong. But my intention to ask was why it is not working for me. What is wrong with my code.
在您的代码中,您在 s:submit 标记上使用了 method 属性。默认情况下,此属性不再有效,因为 DMI (Dynamic Method Invocation)被禁用。 xml 配置中有一个设置常量,您可以更改该常量以启用此功能。但是,如果您没有对方法隐含安全性,则可能会遇到其他安全问题。
<constant name="struts.enable.DynamicMethodInvocation" value="true"/>
<constant name="struts.mapper.action.prefix.enabled" value="false"/>
并使用
<s:submit type="button" cssClass="btn btn-default" method="cancel"
key="button.cancel" theme="simple">
另一种方法是将属性method更改为action并使用
<constant name="struts.enable.DynamicMethodInvocation" value="false"/>
<constant name="struts.mapper.action.prefix.enabled" value="true"/>
并使用
<s:submit type="button" cssClass="btn btn-default" action="cancelUser"
key="button.cancel" theme="simple">
您不能在 s:submit 标记中同时使用属性 method 和 action。如果上述两个设置均为 false,则将执行绑定(bind)到 s:form 标记的操作。这就是验证发生的原因。
关于java - 如何绕过取消时的 Struts 验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24914646/