You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Justy Wong <wo...@chowsangsang.com> on 2004/10/18 11:32:31 UTC
validation question
Hi,
I have a http://localhost:8080/login.do action and I want to do validation for the form when user submit their username & password.
here is my setting in validation.xml:
<form name="loginForm">
<field property="username" depends="required">
<arg0 key="its.login.username"/>
</field>
<field property="password" depends="required,mask">
<arg0 key="its.login.password"/>
<var>
<var-name>mask</var-name>
<var-value>^[0-9a-zA-Z]*$</var-value>
</var>
</field>
</form>
The validation works fine however, when I just type the http://localhost:8080/login.do in my browser (no submit), the validation error will show up at once.
I understand that it's just like I submit a form to login.do action without any parameter.
My question is, do struts provide any simple method to avoid this and just show no error message? Thanks a lot!!!
Justy
Re: validation question
Posted by Yves Sy <yv...@gmail.com>.
Hi,
Struts doesn't have anything like that.
IMHO, I also think that using validator on the login page is not good
practice as it would give malicious users a good idea on how your app
handles authentication.
Usually, you'd just return a generic error message such as
"Username/password invalid" whenever login fails (or in your case, the
user directly types /login.do in the browser). Try not to give out any
information as much as possible.
Regards,
-Yves-
On Mon, 18 Oct 2004 17:32:31 +0800, Justy Wong <wo...@chowsangsang.com> wrote:
> Hi,
>
> I have a http://localhost:8080/login.do action and I want to do validation for the form when user submit their username & password.
>
> here is my setting in validation.xml:
>
> <form name="loginForm">
> <field property="username" depends="required">
> <arg0 key="its.login.username"/>
> </field>
> <field property="password" depends="required,mask">
> <arg0 key="its.login.password"/>
> <var>
> <var-name>mask</var-name>
> <var-value>^[0-9a-zA-Z]*$</var-value>
> </var>
> </field>
> </form>
>
> The validation works fine however, when I just type the http://localhost:8080/login.do in my browser (no submit), the validation error will show up at once.
> I understand that it's just like I submit a form to login.do action without any parameter.
> My question is, do struts provide any simple method to avoid this and just show no error message? Thanks a lot!!!
>
> Justy
>
--
For me to poop on!
http://www.formetopoopon.com
http://www.nbc.com/nbc/Late_Night_with_Conan_O'Brien/video/triumph.shtml
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org