You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Justy Wong <wo...@chowsangsang.com> on 2004/10/18 11:32:31 UTC

validation question

Hi,

I have a http://localhost:8080/login.do action and I want to do validation for the form when user submit their username & password. 

here is my setting in validation.xml:

        <form name="loginForm">
            <field property="username" depends="required">
                <arg0 key="its.login.username"/>
            </field>
            <field property="password" depends="required,mask">
                <arg0 key="its.login.password"/>
                <var>
                    <var-name>mask</var-name>
                    <var-value>^[0-9a-zA-Z]*$</var-value>
                </var>
            </field>
        </form>

The validation works fine however, when I just type the http://localhost:8080/login.do in my browser (no submit), the validation error will show up at once.
I understand that it's just like I submit a form to login.do action without any parameter.
My question is, do struts provide any simple method to avoid this and just show no error message? Thanks a lot!!!

Justy

Re: validation question

Posted by Yves Sy <yv...@gmail.com>.

Hi,

Struts doesn't have anything like that.

IMHO, I also think that using validator on the login page is not good
practice as it would give malicious users a good idea on how your app
handles authentication.

Usually, you'd just return a generic error message such as
"Username/password invalid" whenever login fails (or in your case, the
user directly types /login.do in the browser). Try not to give out any
information as much as possible.

Regards,
-Yves-


On Mon, 18 Oct 2004 17:32:31 +0800, Justy Wong <wo...@chowsangsang.com> wrote:
> Hi,
> 
> I have a http://localhost:8080/login.do action and I want to do validation for the form when user submit their username & password.
> 
> here is my setting in validation.xml:
> 
>         <form name="loginForm">
>             <field property="username" depends="required">
>                 <arg0 key="its.login.username"/>
>             </field>
>             <field property="password" depends="required,mask">
>                 <arg0 key="its.login.password"/>
>                 <var>
>                     <var-name>mask</var-name>
>                     <var-value>^[0-9a-zA-Z]*$</var-value>
>                 </var>
>             </field>
>         </form>
> 
> The validation works fine however, when I just type the http://localhost:8080/login.do in my browser (no submit), the validation error will show up at once.
> I understand that it's just like I submit a form to login.do action without any parameter.
> My question is, do struts provide any simple method to avoid this and just show no error message? Thanks a lot!!!
> 
> Justy
> 


-- 
For me to poop on!
http://www.formetopoopon.com
http://www.nbc.com/nbc/Late_Night_with_Conan_O'Brien/video/triumph.shtml

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org