问题描述
我们的 Struts 应用程序重复了许多表单验证检查:(1) jQuery/JS 中的客户端,以及 (2) 单独的 Java 中的服务器端.
Our Struts application duplicates a lot of validation checks for forms: (1) Client-side in jQuery/JS, and (2) separately, Server-side in Java.
我问我的主管为什么,他说你永远不能相信客户端."但另一方面,为了方便,他也想在浏览器中提供 JS/jQuery 验证.
I asked my lead why, and he said "you can never trust the client-side." But on the other hand, as a convenience, he wants to provide JS/jQuery validation too in the browser.
有很多冗余代码.在双方都进行可重用验证的正确策略是什么?现在人们是否手动复制客户端/服务器端验证?
There is a lot of redundant code. What's the right strategy to have reusable validation on both sides? Do people manually duplicate client-side/server-side validation these days?
推荐答案
- 服务器端验证是强制性的:请求可以来自修改过的网页,例如使用 FireBug 或任何类型的 DevTools 更改的规则.或者更简单的是,恶意用户可以从一个页面(或 javascript 块,或者其他)创建的请求ad-hoc,完全绕过您的页面.
- Server side validation is mandatory : the request can come from a modified webpage, for example with rules altered with FireBug or any kind of DevTools. Or even easier, the request can be crafted by a malicious user, coming from a page (or a javascript block, or else) created ad-hoc, completely bypassing your page.
- 客户端验证用户友好和性能友好:它防止用户等待服务器的否定响应,它防止网络被本可以停止的错误请求淹没(考虑到用户数量以及上传文件和表单数据的可能性,这可能很快达到临界质量).
- Client side validation is user-friendly and performance friendly: it prevents the user to wait for the server's negative response, it prevents the network from being flooded with wrong requests that could have been stopped (given the number of users and the possibility of uploading files along with form data, this could reach a critical mass very soon).
把它想象成你家的门:有了它,没有正确的钥匙就无法进入.没有它,任何人都可以进入.
Think of it like the door of your house: with it, noone without the right key can enter. Without it, anyone can enter.
把它想象成建筑物外的带有对讲机的门.有了它,如果您不接听对讲机,人们就会立即离开.没有它,人们需要进入大楼,爬楼梯,敲门......才发现你不在家.
Think of it like the door with the intercom outside the building. With it, if you don't answer to the intercom, people goes away immediately. Without it, people need to enter the building, climb the stairs, knock to your door... just to discover that you are not at home.
您需要应用服务器端验证,在 Struts2 的情况下是通过 validate() 或 validateXXX() 方法,或通过 XML 验证,或使用注解(使用内置的 Struts2 Annotations per-action,或使用 jsr303-validator-plugin by @UmeshAwasthi per-entity).
You NEED to apply a server-side validation, that in the case of Struts2 is either by validate() or validateXXX() method, or by XML Validation, or using annotations (with the inbuilt Struts2 Annotations per-action, or with the jsr303-validator-plugin by @UmeshAwasthi per-entity).
如果你想重用你的服务器端验证作为客户端验证你可以使用Struts2-jQuery-plugin 描述 在这个答案中.
If you want to reuse your server-side validation as client-side validation you can use the Struts2-jQuery-plugin as described in this answer.
顺便说一句,HTML5(带有后备)和客户端的基本 jQuery 验证就足够了.
BTW, HTML5 (with fallbacks) and a basic jQuery validation on client side should be enough.
把真正的精力放在服务器端,然后如果你还有时间和预算,增强客户端.
Put the real effort on server-side, then if you still have time and budget, enhance client side.
这篇关于Struts Web 应用程序:可重用验证客户端和服务器端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!