Struts2 compatibility issues - EL expressions disabled in 2.0.11


If you have been developing Struts2 applications in version <= 2.0.9, there are two important compatibility issues that you must address before you can upgrade to 2.0.11 or 2.1. These are the portlet compatibility issues and EL expression issue in Struts2 tags.

1. Struts 2.0.9 contained a major security issue as detailed here. The problem was that using EL expressions and OGNL tags at the same time in Struts2 tags, malicious code could be executed. The fix in 2.0.11 was to disable EL expressions completely(!). This means that code written in 2.0.9 will break in 2.0.11 if you have used EL expressions in JSP. If you have a well tested production system, this means total nightmare. Well, now you are between devil and the sea! :-)

2. Portlet support is undergoing drastic changes. If you have already developed your portlet application in 2.0.9, you will have to do a couple of changes before you can move to 2.0.11 or 2.1. This includes changes in web.xml.

Using Interceptors in Struts2


Interceptors are classes which implement com.opensymphony.xwork2.interceptor.Interceptor interface. Interceptors are configured in struts.xml. Interceptors are used for pre-processing and post-processing on Action invocations. Multiple interceptors can be applied to an action request.

Interceptor stack is a group of interceptors which can be referenced together. So instead of configuring a number of interceptors every time, we can just configure an interceptor stack with all the required interceptors in it.
Struts2 configures a default interceptor stack which handles all the generic functionalities required by action classes. These include Exception Interceptor, Validation Interceptor etc.

To demonstrate the use of interceptors, let us build an interceptor named “actiontimer” which will print the time required by an action request in milliseconds on the console. To ensure that time taken by default interceptors are not included, we will configure actiontimer as the last interceptor after default interceptor stack.

ActionTimer.java

struts.xml

interceptordemo.jsp

Struts2 Control Tags - Using iterator Tag


Download Source | View Demo

iterator tag can be used to loop over a collection of objects. The only requirement is that the collection should be of type java.util.Collection or java.util.iterator.

Here is a sample use,

Inside the iterator, the top of the value stack is the current object in the loop. Hence when you access “name”, it is actually “current_list_object.name”.

The current object is pushed to the value stack using the “id” field as the key. Hence referring “#userobj.name” is same as “name”. Similarly status field value (in this case user_stat) is the key in which the iterator status object is pushed. Hence you can check for an even row using the expression #user_stat.even which returns a boolean value.

Check out the following sample which demonstrates the use of iterator tag. In this IterateDemo action class populates dummy customer data is a list and passes it to iteratedemo.jsp. Using Struts2 iterator, the customer listing is printed out. Note the use of iterator status for alternate coloring of the rows. This sample also shows the use of stylesheets.

IterateDemo.java

Customer.java

iteratedemo.jsp

struts.xml

Parameters for iterator tag

Name Required Default Evaluated Type Description
id false false String Value stack key in which the current object is pushed
value false false String The list being iterated
status false false false String Value stack key in which the iterator status is stored

Form Validation in Struts2 - Basic Server Side Validation Example


Download Source | View Demo

One of the core Struts2 features is its comprehensive built in validation support. Struts2 supports a wide range of validation rules including regular expression validation. Data type validations supported are - conversion,date,double, email, expression, fieldexpression, int, regex, required, requiredstring,stringlength, url and visitor.

To use any of the predefined validators, no initial configuration is needed. Validation is implemented using a ValidationInterceptor which is configured in the default interceptor stack.

Struts2 supports serverside and client side validations. It also supports Ajax validation. Validations can be applied to specific form fields or it can be non field validations. It is also possible to create custom validators for any project specific validation requirements.

In this post, I will look at how simple server side validation can be implemented in Struts2.

We have a requirement to implement a screen which captures customer information. For simplicity, let us assume that this screen fields require the following validation.

Name : String with a maximum length of 50 characters
Age : Integer between 1 and 120
Email : A valid email address

The sample screen is given below.

sample-validation-screen1.jpg

First we need an action class to display the new customer form.

CustomerNewAction.java - Action class to dispatch to customer data capture form

customer_new.jsp - Form to capture customer data

One important thing to note here is the use of s:head tag. This injects the required stylesheets for error display after validation. The default theme used here is xhtml.

As you can see the input form is submitted to CustomerSaveAction. This will save the data and will dispatch to a page customer_save_success.jsp.

CustomerSaveAction.java - This is responsible for saving customer data. In this example, actual save is not implemented.

customer_save_success.jsp

Now we need to apply the declarative validation to CustomerSaveAction. To do that create a file CustomerSaveAction-validation.xml in the same folder which contains CustomerSaveAction.java. In Struts2, validation rules for an action class X is saved in a file X-validation.xml.

CustomerSaveAction-validation.xml

For more details on each of the validators and their parameters, please see here.

Let us connect everything together using struts.xml. Note the extra result tag (input) for CustomerSaveAction. It indicates the page to be displayed in case of input error.

struts.xml

web.xml

To invoke this sample, access the URL http://localhost:8080/struts2/CustomerNewAction.action. This is how the screen appears after validation,

sample-validation-screen2.jpg

Struts2 Control Tags – Using if Tag


Struts2 if tag can be used for basic conditional flow. Using OGNL syntax, all types of conditional checks are possible. This tag can be followed with elseif and else blocks. Given below are some examples of if tag usage.

Sample application demonstrating usage of Struts2 if tag
This sample contains a single page with a link. Whenever user clicks on the link, the clicked link name is shown below.

When a link is clicked, its id is copied to the linkid hidden field using JavaScript and IfDemo action is invoked. Struts2 automatically maps this hidden field to linkid field in IfDemo action class. Then it renders the ifdemo.jsp. At this point, class variables in IfDemo action class are automatically available in ifdemo.jsp (since they are pushed to value stack). The if tag in JSP checks for the value of linkid in value stack and prints it out.

Action Class - IfDemo.java

Struts configuration - struts.xml

Sample screen - ifdemo.jsp

Parameters for if tag

Name Required Default Evaluated Type Description
test true false boolean content inside the tag is displayed only if this boolean expression is true
« Previous Entries