- Struts validation is done to prevent attacks caused through unchecked input
- All the inputs should be checked using the struts validator before it is processed by the application
- Each and every field included in the form should be validated in the corresponding validation form
- The absence of validation for a single field may allow attackers to exploit the application
- Vulnerabilities in input validation may lead to buffer overflow attacks, cross-site scripting, SQL injection, etc.
Data Validation using Struts Validator
The following principles should be implemented in code when validating data using the Struts Validator
- Avoid duplicate validation forms in the validation xml file
- Implement struts validator class
- Enable the struts validator in the action form mapping
- Check for similar number of fields in action form and validation form
Avoid Duplication of Validation Forms
- Validation forms in struts are used to validate the input fields
- Validation forms with the same name should be avoided when mapping in validation xml files
- If two forms are given the same name, it indicates that the validation logic is incorrect
- When similar names are given, the struts validator selects one form in a random manner and discards the other form
Cheng® 