struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: problem with type validation
Date Wed, 26 Feb 2003 08:25:00 GMT

On Wed, 26 Feb 2003 wrote:

> Date: Wed, 26 Feb 2003 17:54:07 +1100
> From:
> Reply-To: Struts Developers List <>
> To:
> Subject: problem with type validation
> Hello,
> It seems to us that there is a serious flaw in the struts validation - in
> the RequestUtil class, the BeanUtils.populate method is called. In our
> testing, this allows an erroneous value to be replaced with a default value
> - for example a form class which will set a Short, and the form value
> entered is text, this will result in a value of 0. This all happens when
> the form bean is populated, before the server side validate() is called, or
> anything else can be intercepted. No exception occurs, so no errors can be
> generated. I was wondering if there is any idea about using something other
> than populate() - or making sure that the BeanUtils Converters do not use
> the constructors which make them enter default values....
> has anyone else had this problem, it seems to mean struts is only good for
> String inputs, otherwise any type conversion is not assured? Am I missing
> something, is there a parameter somewhere to tell struts to do typesafe
> conversions?

As a general rule, if you are using non-String fields in your form bean,
you are making a *huge* mistake.

Form bean fields that, when you display them on the page, are rendered as
text input fields should *always* be stored (in the form bean) as a
String.  When you get to your Action, after validations have been
completed (so you know that the String->Numeric conversion will succeed),
then you can use BeanUtils.copyProperties() to copy the properties from
the form bean to some appropriate value object, with automatic conversion.

As an extra added bonus, a user who types "1a3" instead of "123" into a
text field will get the behavior they expect from any self-respecting GUI
app -- the field will be redisplayed with exactly what they typed, so that
they can fix it.  Using a non-String field in your form bean makes that
basically impossible.

Form beans are part of the view tier in an MVC architecture, not part of
the model tier.  Trying to pretend otherwise just distorts the overall
design and causes you nothing but grief.

> Regards,
> Simon

Craig McClanahan

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message