The validator form defines a validate()
method that fails to call super.validate()
.
The Struts Validator uses a form's validate()
method to check the contents of the form properties against the constraints specified in the associated validation form. That means the following classes have a validate()
method that is part of the validation framework:
ValidatorForm
ValidatorActionForm
DynaValidatorForm
DynaValidatorActionForm
validate()
method, you must call super.validate()
in your validate()
implementation. If you do not, the Validation Framework cannot check the contents of the form against a validation form. In other words, the validation framework will be disabled for the given form.[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A1 Unvalidated Input
[2] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3510 CAT I
[3] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 103
[4] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.3.1.1
[5] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.1
[6] T. Husted et al. Struts in Action: Building Web Applications with the Leading Java Framework Manning Publications
[7] The Struts project The Apache Foundation