This is untested (!), but adapted from a working "twofields" validation
method (used to make sure password1 matches password2, etc.), so it
shouldn't be far off the mark.
validation.xml:
<!-- nothing real unusual here -->
<field property="userID" depends="required,minlength,maxlength">
<arg0 key="label.userID"/>
<arg1 name="minlength" key="${var:minlength}" resource="false"/>
<arg2 name="maxlength" key="${var:maxlength}" resource="false"/>
<!-- error message would be something like "{0} cannot contain
fewer than {1} characters", where
the first arg comes from the bundle (label.userID), but
the second arg literally comes
from var-value stated here (because resource = "false") -->
<var>
<var-name>minlength</var-name>
<var-value>3</var-value>
</var>
<var>
<var-name>maxlength</var-name>
<var-value>20</var-value>
</var>
</field>
<!-- using the new custom rule (password value cannot contain
userID value) -->
<field property="password" depends="required,mustNotContainUserID">
<arg0 key="label.password"/>
<arg1 name="mustNotContainUserID" key="label.userID"/>
<!-- error message would be something like "{0} value must not
contain value of {1}", or
"password value must not contain value of userID", if
custom rule is violated -->
<var>
<var-name>fieldToTest</var-name>
<var-value>userID</var-value>
</var>
</field>
validator-rules.xml:
<!-- twoFields -->
<validator name="mustNotContainUserID"
classname="ValidationUtil"
method="validateDoesNotContainUserID"
methodParams="java.lang.Object,
org.apache.commons.validator.ValidatorAction,
org.apache.commons.validator.Field,
org.apache.struts.action.ActionErrors,
javax.servlet.http.HttpServletRequest"
depends="required"
msg="errors.mustNotContainUserID"/>
<!-- not sure the difference between depends="required" here versus
in the field config above -->
ValidationUtil (classname and method specified in validator-rules.xml)
public static boolean validateDoesNotContainUserID(Object bean,
ValidatorAction va, Field field, ActionErrors errors, HttpServletRequest
request) {
String value = ValidatorUtil.getValueAsString(bean,
field.getProperty());//value of password field
String sProperty2 = field.getVarValue("fieldToTest");
String value2 = ValidatorUtil.getValueAsString(bean,
sProperty2);//value of field specified by "fieldToTest" -- userID
if (!GenericValidator.isBlankOrNull(value)) {
try {
if (value.indexOf(value2) != -1) {
errors.add(field.getKey(), Resources.getActionError(request,
va, field));
return false;
}
} catch (Exception e) {
errors.add(field.getKey(), Resources.getActionError(request, va,
field));
return false;
}
}
return true;
}
Erik
Wendy Smoak wrote:
>(No luck on commons-user; trying again here.)
>
>I'm trying to validate a password such that it cannot contain the userId.
>Is this something I can do in validation.xml?
>
>I'm currently using a mask in validation.xml:
> <field property="password" depends="required,mask">
> <arg0 key="label.password"/>
> <var>
> <var-name>mask</var-name>
> <var-value>^[0-9a-zA-Z!%*-_+=:,\./?]*$</var-value>
> </var>
> </field>
>
>(And I'm not very good at regular expressions, so if there's a better way to
>say "letter, digit, or any of these special characters, I would appreciate a
>suggestion.)
>
>Can it be done with validwhen? How do I say "does not _contain_ userId"?
>I'd like it to be case insensitive, but could live without that if it's
>easier.
>
>Thanks,
>Wendy Smoak
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
|