Java Struts
Rules available in this category:
- Do_not_use_struts_action_class_instance_fields
- Always_include_only_getters_and_setters_in_form_beans
- Always_have_appropriate_getters_and_setters_for_instance_fields
Severity:
Critical
Rule:
Do not use Struts action class instance fields.
Reason:
Do not use Struts action class instance fields.
Usage Example:
import javax.servlet.http.*;
import org.apache.struts.action.*;
public class ActionBase extends Action
{
public int instanceField; // VIOLATION
public abstract ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception
{
// ...
}
}
Should be written as:
Reference:
http://struts.apache.org/struts-core/userGuide/building_controller.html
Severity:
Medium
Rule:
This helps achieve good separation between the form bean and the action bean.
Reason:
This helps achieve good separation between the form bean and the action bean.
Usage Example:
import javax.servlet.http.HttpServletRequest;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionMapping;
public final class Test_Form extends ActionForm
{
private String password = null;
private String username = null;
public String getPassword()
{
return (this.password);
}
public void setPassword(String password)
{
this.password = password;
}
public String getUsername()
{
return (this.username);
}
public void setUsername(String username)
{
this.username = username;
}
public void otherMeth() // VIOLATION
{
}
}
Should be written as:
import javax.servlet.http.HttpServletRequest;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionMapping;
public final class Test_Form extends ActionForm
{
private String password = null;
private String username = null;
public String getPassword()
{
return (this.password);
}
public void setPassword(String password)
{
this.password = password;
}
public String getUsername()
{
return (this.username);
}
public void setUsername(String username)
{
this.username = username;
}
//FIXED- otherMeth removed
}
Reference:
Section 4.3 of http://struts.apache.org/userGuide/
Severity:
Critical
Rule:
Failure to define these methods will prevent the Struts application from working correctly and lead to errors.
Reason:
Failure to define these methods will prevent the Struts application from working correctly and lead to errors.
Usage Example:
import javax.servlet.http.HttpServletRequest;
import org.apache.struts.action.ActionErrors;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionMapping;
public final class Test extends ActionForm
{
private String password = null; //VIOLATION- no getter method for field "password"
private String username = null;
public void setPassword(String password)
{
this.password = password;
}
public String getUsername()
{
return (this.username);
}
public void setUsername(String username)
{
this.username = username;
}
public void reset(ActionMapping mapping,
HttpServletRequest request)
{
setPassword(null);
setUsername(null);
}
public ActionErrors validate()
{
ActionErrors errors= new ActionErrors();
return errors;
}
}
Should be written as:
import javax.servlet.http.HttpServletRequest;
import org.apache.struts.action.ActionErrors;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionMapping;
public final class Test extends ActionForm
{
private String password = null;
private String username = null;
public String getPassword() //FIXED
{
return (this.password);
}
public void setPassword(String password)
{
this.password = password;
}
public String getUsername()
{
return (this.username);
}
public void setUsername(String username)
{
this.username = username;
}
public void reset(ActionMapping mapping,
HttpServletRequest request)
{
setPassword(null);
setUsername(null);
}
public ActionErrors validate()
{
ActionErrors errors= new ActionErrors();
return errors;
}
}
Reference:
Not Available.