Spring InitBinder
[英]Spring InitBinder
问题描述
I'm having some trouble setting up an initBinder in Spring MVC. 
我在Spring MVC中设置initBinder遇到麻烦。 I have a ModelAttribute which has a field which will sometimes display. 我有一个ModelAttribute,其中有一个有时会显示的字段。
public class Model {
private String strVal;
private int intVal;
private boolean boolVal; // Only shows in certain situations
}
How can I setup this initBinder properly? 如何正确设置此initBinder? Here is what I have, but whenever I modify the post data I'm able to modify this boolVal regardless of me saying it's not allowed. 这就是我所拥有的,但是每当我修改发布数据时,无论我说什么都不允许,我都可以修改这个boolVal。 I'm assuming my trouble is that I can't take the shortcut I'd like to. 我以为我的麻烦是我无法接受想要的捷径。
@InitBinder
public void initBinder(WebDataBinder binder) {
binder.setIgnoreUnknownFields(true);
if (binder.objectName() == MODEL) {
binder.setAllowedFields("*");
if (!somePermissionChecks()) {
binder.setDisallowedFields("boolVal");
}
}
}
The permission check is returning false, thus the call to setDisallowedFields is made. 权限检查返回false,因此调用了setDisallowedFields。 The problem is that I'm still able to fake this value on the UI by adding an input or changing the name of another field or appending it to the POST data. 问题在于,通过添加输入或更改另一个字段的名称或将其附加到POST数据,我仍然可以在UI上伪造该值。
Is there a quick way to do this, without having to list all the properties by hand? 有没有一种快速的方法,而不必手工列出所有属性?
1 个解决方案
解决方案1
0 2011-09-26 13:11:35
Is the permission check failing during the initialization of the binder? 绑定器初始化期间权限检查是否失败? Have you tried without the binder.setAllowedFields("*"); 您是否尝试过没有binder.setAllowedFields("*"); statement? 声明?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.