Example usage for org.springframework.web.bind ServletRequestDataBinder setDisallowedFields

List of usage examples for org.springframework.web.bind ServletRequestDataBinder setDisallowedFields

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.web.bind.*
  5. ServletRequestDataBinder
  6. setDisallowedFields

Introduction

In this page you can find the example usage for org.springframework.web.bind ServletRequestDataBinder setDisallowedFields.

Prototype

public void setDisallowedFields(@Nullable String... disallowedFields)

Source Link

Document

Register fields that should not be allowed for binding.

Usage

From source file:org.jasig.cas.services.web.RegisteredServiceSimpleFormController.java

/**
 * Sets the require fields and the disallowed fields from the
 * HttpServletRequest.//w  ww  .j  a v  a  2s.co  m
 * 
 * @see org.springframework.web.servlet.mvc.BaseCommandController#initBinder(javax.servlet.http.HttpServletRequest,
 * org.springframework.web.bind.ServletRequestDataBinder)
 */
protected final void initBinder(final HttpServletRequest request, final ServletRequestDataBinder binder)
        throws Exception {
    binder.setRequiredFields(new String[] { "description", "serviceId", "name", "allowedToProxy", "enabled",
            "ssoEnabled", "anonymousAccess", "evaluationOrder" });
    binder.setDisallowedFields(new String[] { "id" });
    binder.registerCustomEditor(String.class, new StringTrimmerEditor(true));
}

From source file:no.dusken.aranea.admin.control.EditPageController.java

protected void initBinder(HttpServletRequest request, ServletRequestDataBinder binder) throws Exception {
    super.initBinder(request, binder);
    binder.registerCustomEditor(Section.class, sectionEditor);
    binder.registerCustomEditor(List.class, "tags", tagsEditor);
    binder.registerCustomEditor(Calendar.class, timeEditor);
    binder.registerCustomEditor(List.class, "authors", authorsEditor);
    // to actually be able to convert Multipart instance to byte[]
    // we have to register a custom editor
    binder.registerCustomEditor(byte[].class, new ByteArrayMultipartFileEditor());
    binder.setBindEmptyMultipartFiles(false);
    // now Spring knows how to handle multipart object and convert them
    /*dont allow properties like published to be binded, so that it is not possible to set published to true
    * by tampering with the formsubmission
    * *//*from  www  .  ja  va2  s .  co  m*/
    String[] disallowedFields = new String[] {
            "published, modified, timePublished, " + "topic, sectionPriority, frontsidePriority" };
    binder.setDisallowedFields(disallowedFields);
}

From source file:org.bibsonomy.webapp.util.spring.controller.MinimalisticControllerSpringWrapper.java

@Override
protected void initBinder(final HttpServletRequest request, final ServletRequestDataBinder binder)
        throws Exception {
    super.initBinder(request, binder);

    /*//from  w  ww  . j a v  a  2  s.  c  o  m
     * set convertion service (string => enum, string => class)
     */
    binder.setConversionService(this.conversionService);

    /*
     * Register a custom date editor to support binding of date fields.
     * 
     * FIXME: This is a HACK to allow the DBLP update to set the date of 
     * (bookmark) posts. The problem is, that the date format is now fixed 
     * for ALL our controllers, since we can't override this initBinder
     * method (since we're using this MinimalisticController ... wrapper)
     *  
     */
    binder.registerCustomEditor(Date.class, new CustomDateEditor(DATE_FORMAT, true));

    /*
     * setting the dis/allowed fields for the binder
     */
    binder.setAllowedFields(allowedFields);
    binder.setDisallowedFields(disallowedFields);
}