javaeclipsespringspring-mvc-initbinders

Ignore form keys with initBinder


I was told there is a way for initBinder to ignore some keys passed in by a form.

So say I have a POJO with a name, accountNumber, and balance.

The user posts a form with an update to accountNumber with a new balance, but attempts to tamper with the form and adds a name to the post.

How do I ignore the name key and value from this form using initBinder?

edit: I feel like my bigger issue is the lack of understanding as to what initBinder actually does. So even helping me understand what that does could help.


Solution

  • The DataBinder has two properties named allowedFields and disallowedFields that define what to (dis)allow for binding. Just use that in your @InitBinder method:

    @InitBinder
    public void initBinder(WebDataBinder binder) {
        binder.setDisallowedFields("administrator");
    }