I was told there is a way for initBinder
to ignore some keys passed in by a form.
So say I have a POJO with a name
, accountNumber
, and balance
.
The user posts a form with an update to accountNumber
with a new balance
, but attempts to tamper with the form and adds a name to the post.
How do I ignore the name key and value from this form using initBinder
?
edit: I feel like my bigger issue is the lack of understanding as to what initBinder
actually does. So even helping me understand what that does could help.
The DataBinder has two properties named allowedFields
and disallowedFields
that define what to (dis)allow for binding. Just use that in your @InitBinde
r method:
@InitBinder
public void initBinder(WebDataBinder binder) {
binder.setDisallowedFields("administrator");
}