Note that there are potential security implications in failing to set an array of allowed fields. In the case of HTTP form POST data for example, malicious clients can attempt to subvert an application by supplying values for fields or properties that do not exist on the form. In some cases this could lead to illegal data being set on command objects or their nested objects. For this reason, it is highly recommended to specify the allowedFields property on the DataBinder.
The binding results can be examined via the Errors interface, available as BindException instance. Missing field errors and property access exceptions will be converted to FieldErrors, collected in the Errors instance, with the following error codes:
Custom validation errors can be added afterwards. You will typically want to resolve such error codes into proper user-visible error messages; this can be achieved through resolving each error via a MessageSource. The list of message codes to try can be customized through the MessageCodesResolver strategy. DefaultMessageCodesResolver's javadoc gives details on the default resolution rules.
By default, binding errors are resolved through the binding error processor for required binding errors and property access exceptions. You can override those if needed, for example to generate different error codes.
This generic data binder can be used in any sort of environment.
It is heavily used by Spring's web MVC controllers, via the subclass
org.springframework.web.bind.ServletRequestDataBinder.
| Field Summary | |
|---|---|
| static String |
Default object name used for binding: "target" |
| protected static Log |
We'll create a lot of DataBinder instances: Let's use a static logger. |
| Constructor Summary |
|---|
|
Create a new DataBinder instance, with default object name. |
|
Create a new DataBinder instance. |
| Method Summary | |
|---|---|
| protected void |
Apply given property values to the target object. |
| void |
Bind the given property values to this binder's target. |
| protected void |
Check the given property values against the allowed fields, removing values for fields that are not allowed. |
| protected void |
Check the given property values against the required fields, generating missing field errors where appropriate. |
| Map |
Close this DataBinder, which may result in throwing a BindException if it encountered any errors |
| protected BindException |
Create a new Errors instance for this data binder. |
| protected void |
Actual implementation of the binding process, working with the passed-in MutablePropertyValues instance. |
| PropertyEditor |
No description provided. |
| String[] |
Return the fields that should be allowed for binding. |
| protected BeanWrapper |
Return the underlying BeanWrapper of the Errors object. |
| BindingErrorProcessor |
Return the strategy for processing binding errors. |
| BindException |
Return the Errors instance for this data binder. |
| String |
Return the name of the bound object. |
| String[] |
Return the fields that are required for each binding process. |
| Object |
Return the wrapped target object. |
| protected boolean |
Return if the given field is allowed for binding. |
| boolean |
Return whether to ignore unknown fields, i.e. |
| void |
No description provided. |
| void |
No description provided. |
| void |
Register fields that should be allowed for binding. |
| void |
Set the strategy to use for processing binding errors, that is, required field errors and PropertyAccessExceptions.
|
| void |
Set whether to extract the old field value when applying a property editor to a new value for a field. |
| void |
Set whether to ignore unknown fields, i.e. |
| void |
Set the strategy to use for resolving errors into message codes. |
| void |
Register fields that are required for each binding process. |
| Methods inherited from java.langObject |
|---|
Default implementation applies them all of them as bean property values via the corresponding BeanWrapper. Unknown fields will by default be ignored.
This call can create field errors, representing basic binding errors like a required field (code "required"), or type mismatch between value and bean property (code "typeMismatch").
Note that the given PropertyValues should be a throwaway instance: For efficiency, it will be modified to just contain allowed fields if it implements the MutablePropertyValues interface; else, an internal mutable copy will be created for this purpose. Pass in a copy of the PropertyValues if you want your original instance to stay unmodified in any case.
The default implementation checks for "xxx*" and "*xxx" matches. Can be overridden in subclasses.
If the field is found in the allowedFields array as direct match, this method will not be invoked.
public
boolean
isIgnoreUnknownFields
(
)
public
void
registerCustomEditor
(
Class
requiredType,
String
field,
PropertyEditor
propertyEditor
)
Supports "xxx*" and "*xxx" patterns. More sophisticated matching can be implemented by overriding the isAllowed method.
protected static
PropertyAccessExceptions.
Default is a DefaultBindingErrorProcessor.
public
void
setExtractOldValueForEditor
(
boolean
extractOldValueForEditor
)
Default is "true", exposing previous field values to custom editors. Turn this to "false" to avoid side effects caused by getters.
public
void
setIgnoreUnknownFields
(
boolean
ignoreUnknownFields
)
Default is a DefaultMessageCodesResolver.
If one of the specified fields is not contained in the list of incoming property values, a corresponding "missing field" error will be created, with error code "required" (by the default binding error processor).
