From the Spring API, i understood that @InitBinder
is used to initialize some binding rules..
In the petclinic example why we have setdisallowed("id")
? when the id is not displayed on the form?
@InitBinder
public void setAllowedFields(WebDataBinder dataBinder) {
dataBinder.setDisallowedFields("id");
}
The id field is not displayed on the web page then why we are using the above code?
can we have some thing like this:
@InitBinder
public void setAllowedFields(WebDataBinder dataBinder) {
dataBinder.setDisallowedFields("FirstName");
}
as per the above code the first name field of the owner object will not be set though user enters on the form? Is that correct?
link for the source
Because it can still be submitted if the end-user modifies the page or the request (for example using FireBug). Thus he can inject values into your bound object even if you don't want this.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With