java - Spring MVC, one controller for "add" and "update" when using setDisallowedFields? -


So I have a simple form through which I can "add" a new thing or an existing "update" thing .

What I would like to do is a controller who can process both adding and updating. In the beginning it seems quite simple, unless I consider the problem of using setDisallowedFields in my InitBinder so that the "id" field is not allowed during adding a new item.

Currently I have two controllers which can be the same code except for the Endbinder method.

Any suggestions or advice? (I'm open to the argument that I should also keep two controllers, if you can give me good reason)

Basically, you should reject both the" id "field when adding and updating. Otherwise the "id" of the malicious user update request may be compromised with the value of the request parameter and thus update any other records shown by the form (assuming no ACL or other domain-level security is assumed).

However, if you reject the "id" field, you see the controller ID blank, which will work when inserting, but will not be time to update (for example, instead of updating this, a new record You can try to put it, based on the firmness mechanism you are using). You want the administrator to remember the non-editable values ​​of your domain object (not only ID, but all denied fields) in order to send all correct values ​​for this service level or other business logic. This type-level @ session entry is done using annotation, as follows (other comments to be left for clarity): 

  @ session attraction ("cheese") // Domain object name public class ThingController {Public Zero set Diselfeld (webdetabiner binder) {binder.setDisallowedFields ("id", "someOtherUneditableField"); } // ways to deal with requests, go here as before)

For better security, set the allowed areas instead of the denied areas

< / Html> Whatever you need to do @ session entries annotation to fill the existing field values,

Comments

Post a Comment

Popular posts from this blog

python - Overriding the save method in Django ModelForm -

I'm having trouble overriding a ModelForm save method. I get this error I'm: Exception type: TypeErier Exception Value: Save () found an unexpected keyword argument 'committed' My intentions include a form 3 fields Submit several values ​​for, then create an object for each combination of those areas, and to save each object file models.py class collarsult type (models.Model): id = model. AutoField (db_column = 'icontact_result_code_type_id', primary_key = true) callResult = models.ForeignKey ( 'CallResult', db_column = 'icontact_result_code_id') campaign = models.ForeignKey ( 'campaign', db_column = 'icampaign_id') CALLTYPE = models.ForeignKey ( 'CALLTYPE', db_column = 'icall_type_id') agent = models.BooleanField (db_column = 'bagent', default = true) teamLeader = models.BooleanField (db_column = 'bTeamLeader', default = true) active = models.BooleanField (db_column = Django.form...
Read more

html - CSS autoheight, but fit content to height of div -

I have a div in which there are three children- div in the left and middle div: float: left while true: float: true because it is my layout Actually will spoil, I've used ClearFix Hack: .cf {zoom: 1; }. Cf: First,. Cf: {content: ""; Display: Table; }. Cf: After {clear: both; } It still works, but I want to be the right div an indicator. So it should fill 100% of the parent unit of height. How can I complete this? PS is the full code: & Lt; / Div & gt; & Lt; Div class = "mobile_content" & gt; & Lt; H5 & gt; {{Data.titel}} & lt; / H5> & Lt; Table & gt; & Lt; TR & gt; & Lt; Th & gt; Komponist: & lt; / Th & gt; & Lt; TD & gt; {{Data.komponist}} & lt; / TD & gt; & Lt; / TR & gt; & Lt; TR & gt; & Lt; Th & gt; Instrument: & lt; / Th & gt; & Lt; TD & gt; {{Data.instrumente}} & lt; / TD & gt; & Lt; / TR & gt;...
Read more

qt - How to prevent QAudioInput from automatically boosting the master volume to 100%? -

I have been trying to use Qt5 multimedia to record audio with QAudioInput, however, when I see If QAudioInput is started, it increases the master volume of my sound device to 100%. How can I prevent QAudioInput from changing the master volume? My current development platform is Linux with PalsAdio (with flat audio disabled). How can I use QAudioInput : QAudioDeviceInfo device_info = QAudioDeviceInfo :: defaultInputDevice (); QAudio format format; Format.setSampleRate (44100); Format.setChannelCount (1); Format.setSampleSize (16); Format.setCodec ("Audio / PCM"); Format.setSampleType (QAudioFormat :: SignedInt); Format.setByteOrder (QAudioFormat :: LittleEndian); Std :: cout & lt; & Lt; Device_info.deviceName (). ToUtf8 (). ConstData () & lt; & Lt; Std :: endl; QAudioInput * default_device = new QAudioInput (device_info, format); QIODevice * default_io_device = default_device-> Start (); a QAudioInput.setVolume () method is not you I ...
Read more