TravisKlotz
Jun 18th, 2010, 11:46 AM
I'm currently working on an application with a fairly dynamic data model. The main form object contains a Map of Objects with properties I would like to bind to.
My binding properties look like this:
<form:input path="mapProperty[12345].value" />
<form:input path="mapProperty[77894].value" />
This works great, but I do not want to allow binding to ALL the properties on my object. This leads me to specifying a <binding> tag in my webflow. However the keys used in the map property are different for each user, so I cannot statically define all the correct properties.
This seams to leave me with only one choice if I want to stay with WebFlow, do not specify a binding and leave a huge security hole open in my application.
In normal SpringMVC there is a way to specify InitBinder method that would let me dynamically specify my allowed properties. I can fall back to this if necessary, but I don't really want to give up all the additional benefits of WebFlow.
Is there another solution to this?
My binding properties look like this:
<form:input path="mapProperty[12345].value" />
<form:input path="mapProperty[77894].value" />
This works great, but I do not want to allow binding to ALL the properties on my object. This leads me to specifying a <binding> tag in my webflow. However the keys used in the map property are different for each user, so I cannot statically define all the correct properties.
This seams to leave me with only one choice if I want to stay with WebFlow, do not specify a binding and leave a huge security hole open in my application.
In normal SpringMVC there is a way to specify InitBinder method that would let me dynamically specify my allowed properties. I can fall back to this if necessary, but I don't really want to give up all the additional benefits of WebFlow.
Is there another solution to this?