Jun 14th, 2005, 01:29 AM
Binding a password and confirmPassword field
I have a form that allows the user to edit their profile ( username, email, password ). In the case of the password I only want to bind the password field to the command object when the confirmPassword field is also provided. When password and confirmPassword are left blank I would like NO binding to take place for the password on the command object.
The primary motivation is to only update a user's password when both password and confirmPassword are supplied.
Jun 14th, 2005, 01:01 PM
Look at one of the onBind() methods and see if you can override it for custom binding.
Jun 14th, 2005, 05:53 PM
It is my understand that onBind() occurs after the other binding has taken place. This means that the password and confirmPassword have already been bound and have overwritten the password that was in the user command object. This causes a blank password when saved with Hibernate.
I did potentially find a way to prevent fields from being bound using the DataBinder.setAllowedFields. I could remove the password and confirmPassword fields from the "allowed fields" when they are empty ("" or null) in the request. Therefore, the DataBinder will skip binding these fields and generate a warning.
I know the allowedFields is intended to be used a security feature to prevent unwanted request variables from setting properties on the command object. Is this method of changing the allowedFields per request a "hack"?
Jun 14th, 2005, 07:48 PM
Well if the property is called 'password' in the command object, who says you have to name the html field the same way if you don't want a direct binding? Usually password fields don't get prefilled when the form is shown back to the user, so there is no point to have a direct binding, right?
Originally Posted by jacksonakj
Jun 14th, 2005, 09:28 PM
Excellent point. I was looking for a complex answer to a simple solution. Thanks for the advice.