Jump to content

Check out our Community Blogs

Recent Status Updates

  • Photo
      10 Jul

    True or just funny? One day programmers will become obsolete as they make errors and programs don't :D

    Show comments (4)
View All Updates

Developed by TechBiz Xccelerator
* * * * * 1 votes

Spring MVC security of submit

spring mvc security

This topic has been archived. This means that you cannot reply to this topic.
2 replies to this topic

#1 speculatius


    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 106 posts

Posted 30 January 2013 - 10:26 AM

Hi all,

currently I am learning spring mvc. Here is my situation...

Lets say I have model class like this:

class Person {
  private String firstname;
  private String surname;
  private Integer likesCount;
  // ...setters and getters

Then I have controller to enable user to change his name...

class PersonUpdateController {
  @RequestMapping(value = "\person", method = RequestMethod.POST)
  public update(@ModelAttribute("person") Person person, Model model) {
    // ...validation and save

And finally I have form...

<f:form action="person" method="post" modelAttribute="person">
  <f:input path="firstname"/>
  <f:input path="surname"/>
  <input type="submit"/>

When user uses this form, he is able to post only firstname and surname to the backend. But technically it is possible to send in request also likesCount, and that is security issue. In php framework Yii it is possible to specify which attributes should be propagated to backend by defining validation criteria on every model class. Is something like that possible in spring? I think some kind of interceptor could do the trick? Thank you.

#2 wim DC

wim DC


  • Expert Member
  • PipPipPipPipPipPipPipPip
  • 2678 posts

Posted 02 February 2013 - 02:07 PM

Add this somewhere in your controller

public void initBinder(WebDataBinder binder) {

#3 speculatius


    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 106 posts

Posted 03 February 2013 - 02:51 AM

Thanks. This looks like what I was looking for.