Hi all,

how is it possible to make a field to be read-only at binding (while submitting a form).

Of course, I can make my field "readonly" or "disabled" in my HTML form. But if someone edit the HTML code and make the field not readonly and submit the form, the field will be binded and modified.

Note that I'm using OpenSessionInView.

In other words, I would like that my command object mapped on my view, but my submitted data (some fields) not mapped back on my command.

Is it possible ? By making a specific PropertyEditor ?

Thanks

It is a bit of a hidden feature in the DataBinder (http://static.springframework.org/spring/docs/2.5.x/api/org/springframework/validation/DataBinder.html) but you can specify which fields are allowed or which fields aren't allowed or which fields are required. So if you set fields readonly/disabled you can also set them disallowed in your controller/binder and if someone modifies the HTML he will get an exception.

Here are some links.

DataBinder (http://static.springframework.org/spring/docs/2.5.x/api/org/springframework/validation/DataBinder.html)
)]Databinder.setAllowedFields (http://static.springframework.org/spring/docs/2.5.x/api/org/springframework/validation/DataBinder.html#setAllowedFields(java.lang.String[)
)]DataBinder.setRequiredFields (http://static.springframework.org/spring/docs/2.5.x/api/org/springframework/validation/DataBinder.html#setDisallowedFields(java.lang.Stri ng[)
)]DataBinder.setDisallowedFields (http://static.springframework.org/spring/docs/2.5.x/api/org/springframework/validation/DataBinder.html#setRequiredFields(java.lang.String[)

It is a bit of a hidden feature in the DataBinder (http://static.springframework.org/spring/docs/2.5.x/api/org/springframework/validation/DataBinder.html) but you can specify which fields are allowed or which fields aren't allowed or which fields are required. So if you set fields readonly/disabled you can also set them disallowed in your controller/binder and if someone modifies the HTML he will get an exception.

Here are some links.

DataBinder (http://static.springframework.org/spring/docs/2.5.x/api/org/springframework/validation/DataBinder.html)
)]Databinder.setAllowedFields (http://static.springframework.org/spring/docs/2.5.x/api/org/springframework/validation/DataBinder.html#setAllowedFields(java.lang.String[)
)]DataBinder.setRequiredFields (http://static.springframework.org/spring/docs/2.5.x/api/org/springframework/validation/DataBinder.html#setDisallowedFields(java.lang.Stri ng[)
)]DataBinder.setDisallowedFields (http://static.springframework.org/spring/docs/2.5.x/api/org/springframework/validation/DataBinder.html#setRequiredFields(java.lang.String[)




Great !

I had to read this f... manual ;-)


Mark fields as disallowed for example to avoid unwanted modifications by malicious users when binding HTTP request parameters.

I'll test this asap!

Works great ! Thanks !