Ignore form keys with initBinder

Question

I was told there is a way for initBinder to ignore some keys passed in by a form.

So say I have a POJO with a name, accountNumber, and balance.

The user posts a form with an update to accountNumber with a new balance, but attempts to tamper with the form and adds a name to the post.

How do I ignore the name key and value from this form using initBinder?

edit: I feel like my bigger issue is the lack of understanding as to what initBinder actually does. So even helping me understand what that does could help.

score 0 · Accepted Answer · answered Jul 23 '14 at 13:36

0

The DataBinder has two properties named allowedFields and disallowedFields that define what to (dis)allow for binding. Just use that in your @InitBinder method:

@InitBinder
public void initBinder(WebDataBinder binder) {
    binder.setDisallowedFields("administrator");
}

answered Jul 23 '14 at 13:36

Ankur Singhal

26,012
16
82
116

Now I'm convince my issue is the lack of understanding of what `initBinder` is actually doing – stef52 Jul 23 '14 at 13:57

Ignore form keys with initBinder

1 Answers1