0

I have the following code in my JSP:

<form:form id="detailsForm" modelAttribute="project" method="post" action="${contextPath}/project/create">

<form:input type="hidden" path="id" value="${project.id}"/>

<form:input type="text" class="form-control" path="name" value="${fn:escapeXml(project.name)}"/><br/>

<form:input type="text" class="form-control" path="location" value="${fn:escapeXml(project.location)}"/><br/>

<form:input type="text" class="form-control" path="notes" value="${fn:escapeXml(project.notes)}"/><br/>

<button class="btn btn-default btn-flat btn-sm">Update</button>

</form:form>

This does not seem to work. If I click the Update button, the console would log an error INVALID_CONFIDENTIAL_VALUE.

However, a form which also has a POST method BUT does NOT have any parameters seem to WORK: 

<form:form action="${contextPath}/project/delete/${project.id}" method="post">

 <button class="btn btn-default btn-flat btn-sm">Delete This Project</button>

</form:form>

What might be wrong in my form?

I have the following HDIV config:

<beans:bean id="hdivEditableValidator" class="org.hdiv.web.validator.EditableParameterValidator"/>
<mvc:annotation-driven validator="hdivEditableValidator"/>

<!-- Accepted pattern within the application for all editable parameters (generated from textbox and textarea) -->
<hdiv:validation id="safeText">
 <hdiv:acceptedPattern><![CDATA[^[a-zA-Z0-9@.\-_]*$]]></hdiv:acceptedPattern>
</hdiv:validation>

<hdiv:editableValidations>
 <hdiv:validationRule url=".*" enableDefaults="false">safeText</hdiv:validationRule>
</hdiv:editableValidations>

<hdiv:config
  debugMode="true"
  errorPage="/fix"
  excludedExtensions="css,png,gif,jpeg,jpg,js,woff,woff2,map"
  randomName="true"
  strategy="cipher">
  <hdiv:sessionExpired loginPage="/auth/login" homePage="/"/>

  <hdiv:startPages>/</hdiv:startPages>
  <hdiv:startPages method="get">/auth/denied,/fix,/,/auth/login,/auth/logout,/dashboard/,/image/display/project/profile/,/pmsys/image/display/staff/profile/</hdiv:startPages>
  <hdiv:startPages method="post">/j_spring_security_check</hdiv:startPages>
 </hdiv:config>
Vic Cebedo
  • 169
  • 1
  • 2
  • 7

1 Answers1

0

I fixed my problem by specifying a commandName in the form

<form:form id="detailsForm"
                             commandName="project"
                             method="post"

and

converting hidden inputs to:

<form:hidden path="id"/>
Vic Cebedo
  • 169
  • 1
  • 2
  • 7