views:

25

answers:

1

From the Spring API, i understood that @InitBinder is used to initialize some binding rules..

In the petclinic example why we have setdisallowed("id")? when the id is not displayed on the form?

@InitBinder
public void setAllowedFields(WebDataBinder dataBinder) {
    dataBinder.setDisallowedFields("id");
}

The id field is not displayed on the web page then why we are using the above code?

can we have some thing like this:

@InitBinder
public void setAllowedFields(WebDataBinder dataBinder) {
    dataBinder.setDisallowedFields("FirstName");
}

as per the above code the first name field of the owner object will not be set though user enters on the form? Is that correct?

link for the source

+2  A: 

Because it can still be submitted if the end-user modifies the page or the request (for example using FireBug). Thus he can inject values into your bound object even you are don't want this.

Bozho
Thanks Bozho for your reply..
javanoob