Java Reference
In-Depth Information
cheerful support staff would activate their account. Here's a simplified
User
class for this example:
package
stripesbook.model;
public class
User {
private
String firstName;
private
String lastName;
private boolean
activated;
/
*
getters and setters...
*
/
}
The
activated
flag is
false
by default, and the support staff sets it to
true
when the user calls in and provides the appropriate information.
Of course, we wouldn't include a
user.activated
field in the registration
form, but a mischievous user could forge a form and then submit
user.
activated=true
along with the rest of the registration information, effec-
tively bypassing our activation process.
Annotating the
user.activated
property with
@Validate(ignore=true)
solves
the problem. However, adding that to every single property that we want
to block can become cumbersome. Another annotation that comes in
handy when we want to allow certain properties and block “everything
else” is
@StrictBinding
. When we annotate an action bean with
@StrictBind-
ing
and use validations on the properties that are meant to be entered
by the user, all other properties are automatically blocked:
package
stripesbook.action;
@StrictBinding
public class
UserFormActionBean
extends
BaseActionBean {
@ValidateNestedProperties({
@Validate(field="lastName", required=
true
, minlength=2),
@Validate(field="firstName", minlength=2)
})
private
User user;
/
*
...
*
/
}
Now,
user.activated
is blocked from binding. Using
@StrictBinding
, this
way is convenient when we are validating all user-entered fields. All
nonvalidated fields are assumed to be for internal use only and so are
not bound by request parameters.
Search WWH ::
Custom Search