| java.lang.Object org.springframework.validation.DataBinder
DataBinder | public class DataBinder implements PropertyEditorRegistry(Code) | | Binder that allows for setting property values onto a target object,
including support for validation and binding result analysis.
The binding process can be customized through specifying allowed fields,
required fields, custom editors, etc.
Note that there are potential security implications in failing to set an array
of allowed fields. In the case of HTTP form POST data for example, malicious clients
can attempt to subvert an application by supplying values for fields or properties
that do not exist on the form. In some cases this could lead to illegal data being
set on command objects or their nested objects. For this reason, it is
highly recommended to specify the
DataBinder.setAllowedFields allowedFields property
on the DataBinder.
The binding results can be examined via the
BindingResult interface,
extending the
Errors interface: see the
DataBinder.getBindingResult() method.
Missing fields and property access exceptions will be converted to
FieldError FieldErrors ,
collected in the Errors instance, using the following error codes:
- Missing field error: "required"
- Type mismatch error: "typeMismatch"
- Method invocation error: "methodInvocation"
By default, binding errors get resolved through the
BindingErrorProcessor strategy, processing for missing fields and property access exceptions: see the
DataBinder.setBindingErrorProcessor method. You can override the default strategy
if needed, for example to generate different error codes.
Custom validation errors can be added afterwards. You will typically want to resolve
such error codes into proper user-visible error messages; this can be achieved through
resolving each error via a
org.springframework.context.MessageSource , which is
able to resolve an
ObjectError /
FieldError through its
org.springframework.context.MessageSource.getMessage(org.springframework.context.MessageSourceResolvablejava.util.Locale) method. The list of message codes can be customized through the
MessageCodesResolver strategy: see the
DataBinder.setMessageCodesResolver method.
DefaultMessageCodesResolver 's
javadoc states details on the default resolution rules.
This generic data binder can be used in any kind of environment.
It is typically used by Spring web MVC controllers, via the web-specific
subclasses
org.springframework.web.bind.ServletRequestDataBinder and
org.springframework.web.portlet.bind.PortletRequestDataBinder .
author: Rod Johnson author: Juergen Hoeller author: Rob Harrop See Also: DataBinder.setAllowedFields See Also: DataBinder.setRequiredFields See Also: DataBinder.registerCustomEditor See Also: DataBinder.setMessageCodesResolver See Also: DataBinder.setBindingErrorProcessor See Also: DataBinder.bind See Also: DataBinder.getBindingResult See Also: DefaultMessageCodesResolver See Also: DefaultBindingErrorProcessor See Also: org.springframework.context.MessageSource See Also: org.springframework.web.bind.ServletRequestDataBinder |
Field Summary | |
final public static String | DEFAULT_OBJECT_NAME | final protected static Log | logger We'll create a lot of DataBinder instances: Let's use a static logger. |
Constructor Summary | |
public | DataBinder(Object target) Create a new DataBinder instance, with default object name. | public | DataBinder(Object target, String objectName) Create a new DataBinder instance. |
Method Summary | |
protected void | applyPropertyValues(MutablePropertyValues mpvs) Apply given property values to the target object.
Default implementation applies all of the supplied property
values as bean property values. | public void | bind(PropertyValues pvs) Bind the given property values to this binder's target.
This call can create field errors, representing basic binding
errors like a required field (code "required"), or type mismatch
between value and bean property (code "typeMismatch").
Note that the given PropertyValues should be a throwaway instance:
For efficiency, it will be modified to just contain allowed fields if it
implements the MutablePropertyValues interface; else, an internal mutable
copy will be created for this purpose. | protected void | checkAllowedFields(MutablePropertyValues mpvs) Check the given property values against the allowed fields,
removing values for fields that are not allowed. | protected void | checkRequiredFields(MutablePropertyValues mpvs) Check the given property values against the required fields,
generating missing field errors where appropriate. | public Map | close() Close this DataBinder, which may result in throwing
a BindException if it encountered any errors. | protected void | doBind(MutablePropertyValues mpvs) Actual implementation of the binding process, working with the
passed-in MutablePropertyValues instance. | public PropertyEditor | findCustomEditor(Class requiredType, String propertyPath) | public String[] | getAllowedFields() Return the fields that should be allowed for binding. | public BindingErrorProcessor | getBindingErrorProcessor() Return the strategy for processing binding errors. | public BindingResult | getBindingResult() Return the BindingResult instance created by this DataBinder. | public String[] | getDisallowedFields() Return the fields that should not be allowed for binding. | public BindException | getErrors() Return the Errors instance for this data binder. | protected AbstractPropertyBindingResult | getInternalBindingResult() Return the internal BindingResult held by this DataBinder,
as AbstractPropertyBindingResult. | public String | getObjectName() Return the name of the bound object. | protected ConfigurablePropertyAccessor | getPropertyAccessor() Return the underlying PropertyAccessor of this binder's BindingResult. | public String[] | getRequiredFields() Return the fields that are required for each binding process. | public Object | getTarget() Return the wrapped target object. | public void | initBeanPropertyAccess() Initialize standard JavaBean property access for this DataBinder. | public void | initDirectFieldAccess() Initialize direct field access for this DataBinder,
as alternative to the default bean property access. | protected boolean | isAllowed(String field) Return if the given field is allowed for binding.
Invoked for each passed-in property value.
The default implementation checks for "xxx*", "*xxx" and "*xxx*" matches,
as well as direct equality, in the specified lists of allowed fields and
disallowed fields. | public boolean | isIgnoreInvalidFields() Return whether to ignore invalid fields when binding. | public boolean | isIgnoreUnknownFields() Return whether to ignore unknown fields when binding. | public void | registerCustomEditor(Class requiredType, PropertyEditor propertyEditor) | public void | registerCustomEditor(Class requiredType, String field, PropertyEditor propertyEditor) | public void | setAllowedFields(String[] allowedFields) Register fields that should be allowed for binding. | public void | setBindingErrorProcessor(BindingErrorProcessor bindingErrorProcessor) Set the strategy to use for processing binding errors, that is,
required field errors and PropertyAccessException s. | public void | setDisallowedFields(String[] disallowedFields) Register fields that should not be allowed for binding. | public void | setExtractOldValueForEditor(boolean extractOldValueForEditor) Set whether to extract the old field value when applying a
property editor to a new value for a field. | public void | setIgnoreInvalidFields(boolean ignoreInvalidFields) Set whether to ignore invalid fields, that is, whether to ignore bind
parameters that have corresponding fields in the target object which are
not accessible (for example because of null values in the nested path).
Default is "false". | public void | setIgnoreUnknownFields(boolean ignoreUnknownFields) Set whether to ignore unknown fields, that is, whether to ignore bind
parameters that do not have corresponding fields in the target object.
Default is "true". | public void | setMessageCodesResolver(MessageCodesResolver messageCodesResolver) Set the strategy to use for resolving errors into message codes. | public void | setRequiredFields(String[] requiredFields) Register fields that are required for each binding process. |
DEFAULT_OBJECT_NAME | final public static String DEFAULT_OBJECT_NAME(Code) | | Default object name used for binding: "target"
|
logger | final protected static Log logger(Code) | | We'll create a lot of DataBinder instances: Let's use a static logger.
|
DataBinder | public DataBinder(Object target, String objectName)(Code) | | Create a new DataBinder instance.
Parameters: target - target object to bind onto Parameters: objectName - name of the target object |
bind | public void bind(PropertyValues pvs)(Code) | | Bind the given property values to this binder's target.
This call can create field errors, representing basic binding
errors like a required field (code "required"), or type mismatch
between value and bean property (code "typeMismatch").
Note that the given PropertyValues should be a throwaway instance:
For efficiency, it will be modified to just contain allowed fields if it
implements the MutablePropertyValues interface; else, an internal mutable
copy will be created for this purpose. Pass in a copy of the PropertyValues
if you want your original instance to stay unmodified in any case.
Parameters: pvs - property values to bind See Also: DataBinder.doBind(org.springframework.beans.MutablePropertyValues) |
close | public Map close() throws BindException(Code) | | Close this DataBinder, which may result in throwing
a BindException if it encountered any errors.
the model Map, containing target object and Errors instance throws: BindException - if there were any errors in the bind operation See Also: BindingResult.getModel |
getAllowedFields | public String[] getAllowedFields()(Code) | | Return the fields that should be allowed for binding.
array of field names |
getBindingErrorProcessor | public BindingErrorProcessor getBindingErrorProcessor()(Code) | | Return the strategy for processing binding errors.
|
getBindingResult | public BindingResult getBindingResult()(Code) | | Return the BindingResult instance created by this DataBinder.
This allows for convenient access to the binding results after
a bind operation.
the BindingResult instance, to be treated as BindingResultor as Errors instance (Errors is a super-interface of BindingResult) See Also: Errors See Also: DataBinder.bind |
getDisallowedFields | public String[] getDisallowedFields()(Code) | | Return the fields that should not be allowed for binding.
array of field names |
getInternalBindingResult | protected AbstractPropertyBindingResult getInternalBindingResult()(Code) | | Return the internal BindingResult held by this DataBinder,
as AbstractPropertyBindingResult.
|
getObjectName | public String getObjectName()(Code) | | Return the name of the bound object.
|
getPropertyAccessor | protected ConfigurablePropertyAccessor getPropertyAccessor()(Code) | | Return the underlying PropertyAccessor of this binder's BindingResult.
To be used by binder subclasses that need property checks.
|
getRequiredFields | public String[] getRequiredFields()(Code) | | Return the fields that are required for each binding process.
array of field names |
getTarget | public Object getTarget()(Code) | | Return the wrapped target object.
|
initBeanPropertyAccess | public void initBeanPropertyAccess()(Code) | | Initialize standard JavaBean property access for this DataBinder.
This is the default; an explicit call just leads to eager initialization.
See Also: DataBinder.initDirectFieldAccess() |
initDirectFieldAccess | public void initDirectFieldAccess()(Code) | | Initialize direct field access for this DataBinder,
as alternative to the default bean property access.
See Also: DataBinder.initBeanPropertyAccess() |
isAllowed | protected boolean isAllowed(String field)(Code) | | Return if the given field is allowed for binding.
Invoked for each passed-in property value.
The default implementation checks for "xxx*", "*xxx" and "*xxx*" matches,
as well as direct equality, in the specified lists of allowed fields and
disallowed fields. A field matching a disallowed pattern will not be accepted
even if it also happens to match a pattern in the allowed list.
Can be overridden in subclasses.
Parameters: field - the field to check if the field is allowed See Also: DataBinder.setAllowedFields See Also: DataBinder.setDisallowedFields See Also: org.springframework.util.PatternMatchUtils.simpleMatch(StringString) |
isIgnoreInvalidFields | public boolean isIgnoreInvalidFields()(Code) | | Return whether to ignore invalid fields when binding.
|
isIgnoreUnknownFields | public boolean isIgnoreUnknownFields()(Code) | | Return whether to ignore unknown fields when binding.
|
setAllowedFields | public void setAllowedFields(String[] allowedFields)(Code) | | Register fields that should be allowed for binding. Default is all
fields. Restrict this for example to avoid unwanted modifications
by malicious users when binding HTTP request parameters.
Supports "xxx*", "*xxx" and "*xxx*" patterns. More sophisticated matching
can be implemented by overriding the isAllowed method.
Alternatively, specify a list of disallowed fields.
Parameters: allowedFields - array of field names See Also: DataBinder.setDisallowedFields See Also: DataBinder.isAllowed(String) See Also: org.springframework.web.bind.ServletRequestDataBinder |
setBindingErrorProcessor | public void setBindingErrorProcessor(BindingErrorProcessor bindingErrorProcessor)(Code) | | Set the strategy to use for processing binding errors, that is,
required field errors and PropertyAccessException s.
Default is a DefaultBindingErrorProcessor.
See Also: DefaultBindingErrorProcessor |
setDisallowedFields | public void setDisallowedFields(String[] disallowedFields)(Code) | | Register fields that should not be allowed for binding. Default is none.
Mark fields as disallowed for example to avoid unwanted modifications
by malicious users when binding HTTP request parameters.
Supports "xxx*", "*xxx" and "*xxx*" patterns. More sophisticated matching
can be implemented by overriding the isAllowed method.
Alternatively, specify a list of allowed fields.
Parameters: disallowedFields - array of field names See Also: DataBinder.setAllowedFields See Also: DataBinder.isAllowed(String) See Also: org.springframework.web.bind.ServletRequestDataBinder |
setExtractOldValueForEditor | public void setExtractOldValueForEditor(boolean extractOldValueForEditor)(Code) | | Set whether to extract the old field value when applying a
property editor to a new value for a field.
Default is "true", exposing previous field values to custom editors.
Turn this to "false" to avoid side effects caused by getters.
|
setIgnoreInvalidFields | public void setIgnoreInvalidFields(boolean ignoreInvalidFields)(Code) | | Set whether to ignore invalid fields, that is, whether to ignore bind
parameters that have corresponding fields in the target object which are
not accessible (for example because of null values in the nested path).
Default is "false". Turn this on to ignore bind parameters for
nested objects in non-existing parts of the target object graph.
Note that this setting only applies to binding operations
on this DataBinder, not to retrieving values via its
DataBinder.getBindingResult() BindingResult .
See Also: DataBinder.bind |
setIgnoreUnknownFields | public void setIgnoreUnknownFields(boolean ignoreUnknownFields)(Code) | | Set whether to ignore unknown fields, that is, whether to ignore bind
parameters that do not have corresponding fields in the target object.
Default is "true". Turn this off to enforce that all bind parameters
must have a matching field in the target object.
Note that this setting only applies to binding operations
on this DataBinder, not to retrieving values via its
DataBinder.getBindingResult() BindingResult .
See Also: DataBinder.bind |
setRequiredFields | public void setRequiredFields(String[] requiredFields)(Code) | | Register fields that are required for each binding process.
If one of the specified fields is not contained in the list of
incoming property values, a corresponding "missing field" error
will be created, with error code "required" (by the default
binding error processor).
Parameters: requiredFields - array of field names See Also: DataBinder.setBindingErrorProcessor See Also: DefaultBindingErrorProcessor.MISSING_FIELD_ERROR_CODE |
|
|