You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Dave Newton <DN...@hibbertgroup.com> on 2006/12/18 17:25:04 UTC
[S2] Spring autowiring question...
Hi,
I am currently using the Spring autowiring functionality.
Is this a bad idea due to someone being able to craft a request that
might walk on one of the injected objects? (Unlikely perhaps, but...)
Thanks,
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [S2] Spring autowiring question...
Posted by Ted Husted <hu...@apache.org>.
If I understand the question, it's not specifc to Spring. It wouldn't
matter how the domain objects are being crated, only what can be done
with them once they exist.
If there are "problematic" properties on the domain objects, then
sure. But many domain objects are simply value or data transfer
objects that just carry state, and changing a value that is outside of
the transaction can do no harm. There is not a stock answer here. It's
going to depend on the actual objects being used.
One type of validation that is missing from our arsenal is "expected"
values. Right now, we can declare which values are required, but not
which values are simply expected. If a domain object is being used as
the model, and there are problematic properties on the domain object,
then it would be helpful if we could list which properties should be
populated by an action, ignoring any others.
We actually do this with our .NET framework at work. Since we use fat
data transfer objects, it's helpful to have a list of which values an
action uses. Of course, a very common error is to leave a value off
the list and then wonder why it's not being populated :)
-Ted.
On 12/18/06, Dave Newton <DN...@hibbertgroup.com> wrote:
> Hi,
>
> I am currently using the Spring autowiring functionality.
>
> Is this a bad idea due to someone being able to craft a request that
> might walk on one of the injected objects? (Unlikely perhaps, but...)
>
> Thanks,
> Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org