All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.springframework.web.bind.WebDataBinder Maven / Gradle / Ivy

The newest version!
/*
 * Copyright 2002-2023 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.web.bind;

import java.lang.reflect.Array;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.function.BiFunction;

import org.springframework.beans.MutablePropertyValues;
import org.springframework.beans.PropertyValue;
import org.springframework.core.CollectionFactory;
import org.springframework.lang.Nullable;
import org.springframework.validation.DataBinder;
import org.springframework.web.multipart.MultipartFile;

/**
 * Special {@link DataBinder} for data binding from web request parameters
 * to JavaBean objects. Designed for web environments, but not dependent on
 * the Servlet API; serves as base class for more specific DataBinder variants,
 * such as {@link org.springframework.web.bind.ServletRequestDataBinder}.
 *
 * 

WARNING: Data binding can lead to security issues by exposing * parts of the object graph that are not meant to be accessed or modified by * external clients. Therefore, the design and use of data binding should be considered * carefully with regard to security. For more details, please refer to the dedicated * sections on data binding for * Spring Web MVC and * Spring WebFlux * in the reference manual. * *

Includes support for field markers which address a common problem with * HTML checkboxes and select options: detecting that a field was part of * the form, but did not generate a request parameter because it was empty. * A field marker allows to detect that state and reset the corresponding * bean property accordingly. Default values, for parameters that are otherwise * not present, can specify a value for the field other than empty. * * @author Juergen Hoeller * @author Scott Andrews * @author Brian Clozel * @since 1.2 * @see #registerCustomEditor * @see #setAllowedFields * @see #setRequiredFields * @see #setFieldMarkerPrefix * @see #setFieldDefaultPrefix * @see ServletRequestDataBinder */ public class WebDataBinder extends DataBinder { /** * Default prefix that field marker parameters start with, followed by the field * name: for example, "_subscribeToNewsletter" for a field "subscribeToNewsletter". *

Such a marker parameter indicates that the field was visible, that is, * existed in the form that caused the submission. If no corresponding field * value parameter was found, the field will be reset. The value of the field * marker parameter does not matter in this case; an arbitrary value can be used. * This is particularly useful for HTML checkboxes and select options. * @see #setFieldMarkerPrefix */ public static final String DEFAULT_FIELD_MARKER_PREFIX = "_"; /** * Default prefix that field default parameters start with, followed by the field * name: for example, "!subscribeToNewsletter" for a field "subscribeToNewsletter". *

Default parameters differ from field markers in that they provide a default * value instead of an empty value. * @see #setFieldDefaultPrefix */ public static final String DEFAULT_FIELD_DEFAULT_PREFIX = "!"; @Nullable private String fieldMarkerPrefix = DEFAULT_FIELD_MARKER_PREFIX; @Nullable private String fieldDefaultPrefix = DEFAULT_FIELD_DEFAULT_PREFIX; private boolean bindEmptyMultipartFiles = true; /** * Create a new WebDataBinder instance, with default object name. * @param target the target object to bind onto (or {@code null} * if the binder is just used to convert a plain parameter value) * @see #DEFAULT_OBJECT_NAME */ public WebDataBinder(@Nullable Object target) { super(target); } /** * Create a new WebDataBinder instance. * @param target the target object to bind onto (or {@code null} * if the binder is just used to convert a plain parameter value) * @param objectName the name of the target object */ public WebDataBinder(@Nullable Object target, String objectName) { super(target, objectName); } /** * Specify a prefix that can be used for parameters that mark potentially * empty fields, having "prefix + field" as name. Such a marker parameter is * checked by existence: You can send any value for it, for example "visible". * This is particularly useful for HTML checkboxes and select options. *

Default is "_", for "_FIELD" parameters (for example, "_subscribeToNewsletter"). * Set this to null if you want to turn off the empty field check completely. *

HTML checkboxes only send a value when they're checked, so it is not * possible to detect that a formerly checked box has just been unchecked, * at least not with standard HTML means. *

One way to address this is to look for a checkbox parameter value if * you know that the checkbox has been visible in the form, resetting the * checkbox if no value found. In Spring web MVC, this typically happens * in a custom {@code onBind} implementation. *

This auto-reset mechanism addresses this deficiency, provided * that a marker parameter is sent for each checkbox field, like * "_subscribeToNewsletter" for a "subscribeToNewsletter" field. * As the marker parameter is sent in any case, the data binder can * detect an empty field and automatically reset its value. * @see #DEFAULT_FIELD_MARKER_PREFIX */ public void setFieldMarkerPrefix(@Nullable String fieldMarkerPrefix) { this.fieldMarkerPrefix = fieldMarkerPrefix; } /** * Return the prefix for parameters that mark potentially empty fields. */ @Nullable public String getFieldMarkerPrefix() { return this.fieldMarkerPrefix; } /** * Specify a prefix that can be used for parameters that indicate default * value fields, having "prefix + field" as name. The value of the default * field is used when the field is not provided. *

Default is "!", for "!FIELD" parameters (for example, "!subscribeToNewsletter"). * Set this to null if you want to turn off the field defaults completely. *

HTML checkboxes only send a value when they're checked, so it is not * possible to detect that a formerly checked box has just been unchecked, * at least not with standard HTML means. A default field is especially * useful when a checkbox represents a non-boolean value. *

The presence of a default parameter preempts the behavior of a field * marker for the given field. * @see #DEFAULT_FIELD_DEFAULT_PREFIX */ public void setFieldDefaultPrefix(@Nullable String fieldDefaultPrefix) { this.fieldDefaultPrefix = fieldDefaultPrefix; } /** * Return the prefix for parameters that mark default fields. */ @Nullable public String getFieldDefaultPrefix() { return this.fieldDefaultPrefix; } /** * Set whether to bind empty MultipartFile parameters. Default is "true". *

Turn this off if you want to keep an already bound MultipartFile * when the user resubmits the form without choosing a different file. * Else, the already bound MultipartFile will be replaced by an empty * MultipartFile holder. * @see org.springframework.web.multipart.MultipartFile */ public void setBindEmptyMultipartFiles(boolean bindEmptyMultipartFiles) { this.bindEmptyMultipartFiles = bindEmptyMultipartFiles; } /** * Return whether to bind empty MultipartFile parameters. */ public boolean isBindEmptyMultipartFiles() { return this.bindEmptyMultipartFiles; } /** * Check if a value can be resolved if {@link #getFieldDefaultPrefix()} * or {@link #getFieldMarkerPrefix()} is prepended. * @param name the name of the value to resolve * @param type the type of value expected * @param resolver delegate resolver to use for the checks * @return the resolved value, or {@code null} * @since 6.1 */ @Nullable protected Object resolvePrefixValue(String name, Class type, BiFunction, Object> resolver) { Object value = resolver.apply(name, type); if (value == null) { String prefix = getFieldDefaultPrefix(); if (prefix != null) { value = resolver.apply(prefix + name, type); } if (value == null) { prefix = getFieldMarkerPrefix(); if (prefix != null && resolver.apply(prefix + name, type) != null) { value = getEmptyValue(type); } } } return value; } /** * This implementation performs a field default and marker check * before delegating to the superclass binding process. * @see #checkFieldDefaults * @see #checkFieldMarkers */ @Override protected void doBind(MutablePropertyValues mpvs) { checkFieldDefaults(mpvs); checkFieldMarkers(mpvs); adaptEmptyArrayIndices(mpvs); super.doBind(mpvs); } /** * Check the given property values for field defaults, * i.e. for fields that start with the field default prefix. *

The existence of a field defaults indicates that the specified * value should be used if the field is otherwise not present. * @param mpvs the property values to be bound (can be modified) * @see #getFieldDefaultPrefix */ protected void checkFieldDefaults(MutablePropertyValues mpvs) { String fieldDefaultPrefix = getFieldDefaultPrefix(); if (fieldDefaultPrefix != null) { PropertyValue[] pvArray = mpvs.getPropertyValues(); for (PropertyValue pv : pvArray) { if (pv.getName().startsWith(fieldDefaultPrefix)) { String field = pv.getName().substring(fieldDefaultPrefix.length()); if (getPropertyAccessor().isWritableProperty(field) && !mpvs.contains(field)) { mpvs.add(field, pv.getValue()); } mpvs.removePropertyValue(pv); } } } } /** * Check the given property values for field markers, * i.e. for fields that start with the field marker prefix. *

The existence of a field marker indicates that the specified * field existed in the form. If the property values do not contain * a corresponding field value, the field will be considered as empty * and will be reset appropriately. * @param mpvs the property values to be bound (can be modified) * @see #getFieldMarkerPrefix * @see #getEmptyValue(String, Class) */ protected void checkFieldMarkers(MutablePropertyValues mpvs) { String fieldMarkerPrefix = getFieldMarkerPrefix(); if (fieldMarkerPrefix != null) { PropertyValue[] pvArray = mpvs.getPropertyValues(); for (PropertyValue pv : pvArray) { if (pv.getName().startsWith(fieldMarkerPrefix)) { String field = pv.getName().substring(fieldMarkerPrefix.length()); if (getPropertyAccessor().isWritableProperty(field) && !mpvs.contains(field)) { Class fieldType = getPropertyAccessor().getPropertyType(field); mpvs.add(field, getEmptyValue(field, fieldType)); } mpvs.removePropertyValue(pv); } } } } /** * Check for property values with names that end on {@code "[]"}. This is * used by some clients for array syntax without an explicit index value. * If such values are found, drop the brackets to adapt to the expected way * of expressing the same for data binding purposes. * @param mpvs the property values to be bound (can be modified) * @since 5.3 */ protected void adaptEmptyArrayIndices(MutablePropertyValues mpvs) { for (PropertyValue pv : mpvs.getPropertyValues()) { String name = pv.getName(); if (name.endsWith("[]")) { String field = name.substring(0, name.length() - 2); if (getPropertyAccessor().isWritableProperty(field) && !mpvs.contains(field)) { mpvs.add(field, pv.getValue()); } mpvs.removePropertyValue(pv); } } } /** * Determine an empty value for the specified field. *

The default implementation delegates to {@link #getEmptyValue(Class)} * if the field type is known, otherwise falls back to {@code null}. * @param field the name of the field * @param fieldType the type of the field * @return the empty value (for most fields: {@code null}) */ @Nullable protected Object getEmptyValue(String field, @Nullable Class fieldType) { return (fieldType != null ? getEmptyValue(fieldType) : null); } /** * Determine an empty value for the specified field. *

The default implementation returns: *

    *
  • {@code Boolean.FALSE} for boolean fields *
  • an empty array for array types *
  • Collection implementations for Collection types *
  • Map implementations for Map types *
  • else, {@code null} is used as default *
* @param fieldType the type of the field * @return the empty value (for most fields: {@code null}) * @since 5.0 */ @Nullable public Object getEmptyValue(Class fieldType) { try { if (boolean.class == fieldType || Boolean.class == fieldType) { // Special handling of boolean property. return Boolean.FALSE; } else if (fieldType.isArray()) { // Special handling of array property. return Array.newInstance(fieldType.componentType(), 0); } else if (Collection.class.isAssignableFrom(fieldType)) { return CollectionFactory.createCollection(fieldType, 0); } else if (Map.class.isAssignableFrom(fieldType)) { return CollectionFactory.createMap(fieldType, 0); } } catch (IllegalArgumentException ex) { if (logger.isDebugEnabled()) { logger.debug("Failed to create default value - falling back to null: " + ex.getMessage()); } } // Default value: null. return null; } /** * Bind all multipart files contained in the given request, if any * (in case of a multipart request). To be called by subclasses. *

Multipart files will only be added to the property values if they * are not empty or if we're configured to bind empty multipart files too. * @param multipartFiles a Map of field name String to MultipartFile object * @param mpvs the property values to be bound (can be modified) * @see org.springframework.web.multipart.MultipartFile * @see #setBindEmptyMultipartFiles */ protected void bindMultipart(Map> multipartFiles, MutablePropertyValues mpvs) { multipartFiles.forEach((key, values) -> { if (values.size() == 1) { MultipartFile value = values.get(0); if (isBindEmptyMultipartFiles() || !value.isEmpty()) { mpvs.add(key, value); } } else { mpvs.add(key, values); } }); } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy