If this hacking scenario makes you nervous, you can set an acceptable max index value :
private static final int MAX_INDEX = 100; public void setItem(int index, Object obj) { if (index > MAX_INDEX) { throw new IndexOutOfBoundsException(); } Nico. > Nicolas, > > Your great suggestion makes me nervous ... It is possible for a hacker to > change the index so big that it can hog the CPU, which busy creating empty > node, for each request. > > However, I cant come up with another solution > > Any comments? anyone? > > -D > ----- Original Message ----- > From: "Nicolas De Loof" <[EMAIL PROTECTED]> > To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > Sent: Friday, March 28, 2003 5:19 AM > Subject: Re: Too many session scoped form beans! > > > > Reading my own post I realize this code will throw an > IndexOutOfBoundsException > > > > You need to put 'empty' datas on the List as needed : > > > > protected List item; > > > > public void setItem(int index, Object obj) { > > if (this.item == null) { > > this.item = new ArrayList(index); > > } > > for (int i = this.item.size(); i < index; i++) { > > this.item.add(""); > > } > > this.item.add(index, obj); > > } > > > > Nico. > > > > > I think you can use something like this in a request scoped form-bean : > > > > > > > > > protected List item; > > > > > > public void setItem(int index, Object obj) { > > > if (this.item == null) { > > > this.item = new ArrayList(index); > > > } else { > > > this.item.ensureCapacity(index); > > > } > > > this.item.add(index, obj); > > > } > > > > > > This way, when form-bean population occurs, you will get a new > Collection when needed. > > > > > > Nico. > > > > > > > > > > I'd like to know if it's possible to avoid using to many session > scoped > > > > form beans. > > > > > > > > I have a bean that contains a collection and I use nested:iterate to > > > > display entry fields on my html:form. When the form is submitted, I > get > > > > an error in BeanUtils.populate(), because the new bean (when the bean > is > > > > request scoped) contains an empty collection and populate() tries to > set > > > > the properties of the elements that existed on the bean of the > previous > > > > request. > > > > > > > > If I change the bean to session scope, everything works fine (because > > > > now the bean is the same for both requests), but I think it's kind of > > > > messy to have lots of session scoped beans. > > > > > > > > I'd appreciate to have any comments on this subject. > > > > > > > > Thanks > > > > > > > > Jorge Mascena > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]