On 1/6/06, Tamas Szabo <[EMAIL PROTECTED]> wrote: > On 1/6/06, Michael Jouravlev <[EMAIL PROTECTED]> wrote: > > > > On 1/5/06, Tamas Szabo <[EMAIL PROTECTED]> wrote: > > > > > > > > I'm actually quite happy with what Struts has to offer except for the > > > > deal with having to use ActionForms. I'd really like a Struts-like > > > > framework but allows me to use POJOs to capture my data and provides a > > > > nice way to redisplay that data back to the user if validation fails > > (ie > > > > a POJO that backs a form with a Data datatype will display back the > > > > String they entered). > > > > > > > > > You can bind request parameters to POJOs using Spring. > > > And you can use the SpringBindingActionForm to redisplay the data to the > > > user. > > > > From > > http://www.springframework.org/docs/api/org/springframework/web/struts/SpringBindingActionForm.html > > "Note this ActionForm is designed explicitly for use in request scope." > > > > Will not work for me. > > > Not out of the box. But you can extend it. > We extended it, and use the subclass one in session scope. > > The other interesting thing is that you can't use <c:out ...> on properties > exposed via a SpringBindingActionForm. That's probably because > JSTL tags don't get properties using Commons Beanutils ... > > But if we are at the subject of binding request params to business layer > objects... > Probably a lot of people bind req params directly without using ActionForms > just > to avoid writitng all the ActionForms. How do you assure > that only the allowed properties will be set in the object? > > Ex. we have a bean with prop1, prop2. > Only prop1 is allowed to be changed, but no one can prevent someone sending > a request having a prop2 parameter in it. If you bind the request params to > objects directly > prop2 will be set to the value set by the "misbehaving" user. > I know a few solutions to this, but in all of them you will have to > explicitly specify all the > properties that are allowed to be set. > And if you do this then it's the same as declaring these properties as a > DynaActionForm > or to give it to a tool that generates an ActionForm ahving all these > properties. > So why is it better to bind request params to business layer objects > directly without using > ActionForms? > > Tamas > >
Some folk will claim that writing action forms its too much hassle. Some solutions to this problem (if you percieve it as such) include generating action forms from business objects as is the case with xdoclet. JSF's backing beans are really slick at all this stuff (converting user input values to relevent types and validating before population etc), but the other burdens of JSF make it a hard technology to choose in production projects. Lets hope that JSF starts moving along faster than it has been. Its not good to bind request params to business objects if not mediated (converted and validated). After all request parameters are strings, something needs to be between the request and business tier. What that is or how you do it is debatable. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
