Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Struts 2 »

Re: ModelDriven vs OGNL assignment?

Gary Affonso

2007-11-02


Dave Newton wrote:
> --- Gary Affonso <glists2@(protected):
>> And that does it. Direct model injection. Easy.
>
> Technically, no, it's indirected by one level.
>
> *All* ModelDriven does is push the model on to the
> stack so it's available at the top level. AFAIK
> there's no compelling reason to do that other than
> saving some very minor typing (and, perhaps, clarity?)
> on the display side.

Thanks for the info. I personally find ModelDriven *less* clear in the
view layer. With ModelDriven you get something like...

 <input type="hidden" name="firstName" value="foo" />

instead of...

 <input type="hidden" name="postalAddress.firstName" value="foo" />

I *like* that the model-object name is in the view along with the
property name, I find it more explicit and clear. Maybe that's just me,
though.

I had heard talk at one point that there was a plan to address the
security shortcomings of letting the view directly inject into the
Action. I was thinking ModelDriven was where that security check
happened. Apparently not.

Anybody know if/how security is handled for OGNL expressions contained
within the names of post/get data? They're obviously getting evaluated
(thus the security issue), I thought I had seen a post go by talking
about how that evaluation was being made safe(r).

Thanks!

- Gary

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@(protected)
For additional commands, e-mail: user-help@(protected)

©2008 junlu.com - Jax Systems, LLC, U.S.A.