Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a class with a private field and suspected that the template could not access it without a getX method, but the value is displayed as if it would be public.
class Task {
private String title = "";
}
The template can display the title with the following code:
${task.title}
I guess that is due to reflection magic, but shouldn’t it be impossible to render private fields without a getter?
The framework does generate the setters and getters only for public fields, but as the template language is Groovy and Groovy seems to have no encapsulation, the non-accessible field can be accessed without any restrictions from the template code.
I reported a bug, but I’m really not sure if that can be fixed, because Play 1.x relays on Groovy for its templates (for the upcoming 2.0 version, play will switch to Scala as language for the templates).
If your really need to restrict the access you should take a look SecurityManagers. They can prevent reflection on private fields, but I don’t know how precise you can configure the restrictions.