Home/ Questions/Q 8594461
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T00:12:18+00:00

I have an MVC spring application where the user logs on, this stores a

  • 0

I have an MVC spring application where the user logs on, this stores a User @SessionAttribute , which I refer to subsequently e.g. when updating a Customer object in a POST request I want the session User info to add to this object.
My problem is when I access the @ModelAttribute(“user”) User object in the customer POST, spring has bound request parameters into it i.e. the User.name has the value of the Customer.name from the submitted form.

NB I’ve kind of hacked this in that all controllers are subclasses of my AppController, which is where the @SessionAttributes are declared. But the principle would be the same if it was a single controller.

So can I prevent spring binding form:customer name value to User.name?

(I suspect webflow would be a more suitable framework for this, but don’t have the time available right now to rewrite using this)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can allow or disallow binding of certain fields of your model attributes using @InitBinder:

    @InitBinder("user")
public void configureBindingOfUser(WebDataBinder binder) {
    binder.setAllowedFields(); // No fields allowed
}

    However, I don’t think it’s a good idea to use @SessionAttributes to store the current user or other similar objects. @SessionAttributes was originally designed to maintain state of form-backing objects between GET and POST requests, not as a general purpose way to access a session.

    Perhaps it would be better to use session-scoped beans or custom argument resolvers to access this kind of information.

    • 0