Home/ Questions/Q 6577345
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T15:37:25+00:00

We allow users to set some preferences in our web application. When they login

  • 0

We allow users to set some preferences in our web application. When they login to certain sites, they are allowed to do/see different screens vs. when they are in another site. One of our requirements is that we hide preferences on the page which they can’t access in the currently logged in site. Currently we are using Spring MVC to handle these requests.

Here is a simplified example of our POJO:

public class Preferences {
  boolean prefA; //Valid when can do A
  String prefB;  //Valid when can do B
  Integer prefC; //Valid when can do C
  ....
  Long prefZ;    //Valid when can do Z
}

Here is the controller code:

@RequestMapping(method = RequestMethod.POST, value = "preferences.xhtml")
public ModelAndView updateRequestPreferences(@ModelAttribute(USER_PREFERENCES) final Preference preferences, final BindingResult results)
{
  return updatePreferences(preferences, results);
}

Currently updatePreferences does reflection, and ensures that the value is not null before it persists the input preferences — This is due to Spring MVC creating a new instance of Preferences and then populating the values with what was on the UI.

We could do the following in the setter of the preferences:

public void setPreferences(Preferences preferences) {
  if (preferences.getPrefA() != null) {
    this.preferences.setPrefA(preferences.getPrefA());
  }
  if (preferences.getPrefB() != null) {
    this.preferences.setPrefB(preferences.getPrefB());
  } 
  ...
  if (preferences.getPrefZ() != null) {
    this.preferences.setPrefZ(preferences.getPrefZ());
  }
}

It would get unwieldy even with a helper function for all the checks in the setter method (and seems like an easy step to forget when a new preference is created); at the same time reflection seems like a cop out. Is there a better way to refactor this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can configure Spring MVC to populate fields of a preexisting object rather than to create a new one.

    For example, you can use @SessionAttributes(USER_PREFERENCES) in order to store an instance of Preferences in a session between rendering a form and processing its submit.

    Another approach is to load new instance of Preferences from the database as an implicit model attribute:

    @ModelAttribute(USER_PREFERENCES)
public Preferences loadPreferences(@RequestParam("key") String key) {
    return loadPreferencesByKey(key);
}

    Note that in all cases (and your original approach needs it as well) you need to specify a set of allowed fields in @InitBinder method, to prevent malicious user from modifying fields that was not rendered in a form:

    @InitBinder(USER_PREFERENCES)
public void initBinder(WebDataBinder b) {
    b.setAllowedFields("prefA", "prefB");
}
    • 0