In the last section, you saw how to bind data submitted by an HTML form to a form backing bean. In order to do the binding, Spring MVC internally uses a special binding object called WebDataBinder
(org.springframework.web.bind.WebDataBinder
).
WebDataBinder
extracts the data out of the HttpServletRequest
object and converts it to a proper data format, loads it into a form backing bean, and validates it. To customize the behavior of data binding, we can initialize and configure the WebDataBinder
object in our Controller. The
@InitBinder
(org.springframework.web.bind.annotation.InitBinder
) annotation helps us to do that. The @InitBinder
annotation designates a method to initialize WebDataBinder
.
Let's look at a practical use for customizing WebDataBinder
. Since we are using the actual domain object itself as a form backing bean, during the form submission there is a chance of security vulnerabilities. Because Spring automatically binds HTTP parameters to form bean properties...