In the last section, we saw how to bind data submitted by an HTML form or by query string parameters to a form-backing bean. In order to do the binding, Spring MVC internally uses a special binding object called WebDataBinder
(org.springframework.web.bind.WebDataBinder
).
The WebDataBinder
object extracts the data out of the HttpServletRequest
object, converts it to a proper data format, loads it into a form-backing bean, and validates it. To customize the behavior of the data binding, we can initialize and configure the WebDataBinder
object in our controller. The @InitBinder
annotation (org.springframework.web.bind.annotation.InitBinder
) helps us do this. The @InitBinder
annotation designates a method to initialize WebDataBinder
.
Let's see a practical way of customizing WebDataBinder
. Since we are using the actual domain object itself as the form-backing bean, during form submission, there is a chance of security vulnerability. Since Spring automatically binds HTTP...