问题描述:

I figured out, that my bean validation does not work for model properties which are not tied to view.

Model:

@NotNull

private String name;

public String submit() {

...

}

View:

<h:form>

<h:inputText type="*" value="#{myBean.name}" />

<h:commandButton type="submit" value="name" action="#{myBean.submit}" />

</h:form>

So if someone tries to call the function without the parameter "name" the bean is not validating the attribute und calls the method "submit".

<h:form>

<h:commandButton type="submit" value="Name" action="#{myBean.submit}" />

</h:form>

So the question is how can I protect my bean, that the code in submit is not executed if someone tamper the XHMTML and does not transfer "name".

Maybe someone can help me :)

相关阅读:
Top