Subject: Re: ModelDriven vs OGNL assignment?

Google

Mailing List

Home

Forum Home

JBoss - Java Application Server

Tomcat - JSP/Servlet container

Struts - A MVC web framework

iText - An open source PDF Java Library

JDOM - JDOM XML Parser

JSP - A mailing list about Java Server Pages specification and reference

J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition

J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog

Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology

Struts & Hibernate

Subjects

•	JSP editor plugin for eclipse ?
•	org apache jasper JasperException: Unable to compile class for JSP
•	Tomcat: Connection reset by peer: socket write error
•	Cannot retrieve definition for form bean null
•	Struts Tiles Tutorial (free Struts training)
•	Where do I download Tomcat 4 0 6?
•	Data Access Object (DAO) pattern, example DAO 's
•	Where to download Tomcat v 4 1 24 from?
•	Tomcat 5 0 16 Requested resource not available
•	Subject: Servlet : Session invalidate
•	Oracle Connection Pooling in 3 2 2
•	Servlet action is currently unavailable
•	Tomcat/Struts Unicode Encoding/Decoding problems
•	Subject: Running a Simple JMS Example
•	Tomcat and webapplication specific java library path
•	Mapping in workers2 properties
•	org apache jasper JasperException
•	problem with html:text bean throwing exception
•	Cannot find message resources under key org apache struts action MESSAGE
•	Cannot find message resources under key org apache struts action MESSAGE
•	invalid direct reference problem with solution
•	Tool for jsp debug Try Sysdeo Eclipse Plugin
•	Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
•	weblogic ejbc
•	java properties file
•	Jboss 3 2 3 Coyote Can 't re
•	Tomcat 5, Apache2 and mod jk2 integration problem
•	JBoss example problem new to J2EE
•	Value attribute of <html:checkbox
•	url string for connecting jboss to oracle
•	javax servlet ServletException: BeanUtils populate
•	5 0 18: Windows XP Pro vs Windows 2000
•	HTTP Status 404 The requested resource is not available

Subject: Re: ModelDriven vs OGNL assignment?

Subject: Re: ModelDriven vs OGNL assignment?

2007-11-02 - By Gary Affonso

Back
Dave Newton wrote:
> --- Gary Affonso <glists2@(protected)> wrote:
>> And that does it. Direct model injection. Easy.
>
> Technically, no, it's indirected by one level.
>
> *All* ModelDriven does is push the model on to the
> stack so it's available at the top level. AFAIK
> there's no compelling reason to do that other than
> saving some very minor typing (and, perhaps, clarity?)
> on the display side.

Thanks for the info. I personally find ModelDriven *less* clear in the
view layer. With ModelDriven you get something like...

<input type="hidden" name="firstName" value="foo" />

instead of...

<input type="hidden" name="postalAddress.firstName" value="foo" />

I *like* that the model-object name is in the view along with the
property name, I find it more explicit and clear. Maybe that's just me,
though.

I had heard talk at one point that there was a plan to address the
security shortcomings of letting the view directly inject into the
Action. I was thinking ModelDriven was where that security check
happened. Apparently not.

Anybody know if/how security is handled for OGNL expressions contained
within the names of post/get data? They're obviously getting evaluated
(thus the security issue), I thought I had seen a post go by talking
about how that evaluation was being made safe(r).

Thanks!

- Gary

-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe, e-mail: user-unsubscribe@(protected)
For additional commands, e-mail: user-help@(protected)