Spring MVC hidden value example
In Spring MVC, you can use <form:hidden /> to render a HTML hidden value field. For example,
<form:hidden path="secretValue" />
It will render the following HTML code
<input id="secretValue" name="secretValue" type="hidden" value="I'm hidden value"/>
P.S Assume “secretValue” property contains value “I’m hidden value”.
In this tutorial, we show you how to use Spring’s form tag “<form:hidden />” to render a HTML hidden value.
1. Controller
A SimpleFormController
to handle the form hidden value, and initialize the hidden value with “I’m hidden value, hehe”.
File : HiddenController.java
package com.mkyong.customer.controller;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.validation.BindException;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.SimpleFormController;
import com.mkyong.customer.model.Customer;
public class HiddenController extends SimpleFormController{
public HiddenController(){
setCommandClass(Customer.class);
setCommandName("customerForm");
}
@Override
protected Object formBackingObject(HttpServletRequest request)
throws Exception {
Customer cust = new Customer();
cust.setSecretValue("I'm hidden value, hehe");
return cust;
}
@Override
protected ModelAndView onSubmit(HttpServletRequest request,
HttpServletResponse response, Object command, BindException errors)
throws Exception {
Customer customer = (Customer)command;
return new ModelAndView("CustomerSuccess","customer",customer);
}
}
2. Model
A Customer object to store the form hidden value.
File : Customer.java
package com.mkyong.customer.model;
public class Customer{
String secretValue;
//getter and setter methods
}
3. View
A JSP page to use the Spring’s form tag “<form:hidden />” to render a HTML hidden value.
File : CustomerForm.jsp
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
<html>
<body>
<h2>Spring's form hidden example</h2>
<form:form method="POST" commandName="customerForm">
<table>
<tr>
<td>Hidden value (view source to see it) :</td>
<td><form:hidden path="secretValue" /></td>
</tr>
<tr>
<td><input type="submit" /></td>
</tr>
</table>
</form:form>
</body>
</html>
If the form is submitted, render the successful page and display the submitted hidden value.
File : CustomerSuccess.jsp
<html>
<body>
<h2>Spring's form hidden value example</h2>
Hidden value : ${customer.secretValue}
<br />
</body>
</html>
4. Spring Bean Configuration
Link it all ~
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
<bean
class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping" />
<bean class="com.mkyong.customer.controller.HiddenController">
<property name="formView" value="CustomerForm" />
<property name="successView" value="CustomerSuccess" />
</bean>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
</beans>
5. Demo
Access the page – http://localhost:8080/SpringMVCForm/hidden.htm
If the form is submitted successfully, just display the submitted hidden value.
We should use getSuccessView() get get what defined in xml file.
Hai, why do we need to set the commandClass and commandName in the constructor. What is the use of these call method. Kindly clarify this doubt.
how to get hidden values from multiple hidden values that are generated at runtime?
i need to create a form on the fly, then submit all these values as 1. with a servlet i would loop through the form items and populate the object, creating a new object with each loop. if this the best way with spring?
Thanks a lot!
when I try to print the form object in formBackingObject() it return null. Am i missing anything.
@Override
protected Object formBackingObject(HttpServletRequest request)
throws Exception {
Object o = super.formBackingObject(request);
Customer customerForm = (Customer)o;
System.out.println(“titleName ” + customerForm.getTitleName());
customerForm.setSecretValue(“I’m hidden value, hehe”);
return customerForm;
}
thanks so much!!!
I have a model with array list of custom object (List) and I am not able to use this property of model inside tag. My application behaves wierdly. Is there any way to use such a property inside form tag?
The question is how to avoid mailicious user from manipulating the existing value at run time. For example:
cust.setSecretValue(“http://www.bbc.com”); and in customersuccess.jsp as mentioned we have Hidden value : ${customer.secretValue}. So when the application runs it displays as http://www.bbc.com. But a malicious user
may right click on the page and change it to something like http://www.google.com. Clearly the target url can be manipulated to forward to any other url. Is there a way we can ensure security on it.
Thanks for such a nice post