The dark secret of CRUD applications using Spring MVC

Do you use Spring MVC with an OpenSessionInView filter and your Entities also as Data Transfer Objects, like in a basic CRUD setup? Then you may have exposed more of your model than you've anticipated.

The easy to use Databinding of Spring MVC will, unconfigured, bind any property in the incoming POST to your domain model, including those not present in the form. To make matters worse, it is also possible to navigate property paths and modify other objects in the domain model. They will get saved too if you have a transaction because of Hibernate's automatic dirty checking. If you use Spring Roo with Hibernate and Spring MVC this is the default behavior.

In this blogpost, I will demonstrate this feature and show you how to fix it.


JOSS and Cloudie join forces @ javaswift.org

Providing Java tools for dealing with OpenStack Storage aka Swift, that is the mission of javaswift.org. Erik Hooijmeijer and Robert Bor have decided to join forces by combining JOSS and Cloudie into this single open source organization.