In our previous WebWork app we were not using ModelDriven and just
relying on OGNL assignment...
* We ensure our action provides a getter for the domain object
private Account account;
public Account getAccount();
* We ensure html fieldnames include both the domain object name and the
property
<input type="hidden" name="account.accountName" value="foo" />
And that does it. Direct model injection. Easy.
So my question is this...
Is there any benefit in dealing with the added complexity of
ModelDriven? It's one more interceptor, and it's one more thing the
action has to implement. Neither are terribly burdensome but it's more
work than just doing OGNL assignment and I'm wondering why one might go
that way.
Is it a security thing? I know there are security issues around OGNL
resolution (or there were). Does ModelDriven do a better job of locking
down what properties are injectable from HTML?
I was hoping, that ModelDriven might be a more elegant way to handle
associations in the targeted domain object. Since
ModelDrivenInterceptor comes after the ParameterInterceptor, your form
can declare the ID for the associated object and then in your getModel()
method (called after parameter resolution) you've got the opportunity to
resolve those IDs into real object associations before handing off the
model.
But after thinking about it, this isn't any more elegant than how we do
it now. We basically do the same thing (IDs in the HTML), we just
resolve the associations after the model's other properties are injected
(instead of before). So that's apparently not of much advantage.
What am I missing? Why would I use ModelDriven instead?
Thanks!
- Gary
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
