I’m building a small application, and in part of the UI you can sort some objects (persons). So when I call this url:
http://localhost:8080/addressbook/person/list?sort=name
all works nicely.
However, when I change the URL to the following, my application is throwing exceptions:
http://localhost:8080/addressbook/person/list?sort=thisisanunknowproperty
I get errors like:
Class
org.hibernate.QueryException
Message
could not resolve property: thisisanunknownproperty of: persons.Person
This is really not what I want, of course. The application should just not sort, and not throw exceptions like this. But how do I prevent this behavior from happening?
Thing which come to mind is that I build something in which checks if the property is a member of the allowed properties to sort, but I'm wondering if there is anything out of the box for this which I missed?
As I mentioned via email, take a look at Grails Command Objects which are based around the Spring Validation API.
The hard and fast rule is never, ever blindly accept user input. In many frameworks, Grails included, this has exposed some nasty security holes.