Grails Enhancement Submitted
Posted by:
Jeff Brown
on 10/21/2006
I have worked up an enhancement to Grails recently that provides an easy declarative way for application authors to limit access to certain controller actions based on the http request method (PUT, POST, GET, etc...). Generally speaking, applications should not allow destructive operations to be initiated in response to a GET. That isn't the only reason to want to impose restrictions, but it is a common one. With Grails, the only way to deal with this is to put code in your controller to inspect the request object and figure out if the request was a GET, POST or whatever. For the common case where all I want to do is prevent certain actions from being invoked via a GET, I don't want to have to do that. I just want to tell the framework not to allow it. The patch I have worked up does just that. The patch allows code like this in your controller...
The patch has been attached to http://jira.codehaus.org/browse/GRAILS-379.
class EmployeeController {
// action1 may be invoked via a POST
// action2 has no restrictions
// action3 may be invoked via a POST or DELETE
def httpMethodRestrictions = [action1:'POST',
action3:['POST', 'DELETE']]
def = action1 { ... }
def = action2 { ... }
def = action3 { ... }
}
The patch has been attached to http://jira.codehaus.org/browse/GRAILS-379.
Jeff Brown's complete blog can be found at: http://javajeff.blogspot.com
About Jeff Brown
Core member of the Grails development team, Jeff Brown, is a Senior Software Engineer with SpringSource. Jeff has been involved in designing and building object oriented systems for over 15 years. Jeff's areas of expertise include web development with Groovy & Grails, Java and agile development.
More About Jeff »NFJS, the Magazine
BDD and REST
by Brian SlettenMocks and Stubs in Groovy Tests
by Kenneth KousenAlgorithms for Better Text Search Results
by John GriffinKnowns and Unknowns of Scrum and Agile
by Brian Tarbox