Grails Enhancement Submitted - No Fluff Just Stuff
NFJS2026

Grails Enhancement Submitted

Posted by: Jeff Brown on October 21, 2006

I have worked up an enhancement to Grails recently that provides an easy declarative way for application authors to limit access to certain controller actions based on the http request method (PUT, POST, GET, etc...). Generally speaking, applications should not allow destructive operations to be initiated in response to a GET. That isn't the only reason to want to impose restrictions, but it is a common one. With Grails, the only way to deal with this is to put code in your controller to inspect the request object and figure out if the request was a GET, POST or whatever. For the common case where all I want to do is prevent certain actions from being invoked via a GET, I don't want to have to do that. I just want to tell the framework not to allow it. The patch I have worked up does just that. The patch allows code like this in your controller...


class EmployeeController {

  // action1 may be invoked via a POST
  // action2 has no restrictions
  // action3 may be invoked via a POST or DELETE
  def httpMethodRestrictions = [action1:'POST',
                                action3:['POST', 'DELETE']]

  def = action1 { ... }
  
  def = action2 { ... }

  def = action3 { ... }

}


The patch has been attached to http://jira.codehaus.org/browse/GRAILS-379.
Jeff Brown's complete blog can be found at: http://javajeff.blogspot.com
Jeff Brown

About Jeff Brown

Grails co-founder and OCI Grails Practice Lead, Jeff Scott Brown has been doing JVM application development for as long as the JVM has existed. He has spent most of the last decade focused specifically on work related to the Grails framework. Jeff co-authored The Definitive Guide to Grails Second Edition and The Definitive Guide to Grails 2, in partnership with Grails co-founder and OCI Grails Team Lead, Graeme Rocher. Jeff is also a regular public speaker on Grails, Groovy, and other JVM-related technologies.

Why Attend the NFJS Tour?

  • » Cutting-Edge Technologies
  • » Agile Practices
  • » Peer Exchange

Current Topics:

  • Languages on the JVM: Scala, Groovy, Clojure
  • Enterprise Java
  • Core Java, Java 8
  • Agility
  • Testing: Geb, Spock, Easyb
  • REST
  • NoSQL: MongoDB, Cassandra
  • Hadoop
  • Spring 4
  • Cloud
  • Automation Tools: Gradle, Git, Jenkins, Sonar
  • HTML5, CSS3, AngularJS, jQuery, Usability
  • Mobile Apps - iPhone and Android
  • More...
Learn More »