« Grails Presentation Thursday Evening | Main | Switching Versions Of Grails (and other tools) »

Grails Enhancement Submitted

Posted by: Jeff Brown on 10/21/2006

I have worked up an enhancement to Grails recently that provides an easy declarative way for application authors to limit access to certain controller actions based on the http request method (PUT, POST, GET, etc...). Generally speaking, applications should not allow destructive operations to be initiated in response to a GET. That isn't the only reason to want to impose restrictions, but it is a common one. With Grails, the only way to deal with this is to put code in your controller to inspect the request object and figure out if the request was a GET, POST or whatever. For the common case where all I want to do is prevent certain actions from being invoked via a GET, I don't want to have to do that. I just want to tell the framework not to allow it. The patch I have worked up does just that. The patch allows code like this in your controller...


class EmployeeController {

  // action1 may be invoked via a POST
  // action2 has no restrictions
  // action3 may be invoked via a POST or DELETE
  def httpMethodRestrictions = [action1:'POST',
                                action3:['POST', 'DELETE']]

  def = action1 { ... }
  
  def = action2 { ... }

  def = action3 { ... }

}

The patch has been attached to http://jira.codehaus.org/browse/GRAILS-379.

Jeff Brown's complete blog can be found at: http://javajeff.blogspot.com

About Jeff Brown

Core member of the Grails development team, Jeff Brown, is a Senior Software Engineer with SpringSource. Jeff has been involved in designing and building object oriented systems for over 15 years. Jeff's areas of expertise include web development with Groovy & Grails, Java and agile development.

More About Jeff »