Spring MVC hidden value example

In Spring MVC, you can use <form:hidden /> to render a HTML hidden value field. For example,


	<form:hidden path="secretValue" />

It will render the following HTML code


	<input id="secretValue" name="secretValue" type="hidden" value="I'm hidden value"/> 

P.S Assume “secretValue” property contains value “I’m hidden value”.

In this tutorial, we show you how to use Spring’s form tag “<form:hidden />” to render a HTML hidden value.

1. Controller

A SimpleFormController to handle the form hidden value, and initialize the hidden value with “I’m hidden value, hehe”.

File : HiddenController.java


package com.mkyong.customer.controller;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.validation.BindException;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.SimpleFormController;
import com.mkyong.customer.model.Customer;

public class HiddenController extends SimpleFormController{
	
	public HiddenController(){
		setCommandClass(Customer.class);
		setCommandName("customerForm");
	}
	
	@Override
	protected Object formBackingObject(HttpServletRequest request)
		throws Exception {
		Customer cust = new Customer();
		cust.setSecretValue("I'm hidden value, hehe");
		return cust;
	}
	
	@Override
	protected ModelAndView onSubmit(HttpServletRequest request,
		HttpServletResponse response, Object command, BindException errors)
		throws Exception {
		Customer customer = (Customer)command;
		return new ModelAndView("CustomerSuccess","customer",customer);
	}
}

2. Model

A Customer object to store the form hidden value.

File : Customer.java


package com.mkyong.customer.model;

public class Customer{
	String secretValue;
	//getter and setter methods
}

3. View

A JSP page to use the Spring’s form tag “<form:hidden />” to render a HTML hidden value.

File : CustomerForm.jsp


<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
<html>
<body>
	<h2>Spring's form hidden example</h2>

	<form:form method="POST" commandName="customerForm">
		<table>
			<tr>
				<td>Hidden value (view source to see it) :</td>
				<td><form:hidden path="secretValue" /></td>
			</tr>
			<tr>
				<td><input type="submit" /></td>
			</tr>
		</table>
	</form:form>

</body>
</html>

If the form is submitted, render the successful page and display the submitted hidden value.

File : CustomerSuccess.jsp


<html>
<body>
	<h2>Spring's form hidden value example</h2>

	Hidden value : ${customer.secretValue}
	<br />
</body>
</html>

4. Spring Bean Configuration

Link it all ~


<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans 
	http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">

  <bean
  class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping" />

	<bean class="com.mkyong.customer.controller.HiddenController">
		<property name="formView" value="CustomerForm" />
		<property name="successView" value="CustomerSuccess" />
	</bean>

	<bean id="viewResolver"
		class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="prefix">
			<value>/WEB-INF/pages/</value>
		</property>
		<property name="suffix">
			<value>.jsp</value>
		</property>
	</bean>
</beans>

5. Demo

Access the page – http://localhost:8080/SpringMVCForm/hidden.htm

SpringMVC-Hidden-Example-1

If the form is submitted successfully, just display the submitted hidden value.

SpringMVC-Hidden-Example-2

Download Source Code

mkyong

Founder of Mkyong.com, passionate Java and open-source technologies. If you enjoy my tutorials, consider making a donation to these charities.

8 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Rady
13 years ago
 
<bean class="com.mkyong.customer.controller.HiddenController">
		<property name="formView" value="CustomerForm" />
		<property name="successView" value="CustomerSuccess" />
	</bean>

We should use getSuccessView() get get what defined in xml file.

 
@Override
	protected ModelAndView onSubmit(HttpServletRequest request,
			HttpServletResponse response, Object command, BindException errors)
			throws Exception {

		Customer customer = (Customer)command;
		return new ModelAndView(getSuccessView(),"customer",customer);
	
	}
DineshT
8 years ago

Hai, why do we need to set the commandClass and commandName in the constructor. What is the use of these call method. Kindly clarify this doubt.

thedrunk13
10 years ago

how to get hidden values from multiple hidden values that are generated at runtime?
i need to create a form on the fly, then submit all these values as 1. with a servlet i would loop through the form items and populate the object, creating a new object with each loop. if this the best way with spring?

INDUS
10 years ago

Thanks a lot!
when I try to print the form object in formBackingObject() it return null. Am i missing anything.
@Override
protected Object formBackingObject(HttpServletRequest request)
throws Exception {

Object o = super.formBackingObject(request);

Customer customerForm = (Customer)o;
System.out.println(“titleName ” + customerForm.getTitleName());

customerForm.setSecretValue(“I’m hidden value, hehe”);

return customerForm;

}

Tahseen Haque
11 years ago

thanks so much!!!

AJ
11 years ago

I have a model with array list of custom object (List) and I am not able to use this property of model inside tag. My application behaves wierdly. Is there any way to use such a property inside form tag?

Vinod
12 years ago

The question is how to avoid mailicious user from manipulating the existing value at run time. For example:
cust.setSecretValue(“http://www.bbc.com”); and in customersuccess.jsp as mentioned we have Hidden value : ${customer.secretValue}. So when the application runs it displays as http://www.bbc.com. But a malicious user
may right click on the page and change it to something like http://www.google.com. Clearly the target url can be manipulated to forward to any other url. Is there a way we can ensure security on it.

Manas
14 years ago

Thanks for such a nice post