8.1 Controllers - Reference Documentation
Authors: Graeme Rocher, Peter Ledbrook, Marc Palmer, Jeff Brown, Luke Daley, Burt Beckwith, Lari Hotari
Version: 3.1.7
Table of Contents
8.1 Controllers
A controller handles requests and creates or prepares the response. A controller can generate the response directly or delegate to a view. To create a controller, simply create a class whose name ends withController
in the grails-app/controllers
directory (in a subdirectory if it's in a package).The default URL Mapping configuration ensures that the first part of your controller name is mapped to a URI and each action defined within your controller maps to URIs within the controller name URI.
8.1.1 Understanding Controllers and Actions
Creating a controller
Controllers can be created with the create-controller or generate-controller command. For example try running the following command from the root of a Grails project:grails create-controller book
grails-app/controllers/myapp/BookController.groovy
:package myappclass BookController { def index() { }
}
BookController
by default maps to the /book URI (relative to your application root).Thecreate-controller
andgenerate-controller
commands are just for convenience and you can just as easily create controllers using your favorite text editor or IDE
Creating Actions
A controller can have multiple public action methods; each one maps to a URI:class BookController { def list() { // do controller logic // create model return model } }
/book/list
URI by default thanks to the property being named list
.Public Methods as Actions
In earlier versions of Grails actions were implemented with Closures. This is still supported, but the preferred approach is to use methods.Leveraging methods instead of Closure properties has some advantages:- Memory efficient
- Allow use of stateless controllers (
singleton
scope) - You can override actions from subclasses and call the overridden superclass method with
super.actionName()
- Methods can be intercepted with standard proxying mechanisms, something that is complicated to do with Closures since they're fields.
grails.compile.artefacts.closures.convert
property to true in application.yml
:
grails:
compile:
artefacts:
closures:
convert: true
If a controller class extends some other class which is not defined under the grails-app/controllers/
directory, methods inherited from that class are not converted to controller actions. If the intent is to expose those inherited methods as controller actions the methods may be overridden in the subclass and the subclass method may invoke the method in the super class.
The Default Action
A controller has the concept of a default URI that maps to the root URI of the controller, for example/book
for BookController
. The action that is called when the default URI is requested is dictated by the following rules:
- If there is only one action, it's the default
- If you have an action named
index
, it's the default - Alternatively you can set it explicitly with the
defaultAction
property:
static defaultAction = "list"
8.1.2 Controllers and Scopes
Available Scopes
Scopes are hash-like objects where you can store variables. The following scopes are available to controllers:- servletContext - Also known as application scope, this scope lets you share state across the entire web application. The servletContext is an instance of ServletContext
- session - The session allows associating state with a given user and typically uses cookies to associate a session with a client. The session object is an instance of HttpSession
- request - The request object allows the storage of objects for the current request only. The request object is an instance of HttpServletRequest
- params - Mutable map of incoming request query string or POST parameters
- flash - See below
Accessing Scopes
Scopes can be accessed using the variable names above in combination with Groovy's array index operator, even on classes provided by the Servlet API such as the HttpServletRequest:class BookController { def find() { def findBy = params["findBy"] def appContext = request["foo"] def loggedUser = session["logged_user"] } }
class BookController { def find() { def findBy = params.findBy def appContext = request.foo def loggedUser = session.logged_user } }
Using Flash Scope
Grails supports the concept of flash scope as a temporary store to make attributes available for this request and the next request only. Afterwards the attributes are cleared. This is useful for setting a message directly before redirecting, for example:def delete() { def b = Book.get(params.id) if (!b) { flash.message = "User not found for id ${params.id}" redirect(action:list) } … // remaining code }
list
action is requested, the message
value will be in scope and can be used to display an information message. It will be removed from the flash
scope after this second request.Note that the attribute name can be anything you want, and the values are often strings used to display messages, but can be any object type.Scoped Controllers
Newly created applications have thegrails.controllers.defaultScope
property set to a value of "singleton" in application.yml
. You may change this value to any
of the supported scopes listed below. If the property is not assigned a value at all, controllers will default to "prototype" scope.Supported controller scopes are:
prototype
(default) - A new controller will be created for each request (recommended for actions as Closure properties)session
- One controller is created for the scope of a user sessionsingleton
- Only one instance of the controller ever exists (recommended for actions as methods)
scope
property to your class with one of the valid scope values listed above, for examplestatic scope = "singleton"
application.yml
with the grails.controllers.defaultScope
key, for example:grails: controllers: defaultScope: singleton
Use scoped controllers wisely. For instance, we don't recommend having any properties in a singleton-scoped controller since they will be shared for all requests.
8.1.3 Models and Views
Returning the Model
A model is a Map that the view uses when rendering. The keys within that Map correspond to variable names accessible by the view. There are a couple of ways to return a model. First, you can explicitly return a Map instance:def show() { [book: Book.get(params.id)] }
The above does not reflect what you should use with the scaffolding views - see the scaffolding section for more details.A more advanced approach is to return an instance of the Spring ModelAndView class:
import org.springframework.web.servlet.ModelAndViewdef index() { // get some books just for the index page, perhaps your favorites def favoriteBooks = ... // forward to the list view to show them return new ModelAndView("/book/list", [ bookList : favoriteBooks ]) }
attributes
application
Selecting the View
In both of the previous two examples there was no code that specified which view to render. So how does Grails know which one to pick? The answer lies in the conventions. Grails will look for a view at the locationgrails-app/views/book/show.gsp
for this show
action:class BookController { def show() { [book: Book.get(params.id)] } }
def show() {
def map = [book: Book.get(params.id)]
render(view: "display", model: map)
}
grails-app/views/book/display.gsp
. Notice that Grails automatically qualifies the view location with the book
directory of the grails-app/views
directory. This is convenient, but to access shared views you need instead you can use an absolute path instead of a relative one:def show() {
def map = [book: Book.get(params.id)]
render(view: "/shared/display", model: map)
}
grails-app/views/shared/display.gsp
.Grails also supports JSPs as views, so if a GSP isn't found in the expected location but a JSP is, it will be used instead.
Selecting Views For Namespaced Controllers
If a controller defines a namespace for itself with the namespace property that will affect the root directory in which Grails will look for views which are specified with a relative path. The default root directory for views rendered by a namespaced controller isgrails-app/views/<namespace name>/<controller name>/
. If the view is not found in the namespaced directory then Grails will fallback to looking for the view in the non-namespaced directory.See the example below.class ReportingController { static namespace = 'business' def humanResources() { // This will render grails-app/views/business/reporting/humanResources.gsp // if it exists. // If grails-app/views/business/reporting/humanResources.gsp does not // exist the fallback will be grails-app/views/reporting/humanResources.gsp. // The namespaced GSP will take precedence over the non-namespaced GSP. [numberOfEmployees: 9] } def accountsReceivable() { // This will render grails-app/views/business/reporting/accounting.gsp // if it exists. // If grails-app/views/business/reporting/accounting.gsp does not // exist the fallback will be grails-app/views/reporting/accounting.gsp. // The namespaced GSP will take precedence over the non-namespaced GSP. render view: 'numberCrunch', model: [numberOfEmployees: 13] } }
Rendering a Response
Sometimes it's easier (for example with Ajax applications) to render snippets of text or code to the response directly from the controller. For this, the highly flexiblerender
method can be used:render "Hello World!"
// write some markup
render {
for (b in books) {
div(id: b.id, b.title)
}
}
// render a specific view render(view: 'show')
// render a template for each item in a collection
render(template: 'book_template', collection: Book.list())
// render some text with encoding and content type render(text: "<xml>some xml</xml>", contentType: "text/xml", encoding: "UTF-8")
MarkupBuilder
to generate HTML for use with the render
method be careful of naming clashes between HTML elements and Grails tags, for example:import groovy.xml.MarkupBuilder … def login() { def writer = new StringWriter() def builder = new MarkupBuilder(writer) builder.html { head { title 'Log in' } body { h1 'Hello' form { } } } def html = writer.toString() render html }
MarkupBuilder
). To correctly output a <form>
element, use the following:def login() { // … body { h1 'Hello' builder.form { } } // … }
8.1.4 Redirects and Chaining
Redirects
Actions can be redirected using the redirect controller method:class OverviewController { def login() {} def find() { if (!session.user) redirect(action: 'login') return } … } }
sendRedirect
method.The redirect
method expects one of:
- Another closure within the same controller class:
// Call the login action within the same class redirect(action: login)
- The name of an action (and controller name if the redirect isn't to an action in the current controller):
// Also redirects to the index action in the home controller redirect(controller: 'home', action: 'index')
- A URI for a resource relative the application context path:
// Redirect to an explicit URI
redirect(uri: "/login.html")
- Or a full URL:
// Redirect to a URL
redirect(url: "http://grails.org")
params
argument of the method:redirect(action: 'myaction', params: [myparam: "myvalue"])
params
object is a Map, you can use it to pass the current request parameters from one action to the next:redirect(action: "next", params: params)
redirect(controller: "test", action: "show", fragment: "profile")
Chaining
Actions can also be chained. Chaining allows the model to be retained from one action to the next. For example calling thefirst
action in this action:class ExampleChainController { def first() { chain(action: second, model: [one: 1]) } def second () { chain(action: third, model: [two: 2]) } def third() { [three: 3]) } }
[one: 1, two: 2, three: 3]
chainModel
map. This dynamic property only exists in actions following the call to the chain
method:class ChainController { def nextInChain() { def model = chainModel.myModel … } }
redirect
method you can also pass parameters to the chain
method:chain(action: "action1", model: [one: 1], params: [myparam: "param1"])
8.1.5 Data Binding
Data binding is the act of "binding" incoming request parameters onto the properties of an object or an entire graph of objects. Data binding should deal with all necessary type conversion since request parameters, which are typically delivered by a form submission, are always strings whilst the properties of a Groovy or Java object may well not be.Map Based Binding
The data binder is capable of converting and assigning values in a Map to properties of an object. The binder will associate entries in the Map to properties of the object using the keys in the Map that have values which correspond to property names on the object. The following code demonstrates the basics:// grails-app/domain/Person.groovy class Person { String firstName String lastName Integer age }
def bindingMap = [firstName: 'Peter', lastName: 'Gabriel', age: 63]def person = new Person(bindingMap)assert person.firstName == 'Peter'
assert person.lastName == 'Gabriel'
assert person.age == 63
properties
property of the domain class:def bindingMap = [firstName: 'Peter', lastName: 'Gabriel', age: 63]def person = Person.get(someId) person.properties = bindingMapassert person.firstName == 'Peter' assert person.lastName == 'Gabriel' assert person.age == 63
class Person { String firstName String lastName Integer age Address homeAddress }class Address { String county String country }
def bindingMap = [firstName: 'Peter', lastName: 'Gabriel', age: 63, homeAddress: [county: 'Surrey', country: 'England'] ]def person = new Person(bindingMap)assert person.firstName == 'Peter'
assert person.lastName == 'Gabriel'
assert person.age == 63
assert person.homeAddress.county == 'Surrey'
assert person.homeAddress.country == 'England'
Binding To Collections And Maps
The data binder can populate and update Collections and Maps. The following code shows a simple example of populating aList
of objects in a domain class:class Band { String name static hasMany = [albums: Album] List albums }class Album { String title Integer numberOfTracks }
def bindingMap = [name: 'Genesis',
'albums[0]': [title: 'Foxtrot', numberOfTracks: 6],
'albums[1]': [title: 'Nursery Cryme', numberOfTracks: 7]]def band = new Band(bindingMap)assert band.name == 'Genesis'
assert band.albums.size() == 2
assert band.albums[0].title == 'Foxtrot'
assert band.albums[0].numberOfTracks == 6
assert band.albums[1].title == 'Nursery Cryme'
assert band.albums[1].numberOfTracks == 7
albums
were an array instead of a List
.Note that when binding to a Set
the structure of the Map
being bound to the Set
is the same as that of a Map
being bound to a List
but since a Set
is unordered, the indexes don't necessarily correspond to the order of elements in the Set
. In the code example above, if albums
were a Set
instead of a List
, the bindingMap
could look exactly the same but 'Foxtrot' might be the first album in the Set
or it might be the second. When updating existing elements in a Set
the Map
being assigned to the Set
must have id
elements in it which represent the element in the Set
being updated, as in the following example:/* * The value of the indexes 0 and 1 in albums[0] and albums[1] are arbitrary * values that can be anything as long as they are unique within the Map. * They do not correspond to the order of elements in albums because albums * is a Set. */ def bindingMap = ['albums[0]': [id: 9, title: 'The Lamb Lies Down On Broadway'] 'albums[1]': [id: 4, title: 'Selling England By The Pound']]def band = Band.get(someBandId)/* * This will find the Album in albums that has an id of 9 and will set its title * to 'The Lamb Lies Down On Broadway' and will find the Album in albums that has * an id of 4 and set its title to 'Selling England By The Pound'. In both * cases if the Album cannot be found in albums then the album will be retrieved * from the database by id, the Album will be added to albums and will be updated * with the values described above. If a Album with the specified id cannot be * found in the database, then a binding error will be created and associated * with the band object. More on binding errors later. */ band.properties = bindingMap
Map
the structure of the binding Map
is the same as the structure of a Map
used for binding to a List
or a Set
and the index inside of square brackets corresponds to the key in the Map
being bound to. See the following code:class Album { String title static hasMany = [players: Player] Map players }class Player { String name }
def bindingMap = [title: 'The Lamb Lies Down On Broadway',
'players[guitar]': [name: 'Steve Hackett'],
'players[vocals]': [name: 'Peter Gabriel'],
'players[keyboards]': [name: 'Tony Banks']]def album = new Album(bindingMap)assert album.title == 'The Lamb Lies Down On Broadway'
assert album.players.size() == 3
assert album.players.guitar.name == 'Steve Hackett'
assert album.players.vocals.name == 'Peter Gabriel'
assert album.players.keyboards.name == 'Tony Banks'
Map
, if the key specified in the binding Map
does not exist in the Map
being bound to then a new value will be created and added to the Map
with the specified key as in the following example:
def bindingMap = [title: 'The Lamb Lies Down On Broadway',
'players[guitar]': [name: 'Steve Hackett'],
'players[vocals]': [name: 'Peter Gabriel']
'players[keyboards]': [name: 'Tony Banks']]def album = new Album(bindingMap)assert album.title == 'The Lamb Lies Down On Broadway'
assert album.players.size() == 3
assert album.players.guitar == 'Steve Hackett'
assert album.players.vocals == 'Peter Gabriel'
assert album.players.keyboards == 'Tony Banks'def updatedBindingMap = ['players[drums]': [name: 'Phil Collins'],
'players[keyboards]': [name: 'Anthony George Banks']]album.properties = updatedBindingMapassert album.title == 'The Lamb Lies Down On Broadway'
assert album.players.size() == 4
assert album.players.guitar.name == 'Steve Hackett'
assert album.players.vocals.name == 'Peter Gabriel'
assert album.players.keyboards.name == 'Anthony George Banks'
assert album.players.drums.name == 'Phil Collins'
Binding Request Data to the Model
The params object that is available in a controller has special behavior that helps convert dotted request parameter names into nested Maps that the data binder can work with. For example, if a request includes request parameters namedperson.homeAddress.country
and person.homeAddress.city
with values 'USA' and 'St. Louis' respectively, params
would include entries like these:[person: [homeAddress: [country: 'USA', city: 'St. Louis']]]
def save() {
def b = new Book(params)
b.save()
}
new Book(params)
. By passing the params object to the domain class constructor Grails automatically recognizes that you are trying to bind from request parameters. So if we had an incoming request like:/book/save?title=The%20Stand&author=Stephen%20King
title
and author
request parameters would automatically be set on the domain class. You can use the properties property to perform data binding onto an existing instance:def save() { def b = Book.get(params.id) b.properties = params b.save() }
grails.databinding.trimStrings
property to false in grails-app/conf/application.groovy
.// the default value is true grails.databinding.trimStrings = false// ...
grails.databinding.convertEmptyStringsToNull
property to false in grials-app/conf/application.groovy
.// the default value is true grails.databinding.convertEmptyStringsToNull = false// ...
trimStrings
is true
and convertEmptyStringsToNull
is true
, not only will empty Strings be converted to null but also blank Strings. A blank String is any String such that the trim()
method returns an empty String.These forms of data binding in Grails are very convenient, but also indiscriminate. In other words, they will bind all non-transient, typed instance properties of the target object, including ones that you may not want bound. Just because the form in your UI doesn't submit all the properties, an attacker can still send malign data via a raw HTTP request. Fortunately, Grails also makes it easy to protect against such attacks - see the section titled "Data Binding and Security concerns" for more information.
Data binding and Single-ended Associations
If you have aone-to-one
or many-to-one
association you can use Grails' data binding capability to update these relationships too. For example if you have an incoming request such as:/book/save?author.id=20
.id
suffix on the request parameter and look up the Author
instance for the given id when doing data binding such as:def b = new Book(params)
null
by passing the literal String
"null". For example:/book/save?author.id=null
Data Binding and Many-ended Associations
If you have a one-to-many or many-to-many association there are different techniques for data binding depending of the association type.If you have aSet
based association (the default for a hasMany
) then the simplest way to populate an association is to send a list of identifiers. For example consider the usage of <g:select>
below:<g:select name="books"
from="${Book.list()}"
size="5" multiple="yes" optionKey="id"
value="${author?.books}" />
books
association.However, if you have a scenario where you want to update the properties of the associated objects the this technique won't work. Instead you use the subscript operator:<g:textField name="books[0].title" value="the Stand" /> <g:textField name="books[1].title" value="the Shining" />
Set
based association it is critical that you render the mark-up in the same order that you plan to do the update in. This is because a Set
has no concept of order, so although we're referring to books0
and books1
it is not guaranteed that the order of the association will be correct on the server side unless you apply some explicit sorting yourself.This is not a problem if you use List
based associations, since a List
has a defined order and an index you can refer to. This is also true of Map
based associations.Note also that if the association you are binding to has a size of two and you refer to an element that is outside the size of association:<g:textField name="books[0].title" value="the Stand" /> <g:textField name="books[1].title" value="the Shining" /> <g:textField name="books[2].title" value="Red Madder" />
List
using the same .id
syntax as you would use with a single-ended association. For example:<g:select name="books[0].id" from="${bookList}" value="${author?.books[0]?.id}" /><g:select name="books[1].id" from="${bookList}" value="${author?.books[1]?.id}" /><g:select name="books[2].id" from="${bookList}" value="${author?.books[2]?.id}" />
books List
to be selected separately.Entries at particular indexes can be removed in the same way too. For example:<g:select name="books[0].id"
from="${Book.list()}"
value="${author?.books[0]?.id}"
noSelection="['null': '']"/>
books0
if the empty option is chosen.Binding to a Map
property works the same way except that the list index in the parameter name is replaced by the map key:<g:select name="images[cover].id"
from="${Image.list()}"
value="${book?.images[cover]?.id}"
noSelection="['null': '']"/>
Map
property images
under a key of "cover"
.When binding to Maps, Arrays and Collections the data binder will automatically grow the size of the collections as necessary.The default limit to how large the binder will grow a collection is 256. If the data binder encounters an entry that requires the collection be grown beyond that limit, the entry is ignored. The limit may be configured by assigning a value to thegrails.databinding.autoGrowCollectionLimit
property inapplication.groovy
.
// grails-app/conf/application.groovy// the default value is 256
grails.databinding.autoGrowCollectionLimit = 128// ...
Data binding with Multiple domain classes
It is possible to bind data to multiple domain objects from the params object.For example so you have an incoming request to:/book/save?book.title=The%20Stand&author.name=Stephen%20King
author.
or book.
which is used to isolate which parameters belong to which type. Grails' params
object is like a multi-dimensional hash and you can index into it to isolate only a subset of the parameters to bind.def b = new Book(params.book)
book.title
parameter to isolate only parameters below this level to bind. We could do the same with an Author
domain class:def a = new Author(params.author)
Data Binding and Action Arguments
Controller action arguments are subject to request parameter data binding. There are 2 categories of controller action arguments. The first category is command objects. Complex types are treated as command objects. See the Command Objects section of the user guide for details. The other category is basic object types. Supported types are the 8 primitives, their corresponding type wrappers and java.lang.String. The default behavior is to map request parameters to action arguments by name:class AccountingController { // accountNumber will be initialized with the value of params.accountNumber // accountType will be initialized with params.accountType def displayInvoice(String accountNumber, int accountType) { // … } }
params.accountType
request parameter has to be converted to an int
. If type conversion fails for any reason, the argument will have its default value per normal Java behavior (null for type wrapper references, false for booleans and zero for numbers) and a corresponding error will be added to the errors
property of the defining controller./accounting/displayInvoice?accountNumber=B59786&accountType=bogusValue
errors.hasErrors()
will be true, the controller's errors.errorCount
will be equal to 1 and the controller's errors.getFieldError('accountType')
will contain the corresponding error.If the argument name does not match the name of the request parameter then the @grails.web.RequestParameter
annotation may be applied to an argument to express the name of the request parameter which should be bound to that argument:import grails.web.RequestParameterclass AccountingController { // mainAccountNumber will be initialized with the value of params.accountNumber // accountType will be initialized with params.accountType def displayInvoice(@RequestParameter('accountNumber') String mainAccountNumber, int accountType) { // … } }
Data binding and type conversion errors
Sometimes when performing data binding it is not possible to convert a particular String into a particular target type. This results in a type conversion error. Grails will retain type conversion errors inside the errors property of a Grails domain class. For example:class Book { … URL publisherURL }
Book
that uses the java.net.URL
class to represent URLs. Given an incoming request such as:/book/save?publisherURL=a-bad-url
a-bad-url
to the publisherURL
property as a type mismatch error occurs. You can check for these like this:def b = new Book(params)if (b.hasErrors()) { println "The value ${b.errors.getFieldError('publisherURL').rejectedValue}" + " is not a valid URL!" }
grails-app/i18n/messages.properties
file to use for the error. You can use a generic error message handler such as:typeMismatch.java.net.URL=The field {0} is not a valid URL
typeMismatch.Book.publisherURL=The publisher URL you specified is not a valid URL
The BindUsing Annotation
The BindUsing annotation may be used to define a custom binding mechanism for a particular field in a class. Any time data binding is being applied to the field the closure value of the annotation will be invoked with 2 arguments. The first argument is the object that data binding is being applied to and the second argument is DataBindingSource which is the data source for the data binding. The value returned from the closure will be bound to the property. The following example would result in the upper case version of thename
value in the source being applied to the name
field during data binding.import org.grails.databinding.BindUsingclass SomeClass { @BindUsing({obj, source -> //source is DataSourceBinding which is similar to a Map //and defines getAt operation but source.name cannot be used here. //In order to get name from source use getAt instead as shown below. source['name']?.toUpperCase() }) String name }
Note that data binding is only possible when the name of the request parameter matches with the field name in the class. Here,The BindUsing annotation may be used to define a custom binding mechanism for all of the fields on a particular class. When the annotation is applied to a class, the value assigned to the annotation should be a class which implements the BindingHelper interface. An instance of that class will be used any time a value is bound to a property in the class that this annotation has been applied to.name
from request parameters matches withname
fromSomeClass
.
@BindUsing(SomeClassWhichImplementsBindingHelper) class SomeClass { String someProperty Integer someOtherProperty }
Custom Data Converters
The binder will do a lot of type conversion automatically. Some applications may want to define their own mechanism for converting values and a simple way to do this is to write a class which implements ValueConverter and register an instance of that class as a bean in the Spring application context.package com.myapp.convertersimport org.grails.databinding.converters.ValueConverter/** * A custom converter which will convert String of the * form 'city:state' into an Address object. */ class AddressValueConverter implements ValueConverter { boolean canConvert(value) { value instanceof String } def convert(value) { def pieces = value.split(':') new com.myapp.Address(city: pieces[0], state: pieces[1]) } Class<?> getTargetType() { com.myapp.Address } }
// grails-app/conf/spring/resources.groovybeans = { addressConverter com.myapp.converters.AddressValueConverter // ...}
class Person { String firstName Address homeAddress }class Address { String city String state }def person = new Person() person.properties = [firstName: 'Jeff', homeAddress: "O'Fallon:Missouri"] assert person.firstName == 'Jeff' assert person.homeAddress.city = "O'Fallon" assert person.homeAddress.state = 'Missouri'
Date Formats For Data Binding
A custom date format may be specified to be used when binding a String to a Date value by applying the BindingFormat annotation to a Date field.import org.grails.databinding.BindingFormatclass Person {
@BindingFormat('MMddyyyy')
Date birthDate
}
application.groovy
to define date formats which will be used application wide when binding to Date.// grails-app/conf/application.groovygrails.databinding.dateFormats = ['MMddyyyy', 'yyyy-MM-dd HH:mm:ss.S', "yyyy-MM-dd'T'hh:mm:ss'Z'"]
grails.databinding.dateFormats
will be attempted in the order in which they are included in the List. If a property is marked with @BindingFormat, the @BindingFormat will take precedence over the values specified in grails.databinding.dateFormats
.The default formats that are used are "yyyy-MM-dd HH:mm:ss.S", "yyyy-MM-dd'T'hh:mm:ss'Z'" and "yyyy-MM-dd HH:mm:ss.S z".Custom Formatted Converters
You may supply your own handler for the BindingFormat annotation by writing a class which implements the FormattedValueConverter interface and registering an instance of that class as a bean in the Spring application context. Below is an example of a trivial custom String formatter that might convert the case of a String based on the value assigned to the BindingFormat annotation.package com.myapp.convertersimport org.grails.databinding.converters.FormattedValueConverterclass FormattedStringValueConverter implements FormattedValueConverter { def convert(value, String format) { if('UPPERCASE' == format) { value = value.toUpperCase() } else if('LOWERCASE' == format) { value = value.toLowerCase() } value } Class getTargetType() { // specifies the type to which this converter may be applied String } }
// grails-app/conf/spring/resources.groovybeans = { formattedStringConverter com.myapp.converters.FormattedStringValueConverter // ...}
BindingFormat
annotation may be applied to String fields to inform the data binder to take advantage of the custom converter.import org.grails.databinding.BindingFormatclass Person { @BindingFormat('UPPERCASE') String someUpperCaseString @BindingFormat('LOWERCASE') String someLowerCaseString String someOtherString }
Localized Binding Formats
TheBindingFormat
annotation supports localized format strings by using the optional code
attribute. If a value is assigned to the code attribute that value will be used as the message code to retrieve the binding format string from the messageSource
bean in the Spring application context and that lookup will be localized.import org.grails.databinding.BindingFormatclass Person {
@BindingFormat(code='date.formats.birthdays')
Date birthDate
}
# grails-app/conf/i18n/messages.properties date.formats.birthdays=MMddyyyy
# grails-app/conf/i18n/messages_es.properties date.formats.birthdays=ddMMyyyy
Structured Data Binding Editors
A structured data binding editor is a helper class which can bind structured request parameters to a property. The common use case for structured binding is binding to aDate
object which might be constructed from several smaller pieces of information contained in several request parameters with names like birthday_month
, birthday_date
and birthday_year
. The structured editor would retrieve all of those individual pieces of information and use them to construct a Date
.The framework provides a structured editor for binding to Date
objects. An application may register its own structured editors for whatever types are appropriate. Consider the following classes:// src/groovy/databinding/Gadget.groovy
package databindingclass Gadget {
Shape expandedShape
Shape compressedShape
}
// src/groovy/databinding/Shape.groovy package databindingclass Shape { int area }
Gadget
has 2 Shape
fields. A Shape
has an area
property. It may be that the application wants to accept request parameters like width
and height
and use those to calculate the area
of a Shape
at binding time. A structured binding editor is well suited for that.The way to register a structured editor with the data binding process is to add an instance of the org.grails.databinding.TypedStructuredBindingEditor interface to the Spring application context. The easiest way to implement the TypedStructuredBindingEditor
interface is to extend the org.grails.databinding.converters.AbstractStructuredBindingEditor abstract class and override the getPropertyValue
method as shown below:// src/groovy/databinding/converters/StructuredShapeEditor.groovy package databinding.convertersimport databinding.Shapeimport org.grails.databinding.converters.AbstractStructuredBindingEditorclass StructuredShapeEditor extends AbstractStructuredBindingEditor<Shape> { public Shape getPropertyValue(Map values) { // retrieve the individual values from the Map def width = values.width as int def height = values.height as int // use the values to calculate the area of the Shape def area = width * height // create and return a Shape with the appropriate area new Shape(area: area) } }
// grails-app/conf/spring/resources.groovy beans = { shapeEditor databinding.converters.StructuredShapeEditor // … }
Gadget
class it will check to see if there are request parameters with names compressedShape
and expandedShape
which have a value of "struct" and if they do exist, that will trigger the use of the StructuredShapeEditor
. The individual components of the structure need to have parameter names of the form propertyName_structuredElementName. In the case of the Gadget
class above that would mean that the compressedShape
request parameter should have a value of "struct" and the compressedShape_width
and compressedShape_height
parameters should have values which represent the width and the height of the compressed Shape
. Similarly, the expandedShape
request parameter should have a value of "struct" and the expandedShape_width
and expandedShape_height
parameters should have values which represent the width and the height of the expanded Shape
.// grails-app/controllers/demo/DemoController.groovy class DemoController { def createGadget(Gadget gadget) { /* /demo/createGadget?expandedShape=struct&expandedShape_width=80&expandedShape_height=30 &compressedShape=struct&compressedShape_width=10&compressedShape_height=3 */ // with the request parameters shown above gadget.expandedShape.area would be 2400 // and gadget.compressedShape.area would be 30 // ... } }
Data Binding Event Listeners
The DataBindingListener interface provides a mechanism for listeners to be notified of data binding events. The interface looks like this:package org.grails.databinding.events;import org.grails.databinding.errors.BindingError;public interface DataBindingListener { /** * @return true if the listener is interested in events for the specified type. */ boolean supports(Class<?> clazz); /** * Called when data binding is about to start. * * @param target The object data binding is being imposed upon * @param errors the Spring Errors instance (a org.springframework.validation.BindingResult) * @return true if data binding should continue */ Boolean beforeBinding(Object target, Object errors); /** * Called when data binding is about to imposed on a property * * @param target The object data binding is being imposed upon * @param propertyName The name of the property being bound to * @param value The value of the property being bound * @param errors the Spring Errors instance (a org.springframework.validation.BindingResult) * @return true if data binding should continue, otherwise return false */ Boolean beforeBinding(Object target, String propertyName, Object value, Object errors); /** * Called after data binding has been imposed on a property * * @param target The object data binding is being imposed upon * @param propertyName The name of the property that was bound to * @param errors the Spring Errors instance (a org.springframework.validation.BindingResult) */ void afterBinding(Object target, String propertyName, Object errors); /** * Called after data binding has finished. * * @param target The object data binding is being imposed upon * @param errors the Spring Errors instance (a org.springframework.validation.BindingResult) */ void afterBinding(Object target, Object errors); /** * Called when an error occurs binding to a property * @param error encapsulates information about the binding error * @param errors the Spring Errors instance (a org.springframework.validation.BindingResult) * @see BindingError */ void bindingError(BindingError error, Object errors); }
DataBindingListener
interface and provides default implementations for all of the methods in the interface so this class is well suited for subclassing so your listener class only needs to provide implementations for the methods your listener is interested in.The Grails data binder has limited support for the older BindEventListener style listeners. BindEventListener
looks like this:package org.codehaus.groovy.grails.web.binding;import org.springframework.beans.MutablePropertyValues; import org.springframework.beans.TypeConverter;public interface BindEventListener { /** * @param target The target to bind to * @param source The source of the binding, typically a Map * @param typeConverter The type converter to be used */ void doBind(Object target, MutablePropertyValues source, TypeConverter typeConverter); }
BindEventListener
is disabled by default. To enable support assign a value of true
to the grails.databinding.enableSpringEventAdapter
property in grails-app/conf/application.groovy
.// grails-app/conf/application.groovy
grails.databinding.enableSpringEventAdapter=true...
enableSpringEventAdapter
set to true
instances of BindEventListener
which are in the Spring application context will automatically be registered with the data binder. Notice that the MutablePropertyValues
and TypeConverter
arguments to the doBind
method in BindEventListener
are Spring specific classes and are not relevant to the current data binder. The event adapter will pass null
values for those arguments. The only real value passed into the doBind
method will be the object being bound to. This limited support is provided for backward compatibility and will be useful for a subset of scenarios. Developers are encouraged to migrate their BindEventListener
beans to the newer DataBindingListener
model.Using The Data Binder Directly
There are situations where an application may want to use the data binder directly. For example, to do binding in a Service on some arbitrary object which is not a domain class. The following will not work because theproperties
property is read only.// src/groovy/bindingdemo/Widget.groovy package bindingdemoclass Widget { String name Integer size }
// grails-app/services/bindingdemo/WidgetService.groovy package bindingdemoclass WidgetService { def updateWidget(Widget widget, Map data) { // this will throw an exception because // properties is read-only widget.properties = data } }
grailsWebDataBinder
. That bean implements the DataBinder interface. The following code demonstrates using the data binder directly.// grails-app/services/bindingdmeo/WidgetService package bindingdemoimport org.grails.databinding.SimpleMapDataBindingSourceclass WidgetService { // this bean will be autowired into the service def grailsWebDataBinder def updateWidget(Widget widget, Map data) { grailsWebDataBinder.bind widget, data as SimpleMapDataBindingSource }}
bind
method.Data Binding and Security Concerns
When batch updating properties from request parameters you need to be careful not to allow clients to bind malicious data to domain classes and be persisted in the database. You can limit what properties are bound to a given domain class using the subscript operator:def p = Person.get(1)p.properties['firstName','lastName'] = params
firstName
and lastName
properties will be bound.Another way to do this is is to use Command Objects as the target of data binding instead of domain classes. Alternatively there is also the flexible bindData method.The bindData
method allows the same data binding capability, but to arbitrary objects:def p = new Person()
bindData(p, params)
bindData
method also lets you exclude certain parameters that you don't want updated:def p = new Person()
bindData(p, params, [exclude: 'dateOfBirth'])
def p = new Person()
bindData(p, params, [include: ['firstName', 'lastName']])
Note that if an empty List is provided as a value for the include
parameter then all fields will be subject to binding if they are not explicitly excluded.
The bindable constraint can be used to globally prevent data binding for certain properties.
8.1.6 XML and JSON Responses
Using the render method to output XML
Grails supports a few different ways to produce XML and JSON responses. The first is the render method.Therender
method can be passed a block of code to do mark-up building in XML:def list() { def results = Book.list() render(contentType: "text/xml") { books { for (b in results) { book(title: b.title) } } } }
<books> <book title="The Stand" /> <book title="The Shining" /> </books>
def list() { def books = Book.list() // naming conflict here render(contentType: "text/xml") { books { for (b in results) { book(title: b.title) } } } }
books
which Groovy attempts to invoke as a method.Using the render method to output JSON
Therender
method can also be used to output JSON:def list() { def results = Book.list() render(contentType: "application/json") { books = array { for (b in results) { book title: b.title } } } }
[ {"title":"The Stand"}, {"title":"The Shining"} ]
Automatic XML Marshalling
Grails also supports automatic marshalling of domain classes to XML using special converters.To start off with, import thegrails.converters
package into your controller:import grails.converters.*
render Book.list() as XML
<?xml version="1.0" encoding="ISO-8859-1"?> <list> <book id="1"> <author>Stephen King</author> <title>The Stand</title> </book> <book id="2"> <author>Stephen King</author> <title>The Shining</title> </book> </list>
Automatic JSON Marshalling
Grails also supports automatic marshalling to JSON using the same mechanism. Simply substituteXML
with JSON
:render Book.list() as JSON
[ {"id":1, "class":"Book", "author":"Stephen King", "title":"The Stand"}, {"id":2, "class":"Book", "author":"Stephen King", "releaseDate":new Date(1194127343161), "title":"The Shining"} ]
8.1.7 More on JSONBuilder
The previous section on on XML and JSON responses covered simplistic examples of rendering XML and JSON responses. Whilst the XML builder used by Grails is the standard XmlSlurper found in Groovy, the JSON builder is a custom implementation specific to Grails.JSONBuilder and Grails versions
JSONBuilder behaves different depending on the version of Grails you use. For version below 1.2 the deprecated grails.web.JSONBuilder class is used. This section covers the usage of the Grails 1.2 JSONBuilderFor backwards compatibility the oldJSONBuilder
class is used with the render
method for older applications; to use the newer/better JSONBuilder
class set the following in application.groovy
:grails.json.legacy.builder = false
Rendering Simple Objects
To render a simple JSON object just set properties within the context of the Closure:render(contentType: "application/json") { hello = "world" }
{"hello":"world"}
Rendering JSON Arrays
To render a list of objects simple assign a list:render(contentType: "application/json") {
categories = ['a', 'b', 'c']
}
{"categories":["a","b","c"]}
render(contentType: "application/json") { categories = [ { a = "A" }, { b = "B" } ] }
{"categories":[ {"a":"A"} , {"b":"B"}] }
element
method to return a list as the root:render(contentType: "application/json") {
element 1
element 2
element 3
}
[1,2,3]
Rendering Complex Objects
Rendering complex objects can be done with Closures. For example:render(contentType: "application/json") { categories = ['a', 'b', 'c'] title = "Hello JSON" information = { pages = 10 } }
{"categories":["a","b","c"],"title":"Hello JSON","information":{"pages":10}}
Arrays of Complex Objects
As mentioned previously you can nest complex objects within arrays using Closures:render(contentType: "application/json") { categories = [ { a = "A" }, { b = "B" } ] }
array
method to build them up dynamically:def results = Book.list() render(contentType: "application/json") { books = array { for (b in results) { book title: b.title } } }
Direct JSONBuilder API Access
If you don't have access to therender
method, but still want to produce JSON you can use the API directly:def builder = new JSONBuilder()def result = builder.build { categories = ['a', 'b', 'c'] title = "Hello JSON" information = { pages = 10 } }// prints the JSON text println result.toString()def sw = new StringWriter() result.render sw
8.1.8 Uploading Files
Programmatic File Uploads
Grails supports file uploads using Spring's MultipartHttpServletRequest interface. The first step for file uploading is to create a multipart form like this:Upload Form: <br /> <g:uploadForm action="upload"> <input type="file" name="myFile" /> <input type="submit" /> </g:uploadForm>
uploadForm
tag conveniently adds the enctype="multipart/form-data"
attribute to the standard <g:form>
tag.There are then a number of ways to handle the file upload. One is to work with the Spring MultipartFile instance directly:def upload() { def f = request.getFile('myFile') if (f.empty) { flash.message = 'file cannot be empty' render(view: 'uploadForm') return } f.transferTo(new File('/some/local/dir/myfile.txt')) response.sendError(200, 'Done') }
InputStream
and so on with the MultipartFile interface.File Uploads through Data Binding
File uploads can also be performed using data binding. Consider thisImage
domain class:class Image { byte[] myFile static constraints = { // Limit upload file size to 2MB myFile maxSize: 1024 * 1024 * 2 } }
params
object in the constructor as in the example below, Grails will automatically bind the file's contents as a byte
to the myFile
property:def img = new Image(params)
byte
properties.It is also possible to set the contents of the file as a string by changing the type of the myFile
property on the image to a String type:class Image {
String myFile
}
8.1.9 Command Objects
Grails controllers support the concept of command objects. A command object is a class that is used in conjunction with data binding, usually to allow validation of data that may not fit into an existing domain class.Note: A class is only considered to be a command object when it is used as a parameter of an action.
Declaring Command Objects
Command object classes are defined just like any other class.class LoginCommand implements grails.validation.Validateable { String username String password static constraints = { username(blank: false, minSize: 6) password(blank: false, minSize: 6) } }
Validateable
trait. The Validateable
trait allows the definition of constraints just like in domain classes. If the command object is defined in the same source file as the controller that is using it, Grails will automatically make it Validateable
. It is not required that command object classes be validateable.By default, all Validateable
object properties are nullable: false
which matches the behavior of GORM domain objects. If you want a Validateable
that has nullable: true
properties by default, you can specify this by defining a defaultNullable
method in the class:class AuthorSearchCommand implements grails.validation.Validateable { String name Integer age static boolean defaultNullable() { true } }
name
and age
will allow null values during validation.Using Command Objects
To use command objects, controller actions may optionally specify any number of command object parameters. The parameter types must be supplied so that Grails knows what objects to create and initialize.Before the controller action is executed Grails will automatically create an instance of the command object class and populate its properties by binding the request parameters. If the command object class is marked withValidateable
then the command object will be validated. For example:class LoginController { def login(LoginCommand cmd) { if (cmd.hasErrors()) { redirect(action: 'loginForm') return } // work with the command object data } }
id
request parameter then instead of invoking the domain class constructor to create a new instance a call will be made to the static get
method on the domain class and the value of the id
parameter will be passed as an argument. Whatever is returned from that call to get
is what will be passed into the controller action. This means that if there is an id
request parameter and no corresponding record is found in the database then the value of the command object will be null
. If an error occurs retrieving the instance from the database then null
will be passed as an argument to the controller action and an error will be added the controller's errors
property. If the command object's type is a domain class and there is no id
request parameter or there is an id
request parameter and its value is empty then null
will be passed into the controller action unless the HTTP request method is "POST", in which case a new instance of the domain class will be created by invoking the domain class constructor. For all of the cases where the domain class instance is non-null, data binding is only performed if the HTTP request method is "POST", "PUT" or "PATCH".Command Objects And Request Parameter Names
Normally request parameter names will be mapped directly to property names in the command object. Nested parameter names may be used to bind down the object graph in an intuitive way. In the example below a request parameter namedname
will be bound to the name
property of the Person
instance and a request parameter named address.city
will be bound to the city
property of the address
property in the Person
.class StoreController { def buy(Person buyer) { // … } }class Person { String name Address address }class Address { String city }
class StoreController { def buy(Person buyer, Product product) { // … } }class Person { String name Address address }class Address { String city }class Product { String name }
name
it isn't clear if that should represent the name of the Product
or the name of the Person
. Another version of the problem can come up if a controller action accepts 2 command objects of the same type as shown below.class StoreController { def buy(Person buyer, Person seller, Product product) { // … } }class Person { String name Address address }class Address { String city }class Product { String name }
product.name
request parameter will be bound to the name
property in the product
argument, the buyer.name
request parameter will be bound to the name
property in the buyer
argument the seller.address.city
request parameter will be bound to the city
property of the address
property of the seller
argument, etc...Command Objects and Dependency Injection
Command objects can participate in dependency injection. This is useful if your command object has some custom validation logic which uses a Grails service:class LoginCommand implements grails.validation.Validateable { def loginService String username String password static constraints = { username validator: { val, obj -> obj.loginService.canLogin(obj.username, obj.password) } } }
loginService
bean which is injected by name from the Spring ApplicationContext
.Binding The Request Body To Command Objects
When a request is made to a controller action which accepts a command object and the request contains a body, Grails will attempt to parse the body of the request based on the request content type and use the body to do data binding on the command object. See the following example.// grails-app/controllers/bindingdemo/DemoController.groovy package bindingdemoclass DemoController { def createWidget(Widget w) { render "Name: ${w?.name}, Size: ${w?.size}" } }class Widget { String name Integer size }
$ curl -H "Content-Type: application/json" -d '{"name":"Some Widget","size":"42"}' localhost:8080/demo/createWidget Name: Some Widget, Size: 42 ~ $ $ curl -H "Content-Type: application/xml" -d '<widget><name>Some Other Widget</name><size>2112</size></widget>' localhost:8080/bodybind/demo/createWidget Name: Some Other Widget, Size: 2112 ~ $
// grails-app/controllers/bindingdemo/DemoController.groovy package bindingdemoclass DemoController { def createWidget(Widget w) { // this will fail because it requires reading the body, // which has already been read. def json = request.JSON // ... } }
8.1.10 Handling Duplicate Form Submissions
Grails has built-in support for handling duplicate form submissions using the "Synchronizer Token Pattern". To get started you define a token on the form tag:<g:form useToken="true" ...>
withForm { // good request }.invalidToken { // bad request }
invalidToken
method then by default Grails will store the invalid token in a flash.invalidToken
variable and redirect the request back to the original page. This can then be checked in the view:<g:if test="${flash.invalidToken}"> Don't click the button twice! </g:if>
The withForm tag makes use of the session and hence requires session affinity or clustered sessions if used in a cluster.
8.1.11 Simple Type Converters
Type Conversion Methods
If you prefer to avoid the overhead of Data Binding and simply want to convert incoming parameters (typically Strings) into another more appropriate type the params object has a number of convenience methods for each type:def total = params.int('total')
int
method, and there are also methods for boolean
, long
, char
, short
and so on. Each of these methods is null-safe and safe from any parsing errors, so you don't have to perform any additional checks on the parameters.Each of the conversion methods allows a default value to be passed as an optional second argument. The default value will be returned if a corresponding entry cannot be found in the map or if an error occurs during the conversion. Example:def total = params.int('total', 42)
attrs
parameter of GSP tags.Handling Multi Parameters
A common use case is dealing with multiple request parameters of the same name. For example you could get a query string such as?name=Bob&name=Judy
.In this case dealing with one parameter and dealing with many has different semantics since Groovy's iteration mechanics for String
iterate over each character. To avoid this problem the params object provides a list
method that always returns a list:for (name in params.list('name')) {
println name
}
8.1.12 Declarative Controller Exception Handling
Grails controllers support a simple mechanism for declarative exception handling. If a controller declares a method that accepts a single argument and the argument type isjava.lang.Exception
or some subclass of java.lang.Exception
, that method will be invoked any time an action in that controller throws an exception of that type. See the following example.// grails-app/controllers/demo/DemoController.groovy package democlass DemoController { def someAction() { // do some work } def handleSQLException(SQLException e) { render 'A SQLException Was Handled' } def handleBatchUpdateException(BatchUpdateException e) { redirect controller: 'logging', action: 'batchProblem' } def handleNumberFormatException(NumberFormatException nfe) { [problemDescription: 'A Number Was Invalid'] } }
// grails-app/controllers/demo/DemoController.groovy package democlass DemoController { def someAction() { try { // do some work } catch (BatchUpdateException e) { return handleBatchUpdateException(e) } catch (SQLException e) { return handleSQLException(e) } catch (NumberFormatException e) { return handleNumberFormatException(e) } } def handleSQLException(SQLException e) { render 'A SQLException Was Handled' } def handleBatchUpdateException(BatchUpdateException e) { redirect controller: 'logging', action: 'batchProblem' } def handleNumberFormatException(NumberFormatException nfe) { [problemDescription: 'A Number Was Invalid'] } }
Exception
argument type is the important part.The exception handler methods can do anything that a controller action can do including invoking render
, redirect
, returning a model, etc.One way to share exception handler methods across multiple controllers is to use inheritance. Exception handler methods are inherited into subclasses so an application could define the exception handlers in an abstract class that multiple controllers extend from. Another way to share exception handler methods across multiple controllers is to use a trait, as shown below...// src/groovy/com/demo/DatabaseExceptionHandler.groovy
package com.demotrait DatabaseExceptionHandler {
def handleSQLException(SQLException e) {
// handle SQLException
} def handleBatchUpdateException(BatchUpdateException e) {
// handle BatchUpdateException
}
}
// grails-app/controllers/com/demo/DemoController.groovy package com.democlass DemoController implements DatabaseExceptionHandler { // all of the exception handler methods defined // in DatabaseExceptionHandler will be added to // this class at compile time }