Feature Request: Strong Parameters Support #11611
Description
This is a feature request for a feature that actually exists in Ruby on Rails so I do not take full credit for it by any means but I think it is a great feature that every framework should have.
Currently in a grails controller there is the params variable of type GrailsParameterMap (potentially typo).
This Parameter Map should have a property on it isStrong() setStrong().
This property should default to false but DataBindingUtils should set it to true when binding it over into a Grails GORM Class.
A new setting in config should be made to requireStrongParameters=true. If this is set to true and a user does something like
new Book(params) It should throw a StrongParametersRequiredException. This can help ensure someone doesn't send invalid parameter maps into a Book..
Some people may say to use CommandObjects for this but this is heavy, not free unlike some of the guides provided by OCI especially in large projects because of ReflectionOverhead from Spring. It's also, most of the time, a hassle. By providing this default security mechanism we can help save developers from making security holes in their projects.