在没有Grails的普通Spring MVC中使用GSP视图 [英] Using GSP views in plain Spring MVC without Grails

问题描述

我想在普通的旧式Spring MVC应用程序中使用GSP视图而不是JSP / JSTL视图。我已经添加了一个groovy.servlet.TemplateServlet到web.xml中，如下所示：

 < servlet> 
< servlet-name> GroovyTemplate< / servlet-name> 
< servlet-class> groovy.servlet.TemplateServlet< / servlet-class> 
< init-param> 
< param-name> template.engine< / param-name> 
< param-value> groovy.text.GStringTemplateEngine< / param-value> 
< / init-param> 
< / servlet> 
< servlet-mapping> 
< servlet-name> GroovyTemplate< / servlet-name> 
< url-pattern> *。gsp< / url-pattern> 
< / servlet-mapping> 
  

然后设置一个Spring InternalResourceViewResolver加载GPS文件。为了使这一切都工作正常，但为了将模型中的值暴露给模板，我必须做一些技巧（将TemplateServlet继承并将它们添加到ServletBinding中）。

现在我的下一个障碍是JSTL在使用c：out标签时默认会转义XML，而Grails具有编解码器的概念来自动转义GSP中使用的值。上述模板方法默认情况下不会转义，这要求开发人员非常小心地避免XSS漏洞。

是否有另一种更好的方式来使用GSP，包括在不使用Grails的情况下在一个普通的Spring MVC应用程序中自动转义？

解决方案今天，Spring Boot的GSP刚刚发布。这提供了在常规Spring Web应用程序中使用GSP而不是JSP的功能。你可以在这里看到一个例子： https://github.com/grails/grails-boot/blob/master/sample-apps/gsp/script/templates/index.gsp

I would like to use GSP views instead of JSP/JSTL views in a plain old Spring MVC application. I have added a groovy.servlet.TemplateServlet to web.xml like this:

<servlet>
    <servlet-name>GroovyTemplate</servlet-name>
    <servlet-class>groovy.servlet.TemplateServlet</servlet-class>
    <init-param>
            <param-name>template.engine</param-name>
            <param-value>groovy.text.GStringTemplateEngine</param-value>
    </init-param>
</servlet>
<servlet-mapping>
    <servlet-name>GroovyTemplate</servlet-name>
    <url-pattern>*.gsp</url-pattern>
</servlet-mapping>

And setup a Spring InternalResourceViewResolver to load the GPS files. Upto this point it all works fine, but to expose the values in the Model to the template I had to do some tricks (subclassing TemplateServlet and adding them to the ServletBinding).

Now my next obstacle is that JSTL by default escapes XML when using the c:out tag and Grails has the notion of codecs to automatically escape values used in a GSP. The template method described above does not escape by default, which requires the developers to be very careful to avoid XSS vulnerabilities.

Is there another (better) way to use GSP including automatic escaping in a plain Spring MVC application without using Grails?

解决方案

Today GSP for Spring Boot was just released. This provides the ability to use GSP instead of JSP in a regular Spring web application. You can see an example here: https://github.com/grails/grails-boot/blob/master/sample-apps/gsp/script/templates/index.gsp

这篇关于在没有Grails的普通Spring MVC中使用GSP视图的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！