Reputation: 475
Using GSP views in plain Spring MVC without Grails
I would like to use GSP views instead of JSP/JSTL views in a plain old Spring MVC application. I have added a groovy.servlet.TemplateServlet to web.xml like this:
<servlet>
<servlet-name>GroovyTemplate</servlet-name>
<servlet-class>groovy.servlet.TemplateServlet</servlet-class>
<init-param>
<param-name>template.engine</param-name>
<param-value>groovy.text.GStringTemplateEngine</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>GroovyTemplate</servlet-name>
<url-pattern>*.gsp</url-pattern>
</servlet-mapping>
And setup a Spring InternalResourceViewResolver to load the GPS files. Upto this point it all works fine, but to expose the values in the Model to the template I had to do some tricks (subclassing TemplateServlet and adding them to the ServletBinding).
Now my next obstacle is that JSTL by default escapes XML when using the c:out tag and Grails has the notion of codecs to automatically escape values used in a GSP. The template method described above does not escape by default, which requires the developers to be very careful to avoid XSS vulnerabilities.
Is there another (better) way to use GSP including automatic escaping in a plain Spring MVC application without using Grails?
Upvotes: 9
Views: 4590
Answers (3)
Reputation: 4126
We have extracted GSP from Grails, customized it for Spring MVC applications and improved configuration support. Please see our tool Rabbtor. We don't provide it open source, but usage is free of charge and we have been using it in our own applications. GSP for Spring Boot depends on Spring boot, it is not maintained and some tag libraries depend on Grails. We removed these dependencies, created our own custom tag libraries which better suit Spring MVC apps.Most tag libraries are supported and have similar implemantations to Spring JSP tags.A data-bound form tag library is provided and also you can register your tag libs or packages.
Upvotes: 0
Reputation: 21483
Today GSP for Spring Boot was just released. This provides the ability to use GSP instead of JSP in a regular Spring web application. You can see an example here: https://github.com/grails/grails-boot/blob/master/sample-apps/gsp/script/templates/index.gsp
Upvotes: 1
Reputation: 2193
Instead of using a TemplateServlet, you could have also used a GroovyPagesServlet for that purpose (I haven't tested that, just looked at Grails' web.xml and the class' code).
The latter requires a Spring bean to be setup, named groovyPagesTemplateEngine, and typed GroovyPagesTemplateEngine (GStringTemplateEngine in this case).
Configuring the view layer with an InternalResourceViewResolver is correct. You'll have assigned a GroovyPageView.
GSPs, by default, are not configured to perform HTML output escaping. To configure that, change grails.views.default.codec from none to html in Config.groovy. See this article for more information.
Upvotes: 0
Related Questions
- GSP rendering programmatically
- Is it possible to work with GSP (groovy server pages) without the whole grails stuff?
- How can i respond to the same gsp view from the controller?
- Grails not finding view for controller
- Access Spring beans in GSP without controller
- Grails WAR not displaying views
- Using one views gsp in another views gsp
- GSP vs. Controller in Grails
- MVC in Groovy/Grails
- Grails, finding available views (.gsp's) at runtime