Consider Using Immutable Objects
In an enterprise application, JSP pages are typically used only to render the response and should not be allowed to modify business objects maintained by other parts of the application. To ensure that a page author doesn’t break this contract—by mistake or intentionally—you should consider passing only immutable objects to the JSP page.
An object is immutable if it doesn’t expose direct access to its variables and doesn’t provide methods that modify its internal state. Make all variables private and do not implement mutator methods—i.e., methods used to change the property values. If the business logic needs to modify the object before passing it to the JSP page, make the mutator methods package-private or wrap the object in a read-only wrapper before you pass it to the JSP page, as shown here:
public class MutableBean {
private String name;
private BigDecimal price;
. . .
public void setName(String name) {this.name = name;}
public String getName( ) {return name;}
public void setPrice(BigDecimal price) {this.price = price;}
public BigDecimal getPrice( ) {return price;}
. . .
}
public final class ReadOnlyWrapper {
private MutableBean bean;
public ReadOnlyWrapper(MutableBean bean) {this.bean = bean;}
public String getName( ) {return bean.getName( );}
public BigDecimal getPrice( ) {return bean.getPrice( );}
. . .
}If the object’s variables hold references to mutable objects that must be exposed through public methods, return a copy of the object or an ...