Block Request for Inaccessible Widgets"
Maya001122 (talk | contribs) m (Created page with '{{ZKDevelopersGuidePageHeader}} Inaccessible widgets (such as disabled or invisible) can be accessed easily with a debugging tool running at the browser. For example, a hostile …') |
m (correct highlight (via JWB)) |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 8: | Line 8: | ||
</source> | </source> | ||
| − | === Block with < | + | === Block with <code>InaccessibleWidgetBlockService</code> === |
[since 5.0.0] | [since 5.0.0] | ||
[Enterprise Edition] | [Enterprise Edition] | ||
| − | If you want to block request for inaccessible widgets for the whole application or for a particular desktop, you can implement the org.zkoss.zk.au.AuService interface to filter out unwanted requests. ZK Enterprise Edition has provided a simple blocked called <javadoc>org.zkoss. | + | If you want to block request for inaccessible widgets for the whole application or for a particular desktop, you can implement the org.zkoss.zk.au.AuService interface to filter out unwanted requests. ZK Enterprise Edition has provided a simple blocked called <javadoc>org.zkoss.zkmax.au.InaccessibleWidgetBlockService</javadoc>. To apply it to the whole application, just specify the following in <code>WEB-INF/zk.xml</code> as follows. |
<source lang="xml"> | <source lang="xml"> | ||
| Line 20: | Line 20: | ||
</source> | </source> | ||
| − | Then, each time a desktop is created, an instance of < | + | Then, each time a desktop is created, an instance of <code>InaccessibleWidgetBlockService</code> is added to the desktop to block the requests from the inaccessible widgets. |
| − | In many cases, you just want to block particular events, not all events. For example, you want to receive < | + | In many cases, you just want to block particular events, not all events. For example, you want to receive <code>onOpen</code> when a <code>menupopup</code> is going to show up. Then, you can specify a library property called <javadoc>org.zkoss.zk.au.IWBS.events</javadoc> to control the behavior of <javadoc>InaccessibleWidgetBlockService</javadoc>. For example, |
<source lang="xml"> | <source lang="xml"> | ||
| Line 33: | Line 33: | ||
=== Implement Your Own Block === | === Implement Your Own Block === | ||
| − | The implementation of < | + | The implementation of <code>AuService</code> is straightforward. For example, the following example blocks only <code>button</code> and <code>onClick</code>: |
<source lang="java"> | <source lang="java"> | ||
Latest revision as of 10:35, 19 January 2022
This documentation is for an older version of ZK. For the latest one, please click here.
Inaccessible widgets (such as disabled or invisible) can be accessed easily with a debugging tool running at the browser. For example, a hostile user can make an invisible button visible and then click on it to trigger unexpected actions. Thus, it is recommended not to create a widget if it is not supposedly accessible. For example, the first statement is safer than the second one in the following example:
<button unless="${accessible}"/>
<button visible="${accessible}"/>
Block with InaccessibleWidgetBlockService
[since 5.0.0] [Enterprise Edition]
If you want to block request for inaccessible widgets for the whole application or for a particular desktop, you can implement the org.zkoss.zk.au.AuService interface to filter out unwanted requests. ZK Enterprise Edition has provided a simple blocked called InaccessibleWidgetBlockService. To apply it to the whole application, just specify the following in WEB-INF/zk.xml as follows.
<listener>
<listener-class>org.zkoss.zkmax.au.InaccessibleWidgetBlockService$DesktopInit</listener-class>
</listener>
Then, each time a desktop is created, an instance of InaccessibleWidgetBlockService is added to the desktop to block the requests from the inaccessible widgets.
In many cases, you just want to block particular events, not all events. For example, you want to receive onOpen when a menupopup is going to show up. Then, you can specify a library property called IWBS.events to control the behavior of InaccessibleWidgetBlockService. For example,
<library-property>
<name>org.zkoss.zkmax.au.IWBS.events</name>
<value>onClick,onChange,onSelect</value>
</library-property>
Implement Your Own Block
The implementation of AuService is straightforward. For example, the following example blocks only button and onClick:
public class MyBlockService implements org.zkoss.zk.au.AuService {
public boolean service(AuRequest request, boolean everError) {
final Component comp = request.getComponent();
return (comp instanceof Button) && "onClick".equals(request.getCommand());
//true means block
}
}