org.zkoss.zkmax.au
Class InaccessibleWidgetBlockService

java.lang.Object
  extended by org.zkoss.zkmax.au.InaccessibleWidgetBlockService
All Implemented Interfaces:
java.io.Serializable, AuService

public class InaccessibleWidgetBlockService
extends java.lang.Object
implements AuService, java.io.Serializable

Inaccessible Widget Block Service (IWBS) used to block the request sent by an inaccessible widget (at the client).

Available in ZK EE

IWBS is designed to protect your application from attack. For example, an invisible button is easy to access by using, say, Firebug.

To register this server, you can either invoke Desktop.addListener(java.lang.Object) manually, or specify the following in WEB-INF/zk.xml

<listener>
  <listener-class>org.zkoss.zkmax.au.InaccessibleWidgetBlockService$DesktopInit</listener-class>
</listener>

This implementation considers a widget as inaccessible if it is invisible (Component.isVisible()). If you want to block only certain events, you can specify a library property called org.zkoss.zkmax.au.IWBS.events with a list of the event names to block (separated with comma). For example, if want to block only onClick, onChange, and onSelect, you can specify the following in WEB-INF/zk.xml:

<library-property>
  <name>org.zkoss.zkmax.au.IWBS.events</name>
  <value>onClick,onChange,onSelect</value>
</library-property>

In additions, you can override service(org.zkoss.zk.au.AuRequest, boolean) to provide more accurate and versatile blocking. For example, if you want to block all events except onOpen:

public boolean service(AuRequest request, boolean everError) {
  return super.service(request, everError)
  && !"onOpen".equals(request.getCommand());
}

Since:
5.0.0
Author:
tomyeh
See Also:
Serialized Form

Nested Class Summary
static class InaccessibleWidgetBlockService.DesktopInit
          The initial listener used to register in WEB-INF/zk.xml
 
Constructor Summary
InaccessibleWidgetBlockService()
           
 
Method Summary
 boolean service(AuRequest request, boolean everError)
          Handles an AU request.
protected static boolean shallBlockPerComponent(AuRequest request)
          The default blocking policy.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

InaccessibleWidgetBlockService

public InaccessibleWidgetBlockService()
Method Detail

service

public boolean service(AuRequest request,
                       boolean everError)
Description copied from interface: AuService
Handles an AU request.

Specified by:
service in interface AuService
Parameters:
request - the request sent from the client.
everError - whether any error ever occurred before processing this request.
Returns:
whether the request has been processed. If false is returned, the default process (handled by the component) will take place.

shallBlockPerComponent

protected static boolean shallBlockPerComponent(AuRequest request)
The default blocking policy.



Copyright © 2005-2011 Potix Corporation. All Rights Reserved. SourceForge.net Logo