Class InaccessibleWidgetBlockService

  extended by
All Implemented Interfaces:, AuService

public class InaccessibleWidgetBlockService
extends java.lang.Object
implements AuService,

Inaccessible Widget Block Service (IWBS) used to block the request sent by an inaccessible widget (at the client).

Available in ZK EE

IWBS is designed to protect your application from attack. For example, an invisible button is easy to access by using, say, Firebug.

To register this server, you can either invoke Desktop.addListener(java.lang.Object) manually, or specify the following in WEB-INF/zk.xml


This implementation considers a widget as inaccessible if it is invisible (Component.isVisible()). If you want to block only certain events, you can specify a library property called with a list of the event names to block (separated with comma). For example, if want to block only onClick, onChange, and onSelect, you can specify the following in WEB-INF/zk.xml:


In additions, you can override service(, boolean) to provide more accurate and versatile blocking. For example, if you want to block all events except onOpen:

public boolean service(AuRequest request, boolean everError) {
  return super.service(request, everError)
  && !"onOpen".equals(request.getCommand());

See Also:
Serialized Form

Nested Class Summary
static class InaccessibleWidgetBlockService.DesktopInit
          The initial listener used to register in WEB-INF/zk.xml
Constructor Summary
Method Summary
 boolean service(AuRequest request, boolean everError)
          Handles an AU request.
protected static boolean shallBlockPerComponent(AuRequest request)
          The default blocking policy.
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail


public InaccessibleWidgetBlockService()
Method Detail


public boolean service(AuRequest request,
                       boolean everError)
Description copied from interface: AuService
Handles an AU request.

Specified by:
service in interface AuService
request - the request sent from the client.
everError - whether any error ever occurred before processing this request.
whether the request has been processed. If false is returned, the default process (handled by the component) will take place.


protected static boolean shallBlockPerComponent(AuRequest request)
The default blocking policy.

Copyright © 2005-2011 Potix Corporation. All Rights Reserved. Logo