|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.zkoss.zkmax.au.InaccessibleWidgetBlockService
public class InaccessibleWidgetBlockService
Inaccessible Widget Block Service (IWBS) used to block the request sent by an inaccessible widget (at the client).
Available in ZK EE
IWBS is designed to protect your application from attack. For example, an invisible button is easy to access by using, say, Firebug.
To register this server, you can either invoke Desktop.addListener(java.lang.Object)
manually, or specify the following in WEB-INF/zk.xml
<listener>
<listener-class>org.zkoss.zkmax.au.InaccessibleWidgetBlockService$DesktopInit</listener-class>
</listener>
This implementation considers a widget as inaccessible if
it is invisible (Component.isVisible()
).
If you want to block only certain events, you can specify a library
property called org.zkoss.zkmax.au.IWBS.events
with a list
of the event names to block (separated with comma).
For example, if want to block only onClick, onChange, and onSelect, you
can specify the following in WEB-INF/zk.xml:
<library-property>
<name>org.zkoss.zkmax.au.IWBS.events</name>
<value>onClick,onChange,onSelect</value>
</library-property>
In additions, you can override service(org.zkoss.zk.au.AuRequest, boolean)
to provide more
accurate and versatile blocking.
For example, if you want to block all events except onOpen
:
public boolean service(AuRequest request, boolean everError) {
return super.service(request, everError)
&& !"onOpen".equals(request.getCommand());
}
Nested Class Summary | |
---|---|
static class |
InaccessibleWidgetBlockService.DesktopInit
The initial listener used to register in WEB-INF/zk.xml |
Constructor Summary | |
---|---|
InaccessibleWidgetBlockService()
|
Method Summary | |
---|---|
boolean |
service(AuRequest request,
boolean everError)
Handles an AU request. |
protected static boolean |
shallBlockPerComponent(AuRequest request)
The default blocking policy. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public InaccessibleWidgetBlockService()
Method Detail |
---|
public boolean service(AuRequest request, boolean everError)
AuService
service
in interface AuService
request
- the request sent from the client.everError
- whether any error ever occurred before
processing this request.
protected static boolean shallBlockPerComponent(AuRequest request)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |