Form.java

hlship Wed, 20 Oct 2010 16:46:12 -0700

Author: hlship
Date: Wed Oct 20 23:45:11 2010
New Revision: 1025791

URL: http://svn.apache.org/viewvc?rev=1025791&view=rev
Log:
TAP5-874: Form component should be able to render a secure URL even on an 
insecure page


Modified:
    
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java

Modified: 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java
URL: 
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java?rev=1025791&r1=1025790&r2=1025791&view=diff
==============================================================================
--- 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java
 (original)
+++ 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java
 Wed Oct 20 23:45:11 2010
@@ -191,6 +191,16 @@ public class Form implements ClientEleme
     private String zone;
 
     /**
+     * If true, then the Form's action will be secure (using an absolute URL 
with the HTTPs scheme) regardless
+     * of whether the containing page itself is secure or not. This parameter 
does nothing
+     * when {...@linkplain SymbolConstants#SECURE_ENABLED security is 
disabled} (which is often
+     * the case in development mode). This only affects how the Form's action 
attribute is rendered, there is
+     * not (currently) a check that the form is actually submitted securely.
+     */
+    @Parameter
+    private boolean secure;
+
+    /**
      * Prefix value used when searching for validation messages and 
constraints.
      * The default is the Form component's
      * id. This is overridden by {...@link 
org.apache.tapestry5.corelib.components.BeanEditForm}.
@@ -238,6 +248,10 @@ public class Form implements ClientEleme
     @Persist(PersistenceConstants.FLASH)
     private ValidationTracker defaultTracker;
 
+    @Inject
+    @Symbol(SymbolConstants.SECURE_ENABLED)
+    private boolean secureEnabled;
+
     private InternalFormSupport formSupport;
 
     private Element form;
@@ -354,6 +368,8 @@ public class Form implements ClientEleme
     {
         Link link = resources.createFormEventLink(EventConstants.ACTION, 
context);
 
+        String actionURL = secure && secureEnabled ? link.toAbsoluteURI(true) 
: link.toURI();
+
         actionSink = new ComponentActionSink(logger, clientDataEncoder);
 
         clientId = javascriptSupport.allocateClientId(resources);
@@ -394,7 +410,7 @@ public class Form implements ClientEleme
         // Save the form element for later, in case we want to write an 
encoding
         // type attribute.
 
-        form = writer.element("form", "id", clientId, "method", "post", 
"action", link);
+        form = writer.element("form", "id", clientId, "method", "post", 
"action", actionURL);
 
         if ((zone != null || clientValidation) && !request.isXHR())
             writer.attributes("onsubmit", MarkupConstants.WAIT_FOR_PAGE);

svn commit: r1025791 - /tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java

Reply via email to