Author: ivaynberg
Date: Fri Oct 21 05:33:34 2011
New Revision: 1187184
URL: http://svn.apache.org/viewvc?rev=1187184&view=rev
Log:
Issue: WICKET-4149
Modified:
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/RequestListenerInterface.java
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/image/Image.java
Modified:
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java?rev=1187184&r1=1187183&r2=1187184&view=diff
==============================================================================
--- wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java
(original)
+++ wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java Fri
Oct 21 05:33:34 2011
@@ -17,6 +17,7 @@
package org.apache.wicket;
import java.io.Serializable;
+import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -4336,9 +4337,30 @@ public abstract class Component
}
- /** TODO WICKET-NG javadoc */
+ /**
+ * TODO WICKET-NG javadoc
+ *
+ * @deprecated use {@link #canCallListenerInterface(Method)} instead
+ */
+ @Deprecated
public final boolean canCallListenerInterface()
{
+ return true;
+ }
+
+ /**
+ * Checks whether or not a listener method can be invoked on this
component. Usually components deny these invocations if they are either
invisible or disabled in hierarchy. Components can examine which listener
interface is being invoked by examining the declaring class of the passed in
{@literal method} parameter.
+ * <p>
+ * WARNING: be careful when overriding this method because it may open
security holes - such as allowing a user to click on a link that should be
disabled.
+ * </p>
+ * <p>
+ * Example usecase for overriding: Suppose you are building an
component that displays images. The component generates a callback to itself
using {@link IRequestListener} interface and uses this callback to stream image
data. If such a component is placed inside a disable webmarkupcontainer we
still want to allow the invocation of the request listener callback method so
that image data can be streamed. Such a component would override this method
and return {@literal true} if the listener method belongs to {@link
IRequestListener}.
+ * </p>
+ * @param method listener method about to be invoked on this component
+ *
+ * @return {@literal true} iff the listener method can be invoked on
this component
+ */
+ public boolean canCallListenerInterface(Method method) {
return isEnabledInHierarchy() && isVisibleInHierarchy();
}
Modified:
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/RequestListenerInterface.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/RequestListenerInterface.java?rev=1187184&r1=1187183&r2=1187184&view=diff
==============================================================================
---
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/RequestListenerInterface.java
(original)
+++
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/RequestListenerInterface.java
Fri Oct 21 05:33:34 2011
@@ -204,7 +204,7 @@ public class RequestListenerInterface
// we are in Wicket core land
final Component component = (Component)rcomponent;
- if (!component.canCallListenerInterface())
+ if (!component.canCallListenerInterface(method))
{
// just return so that we have a silent fail and just
re-render the
// page
@@ -230,7 +230,7 @@ public class RequestListenerInterface
// we are in Wicket core land
final Component component = (Component)rcomponent;
- if (!behavior.canCallListenerInterface(component))
+ if (!behavior.canCallListenerInterface(component, method))
{
log.warn("behavior not enabled; ignore call. Behavior
{} at component {}", behavior,
component);
Modified:
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java?rev=1187184&r1=1187183&r2=1187184&view=diff
==============================================================================
---
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java
(original)
+++
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java
Fri Oct 21 05:33:34 2011
@@ -16,6 +16,8 @@
*/
package org.apache.wicket.behavior;
+import java.lang.reflect.Method;
+
import org.apache.wicket.Application;
import org.apache.wicket.Component;
import org.apache.wicket.IClusterable;
@@ -199,13 +201,37 @@ public abstract class Behavior
*
* @param component
* @return true if a listener interface can be invoked on this behavior
+ *
+ * @deprecated use {@link #canCallListenerInterface(Component, Method)}
*/
+ @Deprecated
public boolean canCallListenerInterface(Component component)
{
return isEnabled(component) &&
component.canCallListenerInterface();
}
/**
+ * Checks whether or not a listener interface can be invoked on this
behavior. For further
+ * information please read the javadoc on {@link
Component#canCallListenerInterface(Method)},
+ * this method has the same semantics.
+ *
+ * WARNING: Read the javadoc of {@link
Component#canCallListenerInterface(Method)} for important
+ * security-related information.
+ *
+ * @param component
+ * component this behavior is attached to
+ * @param method
+ * listener method being invoked
+ * @return {@literal true} iff the listener method can be invoked
+ */
+ public boolean canCallListenerInterface(Component component, Method
method)
+ {
+ return canCallListenerInterface(component) &&
isEnabled(component) &&
+ component.canCallListenerInterface(method);
+ }
+
+
+ /**
* Render to the web response whatever the component wants to
contribute to the head section.
*
* @param component
Modified:
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/image/Image.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/image/Image.java?rev=1187184&r1=1187183&r2=1187184&view=diff
==============================================================================
---
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/image/Image.java
(original)
+++
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/image/Image.java
Fri Oct 21 05:33:34 2011
@@ -16,6 +16,8 @@
*/
package org.apache.wicket.markup.html.image;
+import java.lang.reflect.Method;
+
import org.apache.wicket.Component;
import org.apache.wicket.IResourceListener;
import org.apache.wicket.ajax.AjaxRequestTarget;
@@ -290,4 +292,20 @@ public class Image extends WebComponent
public void onComponentTagBody(final MarkupStream markupStream, final
ComponentTag openTag)
{
}
+
+ @Override
+ public boolean canCallListenerInterface(Method method)
+ {
+ boolean isResource =
IResourceListener.class.isAssignableFrom(method.getDeclaringClass());
+ if (isResource && isVisibleInHierarchy())
+ {
+ // when the image data is requested we do not care if
this component is enabled in
+ // hierarchy or not, only that it is visible
+ return true;
+ }
+ else
+ {
+ return super.canCallListenerInterface(method);
+ }
+ }
}
