On Fri, Oct 21, 2011 at 8:33 AM, <ivaynb...@apache.org> wrote: > Author: ivaynberg > Date: Fri Oct 21 05:33:34 2011 > New Revision: 1187184 > > URL: http://svn.apache.org/viewvc?rev=1187184&view=rev > Log: > > Issue: WICKET-4149 > > Modified: > wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java > > wicket/trunk/wicket-core/src/main/java/org/apache/wicket/RequestListenerInterface.java > > wicket/trunk/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java > > wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/image/Image.java > > Modified: > wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java > URL: > http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java?rev=1187184&r1=1187183&r2=1187184&view=diff > ============================================================================== > --- wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java > (original) > +++ wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java > Fri Oct 21 05:33:34 2011 > @@ -17,6 +17,7 @@ > package org.apache.wicket; > > import java.io.Serializable; > +import java.lang.reflect.Method; > import java.util.ArrayList; > import java.util.Iterator; > import java.util.List; > @@ -4336,9 +4337,30 @@ public abstract class Component > } > > > - /** TODO WICKET-NG javadoc */ > + /** > + * TODO WICKET-NG javadoc > + * > + * @deprecated use {@link #canCallListenerInterface(Method)} instead > + */ > + @Deprecated > public final boolean canCallListenerInterface() > { > + return true; > + } > + > + /** > + * Checks whether or not a listener method can be invoked on this > component. Usually components deny these invocations if they are either > invisible or disabled in hierarchy. Components can examine which listener > interface is being invoked by examining the declaring class of the passed in > {@literal method} parameter. > + * <p> > + * WARNING: be careful when overriding this method because it may > open security holes - such as allowing a user to click on a link that should > be disabled. > + * </p> > + * <p> > + * Example usecase for overriding: Suppose you are building an > component that displays images. The component generates a callback to itself > using {@link IRequestListener} interface and uses this callback to stream > image data. If such a component is placed inside a disable webmarkupcontainer > we still want to allow the invocation of the request listener callback method > so that image data can be streamed. Such a component would override this > method and return {@literal true} if the listener method belongs to {@link > IRequestListener}. > + * </p> > + * @param method listener method about to be invoked on this component > + * > + * @return {@literal true} iff the listener method can be invoked on > this component > + */ > + public boolean canCallListenerInterface(Method method) { > return isEnabledInHierarchy() && isVisibleInHierarchy(); > } > > > Modified: > wicket/trunk/wicket-core/src/main/java/org/apache/wicket/RequestListenerInterface.java > URL: > http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/RequestListenerInterface.java?rev=1187184&r1=1187183&r2=1187184&view=diff > ============================================================================== > --- > wicket/trunk/wicket-core/src/main/java/org/apache/wicket/RequestListenerInterface.java > (original) > +++ > wicket/trunk/wicket-core/src/main/java/org/apache/wicket/RequestListenerInterface.java > Fri Oct 21 05:33:34 2011 > @@ -204,7 +204,7 @@ public class RequestListenerInterface > // we are in Wicket core land > final Component component = (Component)rcomponent; > > - if (!component.canCallListenerInterface()) > + if (!component.canCallListenerInterface(method)) > { > // just return so that we have a silent fail and just > re-render the > // page > @@ -230,7 +230,7 @@ public class RequestListenerInterface > // we are in Wicket core land > final Component component = (Component)rcomponent; > > - if (!behavior.canCallListenerInterface(component)) > + if (!behavior.canCallListenerInterface(component, method)) > { > log.warn("behavior not enabled; ignore call. Behavior > {} at component {}", behavior, > component); > > Modified: > wicket/trunk/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java > URL: > http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java?rev=1187184&r1=1187183&r2=1187184&view=diff > ============================================================================== > --- > wicket/trunk/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java > (original) > +++ > wicket/trunk/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java > Fri Oct 21 05:33:34 2011 > @@ -16,6 +16,8 @@ > */ > package org.apache.wicket.behavior; > > +import java.lang.reflect.Method; > + > import org.apache.wicket.Application; > import org.apache.wicket.Component; > import org.apache.wicket.IClusterable; > @@ -199,13 +201,37 @@ public abstract class Behavior > * > * @param component > * @return true if a listener interface can be invoked on this behavior > + * > + * @deprecated use {@link #canCallListenerInterface(Component, > Method)} > */ > + @Deprecated > public boolean canCallListenerInterface(Component component) > { > return isEnabled(component) && > component.canCallListenerInterface(); > } > > /** > + * Checks whether or not a listener interface can be invoked on this > behavior. For further > + * information please read the javadoc on {@link > Component#canCallListenerInterface(Method)}, > + * this method has the same semantics. > + * > + * WARNING: Read the javadoc of {@link > Component#canCallListenerInterface(Method)} for important > + * security-related information. > + * > + * @param component > + * component this behavior is attached to > + * @param method > + * listener method being invoked > + * @return {@literal true} iff the listener method can be invoked > + */ > + public boolean canCallListenerInterface(Component component, Method > method) > + { > + return canCallListenerInterface(component) && > isEnabled(component) && > + component.canCallListenerInterface(method); I guess the reason to call the deprecated "canCallListenerInterface(component)" is backward compatibility, but this way "isEnabled(component)" is called twice. Maybe we should replace "canCallListenerInterface(component)" with "component.canCallListenerInterface()" instead ? > + } > + > + > + /** > * Render to the web response whatever the component wants to > contribute to the head section. > * > * @param component > > Modified: > wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/image/Image.java > URL: > http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/image/Image.java?rev=1187184&r1=1187183&r2=1187184&view=diff > ============================================================================== > --- > wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/image/Image.java > (original) > +++ > wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/image/Image.java > Fri Oct 21 05:33:34 2011 > @@ -16,6 +16,8 @@ > */ > package org.apache.wicket.markup.html.image; > > +import java.lang.reflect.Method; > + > import org.apache.wicket.Component; > import org.apache.wicket.IResourceListener; > import org.apache.wicket.ajax.AjaxRequestTarget; > @@ -290,4 +292,20 @@ public class Image extends WebComponent > public void onComponentTagBody(final MarkupStream markupStream, final > ComponentTag openTag) > { > } > + > + @Override > + public boolean canCallListenerInterface(Method method) > + { > + boolean isResource = > IResourceListener.class.isAssignableFrom(method.getDeclaringClass()); > + if (isResource && isVisibleInHierarchy()) > + { > + // when the image data is requested we do not care if > this component is enabled in > + // hierarchy or not, only that it is visible > + return true; > + } > + else > + { > + return super.canCallListenerInterface(method); > + } > + } > } > > >
-- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com
