was there any particular reason you forwarded this.... -igor
On Fri, Oct 21, 2011 at 12:55 AM, Martin Grigorov <mgrigo...@apache.org> wrote: > On Fri, Oct 21, 2011 at 8:33 AM, <ivaynb...@apache.org> wrote: >> Author: ivaynberg >> Date: Fri Oct 21 05:33:34 2011 >> New Revision: 1187184 >> >> URL: http://svn.apache.org/viewvc?rev=1187184&view=rev >> Log: >> >> Issue: WICKET-4149 >> >> Modified: >> wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java >> >> wicket/trunk/wicket-core/src/main/java/org/apache/wicket/RequestListenerInterface.java >> >> wicket/trunk/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java >> >> wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/image/Image.java >> >> Modified: >> wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java >> URL: >> http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java?rev=1187184&r1=1187183&r2=1187184&view=diff >> ============================================================================== >> --- wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java >> (original) >> +++ wicket/trunk/wicket-core/src/main/java/org/apache/wicket/Component.java >> Fri Oct 21 05:33:34 2011 >> @@ -17,6 +17,7 @@ >> package org.apache.wicket; >> >> import java.io.Serializable; >> +import java.lang.reflect.Method; >> import java.util.ArrayList; >> import java.util.Iterator; >> import java.util.List; >> @@ -4336,9 +4337,30 @@ public abstract class Component >> } >> >> >> - /** TODO WICKET-NG javadoc */ >> + /** >> + * TODO WICKET-NG javadoc >> + * >> + * @deprecated use {@link #canCallListenerInterface(Method)} instead >> + */ >> + @Deprecated >> public final boolean canCallListenerInterface() >> { >> + return true; >> + } >> + >> + /** >> + * Checks whether or not a listener method can be invoked on this >> component. Usually components deny these invocations if they are either >> invisible or disabled in hierarchy. Components can examine which listener >> interface is being invoked by examining the declaring class of the passed in >> {@literal method} parameter. >> + * <p> >> + * WARNING: be careful when overriding this method because it may >> open security holes - such as allowing a user to click on a link that should >> be disabled. >> + * </p> >> + * <p> >> + * Example usecase for overriding: Suppose you are building an >> component that displays images. The component generates a callback to itself >> using {@link IRequestListener} interface and uses this callback to stream >> image data. If such a component is placed inside a disable >> webmarkupcontainer we still want to allow the invocation of the request >> listener callback method so that image data can be streamed. Such a >> component would override this method and return {@literal true} if the >> listener method belongs to {@link IRequestListener}. >> + * </p> >> + * @param method listener method about to be invoked on this >> component >> + * >> + * @return {@literal true} iff the listener method can be invoked on >> this component >> + */ >> + public boolean canCallListenerInterface(Method method) { >> return isEnabledInHierarchy() && isVisibleInHierarchy(); >> } >> >> >> Modified: >> wicket/trunk/wicket-core/src/main/java/org/apache/wicket/RequestListenerInterface.java >> URL: >> http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/RequestListenerInterface.java?rev=1187184&r1=1187183&r2=1187184&view=diff >> ============================================================================== >> --- >> wicket/trunk/wicket-core/src/main/java/org/apache/wicket/RequestListenerInterface.java >> (original) >> +++ >> wicket/trunk/wicket-core/src/main/java/org/apache/wicket/RequestListenerInterface.java >> Fri Oct 21 05:33:34 2011 >> @@ -204,7 +204,7 @@ public class RequestListenerInterface >> // we are in Wicket core land >> final Component component = (Component)rcomponent; >> >> - if (!component.canCallListenerInterface()) >> + if (!component.canCallListenerInterface(method)) >> { >> // just return so that we have a silent fail and just >> re-render the >> // page >> @@ -230,7 +230,7 @@ public class RequestListenerInterface >> // we are in Wicket core land >> final Component component = (Component)rcomponent; >> >> - if (!behavior.canCallListenerInterface(component)) >> + if (!behavior.canCallListenerInterface(component, method)) >> { >> log.warn("behavior not enabled; ignore call. Behavior >> {} at component {}", behavior, >> component); >> >> Modified: >> wicket/trunk/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java >> URL: >> http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java?rev=1187184&r1=1187183&r2=1187184&view=diff >> ============================================================================== >> --- >> wicket/trunk/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java >> (original) >> +++ >> wicket/trunk/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java >> Fri Oct 21 05:33:34 2011 >> @@ -16,6 +16,8 @@ >> */ >> package org.apache.wicket.behavior; >> >> +import java.lang.reflect.Method; >> + >> import org.apache.wicket.Application; >> import org.apache.wicket.Component; >> import org.apache.wicket.IClusterable; >> @@ -199,13 +201,37 @@ public abstract class Behavior >> * >> * @param component >> * @return true if a listener interface can be invoked on this >> behavior >> + * >> + * @deprecated use {@link #canCallListenerInterface(Component, >> Method)} >> */ >> + @Deprecated >> public boolean canCallListenerInterface(Component component) >> { >> return isEnabled(component) && >> component.canCallListenerInterface(); >> } >> >> /** >> + * Checks whether or not a listener interface can be invoked on this >> behavior. For further >> + * information please read the javadoc on {@link >> Component#canCallListenerInterface(Method)}, >> + * this method has the same semantics. >> + * >> + * WARNING: Read the javadoc of {@link >> Component#canCallListenerInterface(Method)} for important >> + * security-related information. >> + * >> + * @param component >> + * component this behavior is attached to >> + * @param method >> + * listener method being invoked >> + * @return {@literal true} iff the listener method can be invoked >> + */ >> + public boolean canCallListenerInterface(Component component, Method >> method) >> + { >> + return canCallListenerInterface(component) && >> isEnabled(component) && >> + component.canCallListenerInterface(method); > I guess the reason to call the deprecated > "canCallListenerInterface(component)" is backward compatibility, but > this way "isEnabled(component)" is called twice. Maybe we should > replace "canCallListenerInterface(component)" with > "component.canCallListenerInterface()" instead ? >> + } >> + >> + >> + /** >> * Render to the web response whatever the component wants to >> contribute to the head section. >> * >> * @param component >> >> Modified: >> wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/image/Image.java >> URL: >> http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/image/Image.java?rev=1187184&r1=1187183&r2=1187184&view=diff >> ============================================================================== >> --- >> wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/image/Image.java >> (original) >> +++ >> wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/image/Image.java >> Fri Oct 21 05:33:34 2011 >> @@ -16,6 +16,8 @@ >> */ >> package org.apache.wicket.markup.html.image; >> >> +import java.lang.reflect.Method; >> + >> import org.apache.wicket.Component; >> import org.apache.wicket.IResourceListener; >> import org.apache.wicket.ajax.AjaxRequestTarget; >> @@ -290,4 +292,20 @@ public class Image extends WebComponent >> public void onComponentTagBody(final MarkupStream markupStream, final >> ComponentTag openTag) >> { >> } >> + >> + @Override >> + public boolean canCallListenerInterface(Method method) >> + { >> + boolean isResource = >> IResourceListener.class.isAssignableFrom(method.getDeclaringClass()); >> + if (isResource && isVisibleInHierarchy()) >> + { >> + // when the image data is requested we do not care >> if this component is enabled in >> + // hierarchy or not, only that it is visible >> + return true; >> + } >> + else >> + { >> + return super.canCallListenerInterface(method); >> + } >> + } >> } >> >> >> > > > > -- > Martin Grigorov > jWeekend > Training, Consulting, Development > http://jWeekend.com >
