Versions Compared

Old Version 2

changes.mady.by.user Howard Ship

Saved on

compared with

New Version 3

changes.mady.by.user Howard Ship

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
titleForbidFraming.java
package com.snorgfnord.annotations;

import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
 * Marker annotation for pages that should not allow framing.
 */
@Target({ ElementType.TYPE })
@Retention(RetentionPolicy.RUNTIME)
@Documented
@Inherited
public @interface ForbidFraming {

}

...

Defining the Constant

Code Block
titleSnorgSymbolsFnordSymbols.java
package com.snorgfnord;

import org.apache.tapestry5.services.BaseURLSource;

import com.snorgfnord.annotations.ForbidFraming;

public class SnorgSymbolsFnordSymbols {

  /**
   * Meta-data key; when true, MarkupRendererFilter will inject some extra
   * content into the response to enforce that the content may not be framed
   * (i.e., "stolen").
   * 
   * @see ForbidFraming
   */
  public static final String FORBID_FRAMING = "forbid-framing";

}

...

Code Block
titleForbidFramingModule.class
package com.snorgfnord.services.forbidframing;

import org.apache.tapestry5.ioc.MappedConfiguration;
import org.apache.tapestry5.ioc.annotations.Contribute;
import org.apache.tapestry5.ioc.services.FactoryDefaults;
import org.apache.tapestry5.ioc.services.SymbolProvider;

import com.snorgfnord.SnorgSymbolsFnordSymbols;

public class ForbidFramingModule {

  @Contribute(SymbolProvider.class)
  @FactoryDefaults
  public static void setupForbidFramingDefault(
      MappedConfiguration<String, String> configuration) {
    configuration.add(SnorgSymbolsFnordSymbols.FORBID_FRAMING, "false");
  }
}

...

Code Block
langjava
titleForbidFramingModule.java (partial)
  @Contribute(MetaWorker.class)
  public static void mapAnnotationsToMetaDataValue(
      MappedConfiguration<Class, MetaDataExtractor> configuration) {
    configuration
        .add(ForbidFraming.class, new FixedExtractor<ForbidFraming>(
            SnorgSymbolsFnordSymbols.FORBID_FRAMING));
  }

If the ForbidFraming annotation has attributes, we would provided an implementation of MetaDataExtractor that examined those attributes to set the meta-data value. Since it has no annotations, the FixedExtractor class. The argument is the meta-data key, and the default value is "true".

...

Code Block
titleForbidFramingFilter.java
package com.snorgfnord.services.forbidframing;

import org.apache.tapestry5.MarkupWriter;
import org.apache.tapestry5.ioc.annotations.Inject;
import org.apache.tapestry5.services.MarkupRenderer;
import org.apache.tapestry5.services.MarkupRendererFilter;
import org.apache.tapestry5.services.MetaDataLocator;
import org.apache.tapestry5.services.RequestGlobals;
import org.apache.tapestry5.services.Response;
import org.apache.tapestry5.services.javascript.InitializationPriority;
import org.apache.tapestry5.services.javascript.JavaScriptSupport;

import com.snorgfnord.SnorgSymbolsFnordSymbols;

public class ForbidFramingFilter implements MarkupRendererFilter {

  @Inject
  private RequestGlobals requestGlobals;

  @Inject
  private MetaDataLocator metaDataLocator;

  @Inject
  private Response response;

  @Inject
  private JavaScriptSupport jsSupport;

  public void renderMarkup(MarkupWriter writer, MarkupRenderer renderer) {

    String pageName = requestGlobals.getActivePageName();

    boolean forbidFraming = metaDataLocator.findMeta(
        SnorgSymbolsFnordSymbols.FORBID_FRAMING, pageName, boolean.class);

    if (forbidFraming) {
      response.setHeader("X-Frame-Options", "DENY");

      jsSupport.addScript(InitializationPriority.IMMEDIATE,
          "SnorgFnord.popOutOfFrame();");

    }

    renderer.renderMarkup(writer);

  }

}

...

This code makes one assumption: that the snorg fnord application's Layout component added snorgfnord.js to every page. That's necessary for the JavaScript that's added:

Code Block
langjavascript
titlesnorgfnord.js (partial)
SnorgFnord = {
  popOutOfFrame : function() {
    if (top != self)
      top.location.replace(location);
  }
}

...