...
Code Block |
---|
|
package com.snorgfnord.annotations;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* Marker annotation for pages that should not allow framing.
*/
@Target({ ElementType.TYPE })
@Retention(RetentionPolicy.RUNTIME)
@Documented
@Inherited
public @interface ForbidFraming {
}
|
...
Defining the Constant
Code Block |
---|
title | SnorgSymbolsFnordSymbols.java |
---|
|
package com.snorgfnord;
import org.apache.tapestry5.services.BaseURLSource;
import com.snorgfnord.annotations.ForbidFraming;
public class SnorgSymbolsFnordSymbols {
/**
* Meta-data key; when true, MarkupRendererFilter will inject some extra
* content into the response to enforce that the content may not be framed
* (i.e., "stolen").
*
* @see ForbidFraming
*/
public static final String FORBID_FRAMING = "forbid-framing";
}
|
...
Code Block |
---|
title | ForbidFramingModule.class |
---|
|
package com.snorgfnord.services.forbidframing;
import org.apache.tapestry5.ioc.MappedConfiguration;
import org.apache.tapestry5.ioc.annotations.Contribute;
import org.apache.tapestry5.ioc.services.FactoryDefaults;
import org.apache.tapestry5.ioc.services.SymbolProvider;
import com.snorgfnord.SnorgSymbolsFnordSymbols;
public class ForbidFramingModule {
@Contribute(SymbolProvider.class)
@FactoryDefaults
public static void setupForbidFramingDefault(
MappedConfiguration<String, String> configuration) {
configuration.add(SnorgSymbolsFnordSymbols.FORBID_FRAMING, "false");
}
}
|
...
Code Block |
---|
lang | java |
---|
title | ForbidFramingModule.java (partial) |
---|
|
@Contribute(MetaWorker.class)
public static void mapAnnotationsToMetaDataValue(
MappedConfiguration<Class, MetaDataExtractor> configuration) {
configuration
.add(ForbidFraming.class, new FixedExtractor<ForbidFraming>(
SnorgSymbolsFnordSymbols.FORBID_FRAMING));
}
|
If the ForbidFraming annotation has attributes, we would provided an implementation of MetaDataExtractor that examined those attributes to set the meta-data value. Since it has no annotations, the FixedExtractor class. The argument is the meta-data key, and the default value is "true".
...
Code Block |
---|
title | ForbidFramingFilter.java |
---|
|
package com.snorgfnord.services.forbidframing;
import org.apache.tapestry5.MarkupWriter;
import org.apache.tapestry5.ioc.annotations.Inject;
import org.apache.tapestry5.services.MarkupRenderer;
import org.apache.tapestry5.services.MarkupRendererFilter;
import org.apache.tapestry5.services.MetaDataLocator;
import org.apache.tapestry5.services.RequestGlobals;
import org.apache.tapestry5.services.Response;
import org.apache.tapestry5.services.javascript.InitializationPriority;
import org.apache.tapestry5.services.javascript.JavaScriptSupport;
import com.snorgfnord.SnorgSymbolsFnordSymbols;
public class ForbidFramingFilter implements MarkupRendererFilter {
@Inject
private RequestGlobals requestGlobals;
@Inject
private MetaDataLocator metaDataLocator;
@Inject
private Response response;
@Inject
private JavaScriptSupport jsSupport;
public void renderMarkup(MarkupWriter writer, MarkupRenderer renderer) {
String pageName = requestGlobals.getActivePageName();
boolean forbidFraming = metaDataLocator.findMeta(
SnorgSymbolsFnordSymbols.FORBID_FRAMING, pageName, boolean.class);
if (forbidFraming) {
response.setHeader("X-Frame-Options", "DENY");
jsSupport.addScript(InitializationPriority.IMMEDIATE,
"SnorgFnord.popOutOfFrame();");
}
renderer.renderMarkup(writer);
}
}
|
...
This code makes one assumption: that the snorg fnord application's Layout component added snorgfnord.js to every page. That's necessary for the JavaScript that's added:
Code Block |
---|
lang | javascript |
---|
title | snorgfnord.js (partial) |
---|
|
SnorgFnord = {
popOutOfFrame : function() {
if (top != self)
top.location.replace(location);
}
}
|
...