#841 added the attribute render-value which sends the password to the…

… client if the programmer insists on doing so
TheCoder4eu · Aug 22, 2017 · 92b2a70 · 92b2a70
1 parent b81e70e
commit 92b2a70
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 9 deletions.
diff --git a/src/main/java/net/bootsfaces/component/inputSecret/InputSecret.java b/src/main/java/net/bootsfaces/component/inputSecret/InputSecret.java
@@ -19,8 +19,8 @@
 package net.bootsfaces.component.inputSecret;
 
 import javax.faces.component.FacesComponent;
-import net.bootsfaces.C;
 
+import net.bootsfaces.C;
 import net.bootsfaces.component.inputText.InputText;
 
 /**
@@ -30,7 +30,49 @@
 
 @FacesComponent(InputSecret.COMPONENT_TYPE)
 public class InputSecret extends InputText {
-
-    public static final String COMPONENT_TYPE=C.BSFCOMPONENT + ".inputSecret.InputSecret";
-
+
+	public static final String COMPONENT_TYPE = C.BSFCOMPONENT + ".inputSecret.InputSecret";
+
+	protected enum PropertyKeys {
+		renderValue;
+		String toString;
+
+		PropertyKeys(String toString) {
+			this.toString = toString;
+		}
+
+		PropertyKeys() {
+		}
+
+		public String toString() {
+			return ((this.toString != null) ? this.toString : super.toString());
+		}
+	}
+
+	/**
+	 * By default, the value of the password field is never sent to the client.
+	 * However, if you need to send the value to the client for some reason, you can
+	 * set this flag to true. Please make sure that this is not a security hole. The
+	 * password may be unreadable on the screen, but hackers can read it easily.
+	 * <P>
+	 * 
+	 * @return Returns the value of the attribute, or false, if it hasn't been set
+	 *         by the JSF file.
+	 */
+	public boolean isRenderValue() {
+		return (boolean) (Boolean) getStateHelper().eval(PropertyKeys.renderValue, false);
+	}
+
+	/**
+	 * By default, the value of the password field is never sent to the client.
+	 * However, if you need to send the value to the client for some reason, you can
+	 * set this flag to true. Please make sure that this is not a security hole. The
+	 * password may be unreadable on the screen, but hackers can read it easily.
+	 * <P>
+	 * Usually this method is called internally by the JSF engine.
+	 */
+	public void setRenderValue(boolean _renderValue) {
+		getStateHelper().put(PropertyKeys.renderValue, _renderValue);
+	}
+
 }
diff --git a/src/main/java/net/bootsfaces/component/inputText/InputTextRenderer.java b/src/main/java/net/bootsfaces/component/inputText/InputTextRenderer.java
@@ -74,8 +74,10 @@ public void decode(FacesContext context, UIComponent component, List<String> leg
 		}
 		String submittedValue = (String) context.getExternalContext().getRequestParameterMap().get(name);
 		if (inputText instanceof InputSecret) {
-			if ("*******".equals(submittedValue)) {
-				submittedValue = null;
+			if (!((InputSecret)inputText).isRenderValue()) {
+				if ("*******".equals(submittedValue)) {
+					submittedValue = null;
+				}
 			}
 		}
 
@@ -232,9 +234,11 @@ public void encodeEnd(FacesContext context, UIComponent component) throws IOExce
 		}
 
 		String v = getValue2Render(context, component);
-		if (component instanceof InputSecret) {
-			if (v != null && v.length()> 0) {
-				v = "*******";
+		if (inputText instanceof InputSecret) {
+			if (!((InputSecret) inputText).isRenderValue()) {
+				if (v != null && v.length() > 0) {
+					v = "*******";
+				}
 			}
 		}
 		if (v != null && v.length()> 0) {