public class DataCommunicator<T> extends AbstractExtension {
private Registration dataProviderUpdateRegistration;
+ private static final int MAXIMUM_ALLOWED_ROWS = 500;
/**
* Simple implementation of collection data provider communication. All data
*/
protected void onRequestRows(int firstRowIndex, int numberOfRows,
int firstCachedRowIndex, int cacheSize) {
+ if (numberOfRows > getMaximumAllowedRows()) {
+ throw new IllegalStateException(
+ "Client tried fetch more rows than allowed. This is denied to prevent denial of service.");
+ }
setPushRows(Range.withLength(firstRowIndex, numberOfRows));
markAsDirty();
}
+ /**
+ * Set the maximum allowed rows to be fetched in one query.
+ *
+ * @return Maximum allowed rows for one query.
+ * @since 8.14.1
+ */
+ protected int getMaximumAllowedRows() {
+ return MAXIMUM_ALLOWED_ROWS;
+ }
+
/**
* Triggered when rows have been dropped from the client side cache.
*
assertTrue("DataCommunicator should be marked as dirty",
ui.getConnectorTracker().isDirty(communicator));
}
+
+
+ @Test(expected = IllegalStateException.class)
+ public void requestTooMuchRowsFail() {
+ TestDataCommunicator communicator = new TestDataCommunicator();
+ communicator.onRequestRows(0, communicator.getMaximumAllowedRows() + 10,
+ 0, 0);
+ }
}
column.isSortableByUser());
}
+ @Test
+ public void extendGridCustomDataCommunicator() {
+ Grid<String> grid = new MyGrid<>();
+ }
+
+ public class MyDataCommunicator<T> extends DataCommunicator<T> {
+ @Override
+ protected int getMaximumAllowedRows() {
+ return 600;
+ }
+ }
+
+ public class MyGrid<T> extends Grid<T> {
+
+ public MyGrid() {
+ super(new MyDataCommunicator());
+ }
+
+ }
}