Package com.vaadin.flow.component.trigger.internal

Class SetPropertyAction<T>

java.lang.Object
com.vaadin.flow.component.trigger.internal.Action
com.vaadin.flow.component.trigger.internal.SetPropertyAction<T>
Type Parameters:
T - the runtime type of the value to assign
All Implemented Interfaces:
Serializable
public class SetPropertyAction<T> extends Action
Assigns a value to a JavaScript property on a target element when the bound trigger fires.

Symmetric with PropertyInput: the same property name space (DOM/custom-element properties such as value, checked, disabled).

The value to assign can be either a literal (constant, serialised at build time) or an Action.Input that produces the value on the client when the trigger fires — for example, MouseEventTrigger.EventData.screenX feeds the click's screen coordinate.

Common idioms:

  • Disable a button: new SetPropertyAction(button, "disabled", true)
  • Clear an input: new SetPropertyAction(input, "value", "")
  • Mirror a click coordinate: new SetPropertyAction(field, "value", ClickTrigger.EventData.screenX)

Server-state mirror (opt-in)

By default, this action runs client-only: the property is assigned in the browser and the server's view of the property is not updated. As a result, Element.getProperty(String) on the target keeps returning whatever the server last set, which will drift from what the user sees in the browser. Call mirrorToServer() to opt into mirroring the assigned value back into the target's ElementPropertyMap so the server-side view tracks the browser. The server-side update produced by the mirror does not generate another client-bound change, so there is no echo round-trip.

Security implication of mirrorToServer(): when the mirror is enabled, the value the server stores is whatever the client sent. An end user with the browser devtools open can substitute any value — boolean, string, JSON object — for the one this action would normally compute. Server-side code must not rely on the mirrored property value as a trusted source of truth for authorisation, validation, or any other security-sensitive decision; treat it the same way you would treat the value of an @Synchronize'd property or any other client-originated input. If you need a trusted server-side value, derive it on the server (e.g. via a CallbackAction that recomputes from session state) rather than trusting the mirror. This caveat is the reason the mirror is opt-in: the safe default never trusts a client-set value.

For internal use only. May be renamed or removed in a future release.

See Also:

  • Constructor Details

    • SetPropertyAction

      public SetPropertyAction(Component target, String propertyName, @Nullable T value)
      Creates an action that assigns the given literal value to the given JS property on target when the trigger fires. Passing null clears the property (renders target[prop] = null;).
      Parameters:
      target - the component whose root element to modify, not null
      propertyName - the JS property name, not null
      value - the value to assign — String, Boolean, Number, or any Jackson-serialisable object; may be null to emit a JS null (e.g. to clear an input's value)

    • SetPropertyAction

      public SetPropertyAction(Component target, String propertyName, Action.Input<? extends T> source)
      Creates an action that assigns the value produced by source to the given JS property on target when the trigger fires.
      Parameters:
      target - the component whose root element to modify, not null
      propertyName - the JS property name, not null
      source - input that produces the value to assign, not null

  • Method Details

    • mirrorToServer

      public SetPropertyAction<T> mirrorToServer()
      Opts into the server-state mirror: when the trigger fires, the assigned value is forwarded back to the server and stored on the target's ElementPropertyMap so Element.getProperty(String) returns the same value the browser sees.

      See the class Javadoc for the security implication — the server stores whatever the client sent, so the mirrored value is not trustworthy for authorisation or validation decisions. Use only when the server needs to track the visible state (e.g. to mirror a disabled flip an action makes on a button so server-side enablement logic agrees with the browser).

      Must be called before this action is wired through Trigger.triggers(Action...); configuration changes after wiring do not affect the already-installed client JS.

      Returns:
      this action, for chaining

    • toJs

      protected JsFunction toJs(Trigger trigger)
      Description copied from class: Action
      Builds the JsFunction that runs this action when the surrounding trigger fires. The returned function takes one runtime argument named event (declared by the framework when it composes the trigger handler); subclasses do not declare argument names themselves.

      The body is one statement. To embed a value produced on the client, capture an Action.Input's JsFunction as a capture and invoke it inside the body as $N(event).

      Specified by:
      toJs in class Action
      Parameters:
      trigger - the surrounding trigger this render is for, not null
      Returns:
      the action's JS function, not null