That's a good question.
1) I think it can be done on Tapestry
page level using PageValidationListener.
2) It should be possible to improve the
AuthenticationChannelProcessor to support ROLE_*
attributes.
----------
I have also just discovered a security hole
with the URL patterns used in my example, because it was possible to cheat it,
so the better way will be to use
those patterns:
\A/app.service.page/Login\Z=FREE_ACCESS
\A/app.service.page/Home\Z=FREE_ACCESS
(There are troubles with ? and = chars, so I use the wildcard .
instead):
I have still a problem with the LanguageSwitch, how
to write a safe pattern enabling it?
Karel
|
- [Acegisecurity-developer] Re: tapestry + acegi Karel Miarka
- [Acegisecurity-developer] Re: tapestry + acegi Karel Miarka
- [Acegisecurity-developer] Re: tapestry + acegi Karel Miarka