Hi,
Both PageRenderRequestFilter and ComponentEventRequestFilter receives a
context that includes the page name. Why not use that?
The following post might be of use:
http://www.mail-archive.com/users@tapestry.apache.org/msg21568.html
-Filip
Ned Jackson Lovely skrev:
On Sun, Jun 8, 2008 at 5:00 AM, maxthesecond <[EMAIL PROTECTED]> wrote:
As for loggin the request-filter option is very attractive, all that crap in
just one place.
I've been wondering about the request filter... To determine which
page is being accessed, I've been parsing the path myself, using code
I cut and pasted out of tapestry internals. I got this method from
http://wiki.apache.org/tapestry/Tapestry5HowToControlAccess, which
incidentally doesn't work with
the past couple of releases.
My issue is, I feel like this is a potential security problem. If
Tapestry changes how it parses the path, an attacked could conceivably
create a request that I think is for one page in my security
dispatcher, while it is really for another. Is there a service I can
inject to get the page that Tapestry has parsed out?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
