Hi Angelo, Using a Dispatcher (or Request filter) enables you to filter on every Request, so simply wire Tapestry's ApplicationStateManager to your Dispatcher and retrieve the appropriate ASO instance to check access for the requested page / resource:
public PageAccessController(ApplicationStateManager asm, etc...){ asm_ = asm; ... } @Override public boolean service(Request request, Response response,...etc){ siteAccess = asm_.get(SiteAccess.class); if(!siteAccess.isAuthenticated()) redirectToLogin(); } For an extranet it is better to deny access by default unless explicitly permissioned. regards, Peter ----- Original Message ----- From: "Onno Scheffers" <o...@piraya.nl> To: "Tapestry users" <users@tapestry.apache.org> Sent: Wednesday, 10 June, 2009 19:19:21 GMT +02:00 Athens, Beirut, Bucharest, Istanbul Subject: Re: t5: protecting data from public access > > this is a good idea. which one is faster: > returning the image as a stream or a direct link to a physical file in the > file system? The physical file is much faster. It just gets a little troublesome to keep all files in sync if your application has to be distributed over multiple servers: a file-upload will need to be placed onto the filesystem of each and every server. You don't have that problem when you put the files in a database. regards, Onno --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org