> Not 100% related, but I created an ActivationContextEncoder<T> interface > and corresponding ActivationContextEncoderSource service. This way, I can > have the logic for generating the activation context value for a given > type separate from its ValudeEncoder logic. The above pseudo-id lookup > logic above could be implemented in a reusable way with > ActivationContextEncoder. Interesting solution!
I agree that one way or another you can't avoid these checks, so better to find a way to make this code reusable and as generic as possible. My solution was to annotate my pages in order to determine the referenced context variables at runtime, then reuse the checking code in a service injected in a base page/s (or even a dispatcher)... perhaps not as elegant as yours, but its flexible and it works for me. cheers, Peter ----- Original Message ----- From: "Thiago H. de Paula Figueiredo" <thiag...@gmail.com> To: "Tapestry users" <users@tapestry.apache.org> Sent: Wednesday, 3 February, 2010 02:43:11 GMT +02:00 Athens, Beirut, Bucharest, Istanbul Subject: Re: How to decorate a service that has already been decorated ? On Tue, 02 Feb 2010 19:21:22 -0200, Howard Lewis Ship <hls...@gmail.com> wrote: > Intresting. So perhaps instead of encoding the primary key of a > Hibernate entity directly, you'd instead maintain a lookup combining > user id and object id, mapped to a random string. The random string > would have to be in some kind of fast lookup table stored persistently > (perhaps in the DB for sharing across the cluster, if any). Is the overhead worth it? As attackers car intercept the URLs, you still need to check if the user can access that data. > Anyway, that's the kind of idea that popped into my head ... what's > your solution looking like? Not 100% related, but I created an ActivationContextEncoder<T> interface and corresponding ActivationContextEncoderSource service. This way, I can have the logic for generating the activation context value for a given type separate from its ValudeEncoder logic. The above pseudo-id lookup logic above could be implemented in a reusable way with ActivationContextEncoder. -- Thiago H. de Paula Figueiredo Independent Java, Apache Tapestry 5 and Hibernate consultant, developer, and instructor Owner, software architect and developer, Ars Machina Tecnologia da Informação Ltda. http://www.arsmachina.com.br --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org