On Mon, 17 May 2010 13:48:57 -0300, Alex Kotchnev <akoch...@gmail.com>
wrote:
Thiago,
what would be the proper render event to decorate for access security
checks (if not @SetupRender) if the page is annotated as @Secured ?
In this case, there's no rendering event that is triggered in every
request and before @SetupRender. The solution is to do this page
class-level check in a ComponentEventRenderFilter, not in a
ComponentClassTransformWorker, as TSS does. By the way, when a page class
is annotated with @Secured in TSS, event requests are not checked either,
which is a serious security bug, as (almost) all actions that change data
in Tapestry applications are done in action requests.
--
Thiago H. de Paula Figueiredo
Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
and instructor
Owner, Ars Machina Tecnologia da Informação Ltda.
http://www.arsmachina.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org