Hi, with the client-side API release in Tapestry 5.4.2 probably there will be more people that will depend on the tapestry ajax component. So I was wondering what about the security. Since it will be easily manipulated in the client side.
In the traditional tapestry page we can rely on Something like page protection filter or apache shiro. In the case of ajax request, from the top of my mind, i would probably need to pass a security-token for each of my tapestry ajax post and then validate it in the onEvent method. Is this something that I would have to implement my self, or already provided by the framework? Thanks in advance -- http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/> twitter : @mreunionlabs @abangkis page : https://plus.google.com/104168782385184990771
