Your means to securing a "traditional tapestry page" (filter based approach) should be sufficient.
On Mon, May 1, 2017 at 6:39 AM, abangkis <abang...@gmail.com> wrote: > Hi, with the client-side API release in Tapestry 5.4.2 probably there will > be more people that will depend on the tapestry ajax component. So I was > wondering what about the security. Since it will be easily manipulated in > the client side. > > In the traditional tapestry page we can rely on Something like page > protection filter or apache shiro. In the case of ajax request, from the > top of my mind, i would probably need to pass a security-token for each of > my tapestry ajax post and then validate it in the onEvent method. Is this > something that I would have to implement my self, or already provided by > the framework? > > Thanks in advance > > -- > http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/> > twitter : @mreunionlabs @abangkis > page : https://plus.google.com/104168782385184990771 >