Okay. Thank you very much for the info. On Mon, May 1, 2017 at 1:42 PM, Chris Poulsen <mailingl...@nesluop.dk> wrote:
> Your means to securing a "traditional tapestry page" (filter based > approach) should be sufficient. > > On Mon, May 1, 2017 at 6:39 AM, abangkis <abang...@gmail.com> wrote: > > > Hi, with the client-side API release in Tapestry 5.4.2 probably there > will > > be more people that will depend on the tapestry ajax component. So I was > > wondering what about the security. Since it will be easily manipulated in > > the client side. > > > > In the traditional tapestry page we can rely on Something like page > > protection filter or apache shiro. In the case of ajax request, from the > > top of my mind, i would probably need to pass a security-token for each > of > > my tapestry ajax post and then validate it in the onEvent method. Is this > > something that I would have to implement my self, or already provided by > > the framework? > > > > Thanks in advance > > > > -- > > http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/> > > twitter : @mreunionlabs @abangkis > > page : https://plus.google.com/104168782385184990771 > > > -- http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/> twitter : @mreunionlabs @abangkis page : https://plus.google.com/104168782385184990771
