Martin, Just checked: it doesn't work as expected. It seems that this code doesn't work as it was assumed:
BookmarkableMapper.java if (application.getSecuritySettings().getEnforceMounts()) { // we make an exception if the homepage itself was mounted, see WICKET-1898 if (!pageClass.equals(application.getHomePage())) { // WICKET-5094 only enforce mount if page is mounted if (isPageMounted(pageClass, application.getRootRequestMapperAsCompound())) // HERE!!! { return null; } } } Imho condition at line marked by HERE!!! should be opposite. Please check. In my case getSecuritySettings().setEnforceMounts(true); doesn't have any effect. Thanks, Ilia 2016-05-03 10:59 GMT-07:00 Илья Нарыжный <phan...@ydn.ru>: > Thank you Martin! I did know that there should be easier way to do > that, but could not be able to find it:) > > Regards, > > Ilia > > 2016-05-03 0:06 GMT-07:00 Martin Grigorov <mgrigo...@apache.org>: >> Hi, >> >> I always thought >> that org.apache.wicket.settings.SecuritySettings#getEnforceMounts() is for >> this. Also its javadoc seems to say that. >> But there were some changes to its behavior after which I am no more sure >> what exactly it does :-/ >> >> Martin Grigorov >> Wicket Training and Consulting >> https://twitter.com/mtgrigorov >> >> On Tue, May 3, 2016 at 8:53 AM, Илья Нарыжный <phan...@ydn.ru> wrote: >> >>> Yea - that's possible. Even instrumentation is possible, but probably >>> this problem somehow solved already in wicket. I would briefly >>> summarize the problem like: >>> >>> Wicket allow to directly address bookmarkable pages from 3rd party >>> libraries without good way to manage accessibility. >>> Potentially it means that with having control over some 3rd partly lib >>> it's possible to include "backdoor page" >>> Thanks, >>> >>> Ilia >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org