You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by abangkis <ab...@gmail.com> on 2017/05/01 04:39:18 UTC
Tapestry Ajax Security
Hi, with the client-side API release in Tapestry 5.4.2 probably there will
be more people that will depend on the tapestry ajax component. So I was
wondering what about the security. Since it will be easily manipulated in
the client side.
In the traditional tapestry page we can rely on Something like page
protection filter or apache shiro. In the case of ajax request, from the
top of my mind, i would probably need to pass a security-token for each of
my tapestry ajax post and then validate it in the onEvent method. Is this
something that I would have to implement my self, or already provided by
the framework?
Thanks in advance
--
http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
twitter : @mreunionlabs @abangkis
page : https://plus.google.com/104168782385184990771
Re: Tapestry Ajax Security
Posted by abangkis <ab...@gmail.com>.
Okay. Thank you very much for the info.
On Mon, May 1, 2017 at 1:42 PM, Chris Poulsen <ma...@nesluop.dk>
wrote:
> Your means to securing a "traditional tapestry page" (filter based
> approach) should be sufficient.
>
> On Mon, May 1, 2017 at 6:39 AM, abangkis <ab...@gmail.com> wrote:
>
> > Hi, with the client-side API release in Tapestry 5.4.2 probably there
> will
> > be more people that will depend on the tapestry ajax component. So I was
> > wondering what about the security. Since it will be easily manipulated in
> > the client side.
> >
> > In the traditional tapestry page we can rely on Something like page
> > protection filter or apache shiro. In the case of ajax request, from the
> > top of my mind, i would probably need to pass a security-token for each
> of
> > my tapestry ajax post and then validate it in the onEvent method. Is this
> > something that I would have to implement my self, or already provided by
> > the framework?
> >
> > Thanks in advance
> >
> > --
> > http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
> > twitter : @mreunionlabs @abangkis
> > page : https://plus.google.com/104168782385184990771
> >
>
--
http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
twitter : @mreunionlabs @abangkis
page : https://plus.google.com/104168782385184990771
Re: Tapestry Ajax Security
Posted by Chris Poulsen <ma...@nesluop.dk>.
Your means to securing a "traditional tapestry page" (filter based
approach) should be sufficient.
On Mon, May 1, 2017 at 6:39 AM, abangkis <ab...@gmail.com> wrote:
> Hi, with the client-side API release in Tapestry 5.4.2 probably there will
> be more people that will depend on the tapestry ajax component. So I was
> wondering what about the security. Since it will be easily manipulated in
> the client side.
>
> In the traditional tapestry page we can rely on Something like page
> protection filter or apache shiro. In the case of ajax request, from the
> top of my mind, i would probably need to pass a security-token for each of
> my tapestry ajax post and then validate it in the onEvent method. Is this
> something that I would have to implement my self, or already provided by
> the framework?
>
> Thanks in advance
>
> --
> http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
> twitter : @mreunionlabs @abangkis
> page : https://plus.google.com/104168782385184990771
>