[Acegisecurity-developer] Re: tapestry + acegi

[Karel Miarka]

That's a good question.   1) I think it can be done on Tapestry page level using PageValidationListener. 2) It should be possible to improve the AuthenticationChannelProcessor to support ROLE_* attributes.   ----------   I have also just discovered a security hole with the URL patterns used in my example, because it was possible to cheat it, so the better way will be to use those patterns:   \A/app.service.page/Login\Z=FREE_ACCESS \A/app.service.page/Home\Z=FREE_ACCESS   (There are troubles with ? and = chars, so I use the wildcard . instead):   I have still a problem with the LanguageSwitch, how to write a safe pattern enabling it?   Karel     ----- Original Message ----- From: Wouter de Vaal To: 'Karel Miarka' Sent: Thursday, July 22, 2004 3:01 PM Subject: RE: tapestry + acegi Thanx for your reply.   Ok I see now (I've dug a little deeper since I last mailed). My next question:   Do I understand it correctly if I would want to add more roles the same way you did, I would need to add these to the checking code?   Wouter