Wouter,
Thanks for sending the example
solution.
I have finaly decided to remove the
AuthenticationChannelProcessor from Hispacta and replaced it by the standard
Tapestry way of page protection - PageValidateListener. It is not declarative,
but it seems to be simpler, more secure (doesn't
That's a good question.
1) I think it can be done on Tapestry
page level using PageValidationListener.
2) It should be possible to improve the
AuthenticationChannelProcessor to support ROLE_*
attributes.
--
I have also just discovered a security hole
with the URL patterns used
Hi Wouter,
I'm using Channel Processing Filter to protect
the pages which requires user authentication (instead of commonly used HTTP
Request Security Filter), because of the different approch used by Tapestry to
access its pages. This Channel Processing Filter is commonly used for
restric