I already implemented it. I didn't make it the default behavior though, and for the sake of simplicity, I made it a app-wide setting, rather then providing the ability to set it for separate targets.
The feature can be turned on like this: getSecuritySettings().setEnforceMounts(true); If true, only requests through the path are allowed; if, for instance a mounted bookmarkable page is accessed using a URL with a bookmarkablePage parameter, an error code (request target) will be issued, so that the client gets: HTTP ERROR: 403 Direct access not allowed for mounted targets It will also be logged with level error. Eelco On 9/30/06, Eelco Hillenius <[EMAIL PROTECTED]> wrote: > While writing Wicket In Action, I thought of a missing feature of URL > mounting. If you want to protect your application with some URL > schema, URL mounting would potentially be suitable for that. However, > mounted resources are currently still available using e.g. a > bookmarkablePage parameter as well. I think we should come up with > some way to protect this, maybe by default, so that a mounted request > target can *only* be reached through that URL. > > WDYT? Any volunteers for implementing this? Shouldn't be too hard, but > I'm very busy with making the book's deadline myself. > > Eelco > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Wicket-develop mailing list Wicket-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-develop
