Tapestry Ajax Security

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Tapestry Ajax Security

abangkis
Hi, with the client-side API release in Tapestry 5.4.2 probably there will
be more people that will depend on the tapestry ajax component.  So I was
wondering what about the security. Since it will be easily manipulated in
the client side.

In the traditional tapestry page we can rely on Something like page
protection filter or apache shiro. In the case of ajax request, from the
top of my mind, i would probably need to pass a security-token for each of
my tapestry ajax post and then validate it in the onEvent method. Is this
something that I would have to implement my self, or already provided by
the framework?

Thanks in advance

--
http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
twitter : @mreunionlabs @abangkis
page : https://plus.google.com/104168782385184990771
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Tapestry Ajax Security

Chris Poulsen
Your means to securing a "traditional tapestry page" (filter based
approach) should be sufficient.

On Mon, May 1, 2017 at 6:39 AM, abangkis <[hidden email]> wrote:

> Hi, with the client-side API release in Tapestry 5.4.2 probably there will
> be more people that will depend on the tapestry ajax component.  So I was
> wondering what about the security. Since it will be easily manipulated in
> the client side.
>
> In the traditional tapestry page we can rely on Something like page
> protection filter or apache shiro. In the case of ajax request, from the
> top of my mind, i would probably need to pass a security-token for each of
> my tapestry ajax post and then validate it in the onEvent method. Is this
> something that I would have to implement my self, or already provided by
> the framework?
>
> Thanks in advance
>
> --
> http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
> twitter : @mreunionlabs @abangkis
> page : https://plus.google.com/104168782385184990771
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Tapestry Ajax Security

abangkis
Okay. Thank you very much for the info.

On Mon, May 1, 2017 at 1:42 PM, Chris Poulsen <[hidden email]>
wrote:

> Your means to securing a "traditional tapestry page" (filter based
> approach) should be sufficient.
>
> On Mon, May 1, 2017 at 6:39 AM, abangkis <[hidden email]> wrote:
>
> > Hi, with the client-side API release in Tapestry 5.4.2 probably there
> will
> > be more people that will depend on the tapestry ajax component.  So I was
> > wondering what about the security. Since it will be easily manipulated in
> > the client side.
> >
> > In the traditional tapestry page we can rely on Something like page
> > protection filter or apache shiro. In the case of ajax request, from the
> > top of my mind, i would probably need to pass a security-token for each
> of
> > my tapestry ajax post and then validate it in the onEvent method. Is this
> > something that I would have to implement my self, or already provided by
> > the framework?
> >
> > Thanks in advance
> >
> > --
> > http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
> > twitter : @mreunionlabs @abangkis
> > page : https://plus.google.com/104168782385184990771
> >
>



--
http://www.mreunionlabs.net/ <http://www.mreunion-labs.net/>
twitter : @mreunionlabs @abangkis
page : https://plus.google.com/104168782385184990771
Loading...