On Mon, 10 Dec 2012 05:57:37 -0200, antalk <nab...@vankalleveen.net> wrote:
The code involved can be found at: https://github.com/antalk/Tapestry-Spring-Security/blob/master/src/main/java/nu/localhost/tapestry5/springsecurity/services/internal/SpringSecurityWorker.java This is an update of the spring security library, which i adopted for Tapestry 5.3.x The line introducing the field is at line number 86 I was informed by 'JavaMat' that this field is not thread safe, see the discussion over here: https://github.com/antalk/Tapestry-Spring-Security/issues/3
I'm not sure what the line does, but I used Tapestry-Spring-Security in the past and I believe line 90 is a serious security error. It adds a security check at the beginRender(), so this check is never done in action (event) requests. In other words, events and form submissions are *not* checked, just page render requests.
-- Thiago H. de Paula Figueiredo --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
