Boris, Lance,
I have secured only pages with annotation @RequiresAuthentication. However,
page security is checked for component event too. As you can see in
SecurityComponentRequestFilter line 40:
public void handleComponentEvent(...) throws IOException {
checkInternal(parameters.getActivePageName());
......
}
Thanks for your help,
Jarda
2013/10/23 Boris Horvat <horvat.z.bo...@gmail.com>
> True, my security is per page in this case. I can try to put in security on
> the event just to test if that will cause the problem (I will try to do
> that tomorrow after work)
>
>
> On Wed, Oct 23, 2013 at 10:53 PM, Lance Java <lance.j...@googlemail.com
> >wrote:
>
> > tapestry-cometd has always used ParallelExecutor to render content so
> that
> > the current thread is not polluted with PerThreadValues. tapestry-offline
> > was only created to extract the offline rendering into a reusable module.
> >
> > I suspect that Jarda has security on his push event and maybe Boris only
> > has security on his page. Just a guess here but it might explain why it's
> > not an issue for Boris.
> >
>
>
>
> --
> Sincerely
> *Boris Horvat*
>
