Have you read this?
http://jumpstart.doublenegative.com.au/jumpstart7/examples/infrastructure/handlingabadcontext/1
My personal preference is to treat ids that don’t exist, and ids that you are
not authorised to, the same way: display a "does not exist” message on the same
page. It will be detected in setupRender() or, if there’s a Form, in
onPrepareForRender(). To keep it simple and consistent you can create an
ExistenceChecker component that you use like this:
<t:form t:id="form" context=“personId" validate="this">
<t:existencechecker exists=“person" name="message:Person-name">
:
</t:existencechecker>
</t:form>
ExistenceChecker could start like this:
public class ExistenceChecker {
/**
* Usually set by testing the entity of interest, eg. exists=“person”
* (which will be true if client is not null); or
* the entity list of interest, eg. exists="evaluations”
* (which will be true if the list is not null and not empty).
*/
@Parameter(required = true)
@Property
private boolean exists;
/**
* This name will be displayed to the user, substituted into the
"object-doesnotexist" message.
*/
@Parameter(required = true)
private String name;
Here’s my ExistenceChecker.tml:
<!DOCTYPE html>
<html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_4.xsd";
xmlns:p="tapestry:parameter">
<t:content>
<t:if test="exists">
<t:body />
</t:if>
<t:if test="!exists">
<div class="alert ${alertClass}
text-center">${doesNotExistMessage}</div>
</t:if>
</t:content>
</html>
HTH,
Geoff
> On 4 Aug 2015, at 7:15 pm, Poggenpohl, Daniel
> <daniel.poggenp...@isst.fraunhofer.de> wrote:
>
> Hello everyone,
>
> as the subject describes, we are trying to decide when to redirect the user
> to the error page.
>
> Tapestry reads the context from the url. As it may happen, a (malicious or
> not) user can decide to try out IDs with a URL. When in the page request
> process should I look in the database, check if the object exists, and
> redirect to an error page if necessary?
>
> Regards,
> Daniel P.
