Generally I like solutions that don't require the page class to do anything special so I wrote a request filter and a strategy service to do this. The filter looks for @PageActivationContext and if there is one calls the strategy service to see if the user has access to the object. This way all pages/events are covered and the strategy service can handle different permissions by object type.
On Tuesday, August 4, 2015, Poggenpohl, Daniel < daniel.poggenp...@isst.fraunhofer.de> wrote: > Hello everyone, > > as the subject describes, we are trying to decide when to redirect the > user to the error page. > > Tapestry reads the context from the url. As it may happen, a (malicious or > not) user can decide to try out IDs with a URL. When in the page request > process should I look in the database, check if the object exists, and > redirect to an error page if necessary? > > Regards, > Daniel P. >
