I already implemented it. I didn't make it the default behavior
though, and for the sake of simplicity, I made it a app-wide setting,
rather then providing the ability to set it for separate targets.
The feature can be turned on like this:
If true, only requests through the path are allowed; if, for instance
a mounted bookmarkable page is accessed using a URL with a
bookmarkablePage parameter, an error code (request target) will be
issued, so that the client gets:
HTTP ERROR: 403
Direct access not allowed for mounted targets
> While writing Wicket In Action, I thought of a missing feature of URL
> mounting. If you want to protect your application with some URL
> schema, URL mounting would potentially be suitable for that. However,
> mounted resources are currently still available using e.g. a
> bookmarkablePage parameter as well. I think we should come up with
> some way to protect this, maybe by default, so that a mounted request
> target can *only* be reached through that URL.
> WDYT? Any volunteers for implementing this? Shouldn't be too hard, but
> I'm very busy with making the book's deadline myself.