Dunno. What's wrong with having possibility for authentication
strategy per session? I don't like API bloat, but I can imagine a good
usecase for this.
-Matej
On 9/16/07, Eelco Hillenius [EMAIL PROTECTED] wrote:
Hey,
Do we have a very good reason for having getAuthorizationStrategy in
Session? By default, this just does
getApplication().getSecuritySettings().getAuthorizationStrategy();
I'm revising the chapter on authorization currently, and it just looks
yacni to me. In the probably rare case that you want to vary the
strategy by session, you can just do this with the strategy itself.
Is anyone against me removing this method, and change:
addComponentInstantiationListener(new IComponentInstantiationListener() {
public void onInstantiation(final Component component) {
if (!Session.get().getAuthorizationStrategy()
.isInstantiationAuthorized(component.getClass())) {
getSecuritySettings()
.getUnauthorizedComponentInstantiationListener()
.onUnauthorizedInstantiation(component);
}
}
});
to
addComponentInstantiationListener(new IComponentInstantiationListener() {
public void onInstantiation(final Component component) {
if (!getSecuritySettings().getAuthorizationStrategy()
.isInstantiationAuthorized(component.getClass())) {
getSecuritySettings()
.getUnauthorizedComponentInstantiationListener()
.onUnauthorizedInstantiation(component);
}
}
});
?
Eelco
