[
https://issues.apache.org/jira/browse/WICKET-5308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Grigorov updated WICKET-5308:
------------------------------------
Assignee: Carl-Eric Menzel
> AuthenticatedWebSession#authenticate should be protected, not public
> --------------------------------------------------------------------
>
> Key: WICKET-5308
> URL: https://issues.apache.org/jira/browse/WICKET-5308
> Project: Wicket
> Issue Type: Bug
> Components: wicket-auth-roles
> Affects Versions: 6.9.1, 7.0.0
> Reporter: Carl-Eric Menzel
> Assignee: Carl-Eric Menzel
> Fix For: 7.0.0
>
>
> A common source of confusion in trainings is that when implementing security
> using wicket-auth-roles, you have to implement #authenticate in your own
> session class, but in the login form's #onSubmit you have to call #signIn.
> Both #authenticate and #signIn are public and both have identical signatures.
> Their names mean basically the same thing too. This is rather error-prone.
> I propose changing the visibility of #authenticate to protected. That way, it
> will still work the same as it does now, except it won't show up in
> code-completion anymore and won't compete with #signIn anymore.
> This should not be an API break, since #authenticate is abstract anyway and
> is always implemented in user code. Raising visibility from protected to
> public is always legal, so user code should not break from this change.
> Opinions?
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
