this is a security check, so the whole idea is that it is ran before any of the user's code in the constructor which may have side-effects. eg a constructor marking a record as ready to be deleted because a delete panel was instantiated. the class itself should be enough. even if you get an instance you cant use anything in it because its partially constructed. the question is if we do pass an instance how many users will bother reading javadoc? and out of those how many really understand how objects are constructed? i think we should close the issue as wont-fix, reading it "It would be easier to decide if instantiation is authorized if one could access some properties of the component being constructed." which is exactly what you cannot/must not do because the object is only partially initialized, thus proving my point above.
the ComponentInstantiationListener is a very special case where we make an exception. the entire point of this interface is to work with a partially constructed object and most users will never implement their own as opposed to the authorization strategy... -igor On Fri, Dec 20, 2013 at 12:53 AM, Martin Grigorov <mgrigo...@apache.org> wrote: > Hi, > > The reporter of https://issues.apache.org/jira/browse/WICKET-5454 asked to > pass the Component instance > to IAuthorizationStrategy#isInstantiationAuthorized() instead of just its > class. > I have no idea why the API has been designed this way but Carl-Eric gave a > good explanation - the component is not yet fully constructed. > > The thing that bothers me is why it is OK to use the instance in my custom > IComponentInstantiationListener and it is not OK to do the same in > IAuthorizationStrategy#isInstantiationAuthorized() ? > If there is a javadoc explaining the possible problem (as for > IComponentInstantiationListener#onInstantiation()) then it is OK. > > Even more - at > https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/Application.java#L276you > can see that right ater rejecting the *Class* we pass the *instance* > to > the UnauthorizedComponentInstantiationListener! > > > Martin Grigorov > Wicket Training and Consulting
