there is no mechanism in pure java that would allow us to intercept an
instantiation and execute something before that. we could do that with
aop but that would force whatever aop solution we choose into your

so we do the next best thing, we call the auth strategy from the Page
constructor. what this means is that this is called as soon as you
instantiate the page but *before* any code in any other subclass
constructors runs. this is why isinstantiationauthorized gets a class
and not an instance - because the instance is not yet fully

so the auth code does run *before* your code.


On Thu, Jul 2, 2009 at 3:06 AM, Daniele Dellafiore<> wrote:
> Hi everyone. I noticed this strange behavior this way. I mounted
> MyPage to /mypage and if IO point to:
> http://localhost:8080/myapp/mypage
> before being authenticated, instead of being redirected to the
> LoginPage I receive a blank page. The reason is in MyPage constructor
> I try to access to the user, that is null so I get a NullPointer.
> Now, the user is never supposed to be null cause MyPage is a
> SecureWebPage so I expect it get instantiated just after being
> authenticated.
> Now, I made some debug and have seen that the constructor of MyPage is
> invoked before any calls to any AuthorizationStrategy method.
> This happens for every page!
> This sounds strange to me, and to you? I expect
> isInstantiationAuthorized to be called before...
> --
> Daniele Dellafiore
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to