today I have done this
.
I was using a mix of WASP and a custom AuthStrategy. Today I migrated
to 1.4 so I completely remove WASP. Now I have my
AuthorizationStrategy impl with this code:
public boolean isInstantiationAuthorized(Class componentClass) {
if (componentClass.isAnnotationPresent(AuthenticationRequired.class)
&& !isUserAuthenticated()) {
throw new
RestartResponseAtInterceptPageException(BasicWebApplication.get().getLoginPage());
}
return true;
}
so I have a simple annotation on the pages (before they were
SecureWebPage) and a custom isUserAuthenticated method. If fails, I
redirect to login page like was do, but doing this in the
isInstantiationAuthorized prevent the Page contructor code to be
invoked.
it works :)
On Thu, Jul 2, 2009 at 5:39 PM, Igor Vaynberg<[email protected]> wrote:
> there is no mechanism in pure java that would allow us to intercept an
> instantiation and execute something before that. we could do that with
> aop but that would force whatever aop solution we choose into your
> projects.
>
> so we do the next best thing, we call the auth strategy from the Page
> constructor. what this means is that this is called as soon as you
> instantiate the page but *before* any code in any other subclass
> constructors runs. this is why isinstantiationauthorized gets a class
> and not an instance - because the instance is not yet fully
> constructed.
>
> so the auth code does run *before* your code.
>
> -igor
>
> On Thu, Jul 2, 2009 at 3:06 AM, Daniele Dellafiore<[email protected]> wrote:
>> Hi everyone. I noticed this strange behavior this way. I mounted
>> MyPage to /mypage and if IO point to:
>>
>> http://localhost:8080/myapp/mypage
>>
>> before being authenticated, instead of being redirected to the
>> LoginPage I receive a blank page. The reason is in MyPage constructor
>> I try to access to the user, that is null so I get a NullPointer.
>> Now, the user is never supposed to be null cause MyPage is a
>> SecureWebPage so I expect it get instantiated just after being
>> authenticated.
>>
>> Now, I made some debug and have seen that the constructor of MyPage is
>> invoked before any calls to any AuthorizationStrategy method.
>> This happens for every page!
>>
>> This sounds strange to me, and to you? I expect
>> isInstantiationAuthorized to be called before...
>>
>> --
>> Daniele Dellafiore
>> http://blog.ildella.net
>> http://twitter.com/ildella
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
--
Daniele Dellafiore
http://blog.ildella.net
http://twitter.com/ildella
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
