I agree with johan. I also aggre with igor, that pagefactory is not an airtight solution. However remeber if someone uses setResponsePage(new MyPage()); they are awaire of what they are doing there and if needed they can provide there own securitycheck. All we can try to do is provide a solution for those places he has no (or little) control over. (like pagefactory). Also if you put the check in the constructor and you discover you cant create this object, what will you do? Throw an exception then people might need to start putting try-catch clauses around wherever they say new Page() or new Textfield()
Maurice P.S. glad to see finally someone else joined the discussion. ________________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Johan Compagner Sent: donderdag 27 oktober 2005 0:29 To: wicket-develop@lists.sourceforge.net Subject: Re: [Wicket-develop] integrating authorization but what are you going test test there? if you call in in the base class then almost nothing is constructed So the only thing you can test is the class name itself that you are trying to construct. Doing this: class Base { Base() { security.allowCreating(this); } } class Child extends Base { } and then making new Child() Then it security.allowCreation(this) in the base is very bad programming Because you are giving the security implementation a object that is not yet constructed completely. So allowCreation(Class) or allowCreation(String) is possible but not with the component itself. If you call it in the constructor. On 10/27/05, Igor Vaynberg <[EMAIL PROTECTED]> wrote: > >> What is that allowCreation() ? > >> when whould that be called? > > >In the constructor of component. > Too late, it needs to be checked on class level before > calling any constructors. PageFactory would be a good start. wicket.Component constructors are the first to be called whether you are creating a page or component. Why is this too late? Forcing users to use the page factory will limit the usefulness of the framework, since anyone can do setResponsePage(new MyPage()); and get around security checks in the factory. -Igor ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information _______________________________________________ Wicket-develop mailing list Wicket-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-develop ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information _______________________________________________ Wicket-develop mailing list Wicket-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-develop
