Yes an unchecked exception wouldn't impose any try catch blocks. I just wasnt too eager about throwing any kind of exception in the constructor(s). However I am beginning to see that something like this might work. :)
Maurice -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Igor Vaynberg Sent: donderdag 27 oktober 2005 0:52 To: wicket-develop@lists.sourceforge.net Subject: RE: [Wicket-develop] integrating authorization The exception would be unchecked, and we can have a default security violation page that can show a nice error if the user doesnt catch it or doesnt care. Imho this exception is unrecoverable. -Igor > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Maurice Marrink > Sent: Wednesday, October 26, 2005 3:43 PM > To: wicket-develop@lists.sourceforge.net > Subject: RE: [Wicket-develop] integrating authorization > > I agree with johan. > > I also aggre with igor, that pagefactory is not an airtight solution. > However remeber if someone uses setResponsePage(new > MyPage()); they are awaire of what they are doing there and > if needed they can provide there own securitycheck. All we > can try to do is provide a solution for those places he has > no (or little) control over. (like pagefactory). > Also if you put the check in the constructor and you discover > you cant create this object, what will you do? Throw an > exception then people might need to start putting try-catch > clauses around wherever they say new Page() or new Textfield() > > Maurice > > P.S. glad to see finally someone else joined the discussion. > > ________________________________________ > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Johan Compagner > Sent: donderdag 27 oktober 2005 0:29 > To: wicket-develop@lists.sourceforge.net > Subject: Re: [Wicket-develop] integrating authorization > > but what are you going test test there? > if you call in in the base class then almost nothing is > constructed So the only thing you can test is the class name > itself that you are trying to construct. > > Doing this: > > class Base > { > Base() > { > security.allowCreating(this); > } > } > > class Child extends Base > { > > } > > and then making new Child() > Then it security.allowCreation(this) in the base is very bad > programming Because you are giving the security > implementation a object that is not yet constructed completely. > > So allowCreation(Class) or allowCreation(String) is possible > but not with the component itself. > If you call it in the constructor. > > > On 10/27/05, Igor Vaynberg <[EMAIL PROTECTED]> wrote: > > >> What is that allowCreation() ? > > >> when whould that be called? > > > > >In the constructor of component. > > Too late, it needs to be checked on class level before calling any > > constructors. PageFactory would be a good start. > > wicket.Component constructors are the first to be called > whether you are creating a page or component. Why is this too late? > > Forcing users to use the page factory will limit the > usefulness of the framework, since anyone can do > setResponsePage(new MyPage()); and get around > > security checks in the factory. > > -Igor > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by the JBoss Inc. > Get Certified Today * Register for a JBoss Training Course > Free Certification Exam for All Training Attendees Through > End of 2005 Visit http://www.jboss.com/services/certification > for more information _______________________________________________ > Wicket-develop mailing list > Wicket-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-develop > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by the JBoss Inc. > Get Certified Today * Register for a JBoss Training Course > Free Certification Exam for All Training Attendees Through > End of 2005 Visit http://www.jboss.com/services/certification > for more information _______________________________________________ > Wicket-develop mailing list > Wicket-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-develop > > > ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information _______________________________________________ Wicket-develop mailing list Wicket-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-develop ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information _______________________________________________ Wicket-develop mailing list Wicket-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-develop
