You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by mg...@apache.org on 2010/12/14 15:00:21 UTC

svn commit: r1049093 - /wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java

Author: mgrigorov
Date: Tue Dec 14 14:00:21 2010
New Revision: 1049093

URL: http://svn.apache.org/viewvc?rev=1049093&view=rev
Log:
WICKET-3240 AnnotationsRoleAuthorizationStrategy isInstantiationAuthorized package==false, class==true returns true

Little optimization: there is no need to check Package's annotation if the more specific one on the Class itself is there.

Modified:
    wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java

Modified: wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java
URL: http://svn.apache.org/viewvc/wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java?rev=1049093&r1=1049092&r2=1049093&view=diff
==============================================================================
--- wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java (original)
+++ wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java Tue Dec 14 14:00:21 2010
@@ -53,24 +53,25 @@ public class AnnotationsRoleAuthorizatio
 		// We are authorized unless we are found not to be
 		boolean authorized = true;
 
-		// Check package annotation first
-		final Package componentPackage = componentClass.getPackage();
-		if (componentPackage != null)
-		{
-			final AuthorizeInstantiation packageAnnotation = componentPackage.getAnnotation(AuthorizeInstantiation.class);
-			if (packageAnnotation != null)
-			{
-				authorized = hasAny(new Roles(packageAnnotation.value()));
-			}
-		}
-
-		// Check class annotation
+		// Check class annotation first because it is more specific than package annotation
 		final AuthorizeInstantiation classAnnotation = componentClass.getAnnotation(AuthorizeInstantiation.class);
 		if (classAnnotation != null)
 		{
-			// If roles are defined for the class, that overrides the package
 			authorized = hasAny(new Roles(classAnnotation.value()));
 		}
+		else
+		{
+			// Check package annotation if there is no one on the the class
+			final Package componentPackage = componentClass.getPackage();
+			if (componentPackage != null)
+			{
+				final AuthorizeInstantiation packageAnnotation = componentPackage.getAnnotation(AuthorizeInstantiation.class);
+				if (packageAnnotation != null)
+				{
+					authorized = hasAny(new Roles(packageAnnotation.value()));
+				}
+			}
+		}
 
 		return authorized;
 	}