You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by mg...@apache.org on 2010/12/14 15:00:21 UTC
svn commit: r1049093 -
/wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java
Author: mgrigorov
Date: Tue Dec 14 14:00:21 2010
New Revision: 1049093
URL: http://svn.apache.org/viewvc?rev=1049093&view=rev
Log:
WICKET-3240 AnnotationsRoleAuthorizationStrategy isInstantiationAuthorized package==false, class==true returns true
Little optimization: there is no need to check Package's annotation if the more specific one on the Class itself is there.
Modified:
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java
Modified: wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java
URL: http://svn.apache.org/viewvc/wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java?rev=1049093&r1=1049092&r2=1049093&view=diff
==============================================================================
--- wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java (original)
+++ wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java Tue Dec 14 14:00:21 2010
@@ -53,24 +53,25 @@ public class AnnotationsRoleAuthorizatio
// We are authorized unless we are found not to be
boolean authorized = true;
- // Check package annotation first
- final Package componentPackage = componentClass.getPackage();
- if (componentPackage != null)
- {
- final AuthorizeInstantiation packageAnnotation = componentPackage.getAnnotation(AuthorizeInstantiation.class);
- if (packageAnnotation != null)
- {
- authorized = hasAny(new Roles(packageAnnotation.value()));
- }
- }
-
- // Check class annotation
+ // Check class annotation first because it is more specific than package annotation
final AuthorizeInstantiation classAnnotation = componentClass.getAnnotation(AuthorizeInstantiation.class);
if (classAnnotation != null)
{
- // If roles are defined for the class, that overrides the package
authorized = hasAny(new Roles(classAnnotation.value()));
}
+ else
+ {
+ // Check package annotation if there is no one on the the class
+ final Package componentPackage = componentClass.getPackage();
+ if (componentPackage != null)
+ {
+ final AuthorizeInstantiation packageAnnotation = componentPackage.getAnnotation(AuthorizeInstantiation.class);
+ if (packageAnnotation != null)
+ {
+ authorized = hasAny(new Roles(packageAnnotation.value()));
+ }
+ }
+ }
return authorized;
}