You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Daniele Dellafiore <il...@gmail.com> on 2009/07/02 12:06:45 UTC
WebPage instantiation before asking the AuthorizationStrategy?
Hi everyone. I noticed this strange behavior this way. I mounted
MyPage to /mypage and if IO point to:
http://localhost:8080/myapp/mypage
before being authenticated, instead of being redirected to the
LoginPage I receive a blank page. The reason is in MyPage constructor
I try to access to the user, that is null so I get a NullPointer.
Now, the user is never supposed to be null cause MyPage is a
SecureWebPage so I expect it get instantiated just after being
authenticated.
Now, I made some debug and have seen that the constructor of MyPage is
invoked before any calls to any AuthorizationStrategy method.
This happens for every page!
This sounds strange to me, and to you? I expect
isInstantiationAuthorized to be called before...
--
Daniele Dellafiore
http://blog.ildella.net
http://twitter.com/ildella
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: WebPage instantiation before asking the AuthorizationStrategy?
Posted by Daniele Dellafiore <il...@gmail.com>.
today I have done this
.
I was using a mix of WASP and a custom AuthStrategy. Today I migrated
to 1.4 so I completely remove WASP. Now I have my
AuthorizationStrategy impl with this code:
public boolean isInstantiationAuthorized(Class componentClass) {
if (componentClass.isAnnotationPresent(AuthenticationRequired.class)
&& !isUserAuthenticated()) {
throw new
RestartResponseAtInterceptPageException(BasicWebApplication.get().getLoginPage());
}
return true;
}
so I have a simple annotation on the pages (before they were
SecureWebPage) and a custom isUserAuthenticated method. If fails, I
redirect to login page like was do, but doing this in the
isInstantiationAuthorized prevent the Page contructor code to be
invoked.
it works :)
On Thu, Jul 2, 2009 at 5:39 PM, Igor Vaynberg<ig...@gmail.com> wrote:
> there is no mechanism in pure java that would allow us to intercept an
> instantiation and execute something before that. we could do that with
> aop but that would force whatever aop solution we choose into your
> projects.
>
> so we do the next best thing, we call the auth strategy from the Page
> constructor. what this means is that this is called as soon as you
> instantiate the page but *before* any code in any other subclass
> constructors runs. this is why isinstantiationauthorized gets a class
> and not an instance - because the instance is not yet fully
> constructed.
>
> so the auth code does run *before* your code.
>
> -igor
>
> On Thu, Jul 2, 2009 at 3:06 AM, Daniele Dellafiore<il...@gmail.com> wrote:
>> Hi everyone. I noticed this strange behavior this way. I mounted
>> MyPage to /mypage and if IO point to:
>>
>> http://localhost:8080/myapp/mypage
>>
>> before being authenticated, instead of being redirected to the
>> LoginPage I receive a blank page. The reason is in MyPage constructor
>> I try to access to the user, that is null so I get a NullPointer.
>> Now, the user is never supposed to be null cause MyPage is a
>> SecureWebPage so I expect it get instantiated just after being
>> authenticated.
>>
>> Now, I made some debug and have seen that the constructor of MyPage is
>> invoked before any calls to any AuthorizationStrategy method.
>> This happens for every page!
>>
>> This sounds strange to me, and to you? I expect
>> isInstantiationAuthorized to be called before...
>>
>> --
>> Daniele Dellafiore
>> http://blog.ildella.net
>> http://twitter.com/ildella
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
Daniele Dellafiore
http://blog.ildella.net
http://twitter.com/ildella
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: WebPage instantiation before asking the AuthorizationStrategy?
Posted by Igor Vaynberg <ig...@gmail.com>.
there is no mechanism in pure java that would allow us to intercept an
instantiation and execute something before that. we could do that with
aop but that would force whatever aop solution we choose into your
projects.
so we do the next best thing, we call the auth strategy from the Page
constructor. what this means is that this is called as soon as you
instantiate the page but *before* any code in any other subclass
constructors runs. this is why isinstantiationauthorized gets a class
and not an instance - because the instance is not yet fully
constructed.
so the auth code does run *before* your code.
-igor
On Thu, Jul 2, 2009 at 3:06 AM, Daniele Dellafiore<il...@gmail.com> wrote:
> Hi everyone. I noticed this strange behavior this way. I mounted
> MyPage to /mypage and if IO point to:
>
> http://localhost:8080/myapp/mypage
>
> before being authenticated, instead of being redirected to the
> LoginPage I receive a blank page. The reason is in MyPage constructor
> I try to access to the user, that is null so I get a NullPointer.
> Now, the user is never supposed to be null cause MyPage is a
> SecureWebPage so I expect it get instantiated just after being
> authenticated.
>
> Now, I made some debug and have seen that the constructor of MyPage is
> invoked before any calls to any AuthorizationStrategy method.
> This happens for every page!
>
> This sounds strange to me, and to you? I expect
> isInstantiationAuthorized to be called before...
>
> --
> Daniele Dellafiore
> http://blog.ildella.net
> http://twitter.com/ildella
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org