You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Carl-Eric Menzel (JIRA)" <ji...@apache.org> on 2013/08/07 19:34:49 UTC
[jira] [Updated] (WICKET-5308) AuthenticatedWebSession#authenticate
should be protected, not public
[ https://issues.apache.org/jira/browse/WICKET-5308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carl-Eric Menzel updated WICKET-5308:
-------------------------------------
Fix Version/s: (was: 6.10.0)
> AuthenticatedWebSession#authenticate should be protected, not public
> --------------------------------------------------------------------
>
> Key: WICKET-5308
> URL: https://issues.apache.org/jira/browse/WICKET-5308
> Project: Wicket
> Issue Type: Bug
> Components: wicket-auth-roles
> Affects Versions: 7.0.0, 6.9.1
> Reporter: Carl-Eric Menzel
> Fix For: 7.0.0
>
>
> A common source of confusion in trainings is that when implementing security using wicket-auth-roles, you have to implement #authenticate in your own session class, but in the login form's #onSubmit you have to call #signIn.
> Both #authenticate and #signIn are public and both have identical signatures. Their names mean basically the same thing too. This is rather error-prone.
> I propose changing the visibility of #authenticate to protected. That way, it will still work the same as it does now, except it won't show up in code-completion anymore and won't compete with #signIn anymore.
> This should not be an API break, since #authenticate is abstract anyway and is always implemented in user code. Raising visibility from protected to public is always legal, so user code should not break from this change.
> Opinions?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira