[ https://issues.apache.org/jira/browse/WICKET-1152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maurice Marrink updated WICKET-1152: ------------------------------------ Fix Version/s: (was: 1.3.4) Remaining Estimate: 0h Original Estimate: 0h I can reproduce this with the following testcase (see bottom). However judging by the code this behavior was never intended. the method unauthorize might be better named removePreviouslyGrantedAuthorization. I will discuss this on the list. public void testRemove2() { WicketTester tester = new WicketTester(); tester.setupRequestAndResponse(); Label label = new Label("label", "text"); Action mambo = new Action("mambo"); MetaDataRoleAuthorizationStrategy strategy = new MetaDataRoleAuthorizationStrategy( new IRoleCheckingStrategy() { public boolean hasAnyRole(Roles roles) { return false; } }); label.setMetaData(MetaDataRoleAuthorizationStrategy.ACTION_PERMISSIONS, new ActionPermissions()); MetaDataRoleAuthorizationStrategy.unauthorize(label, mambo, "johan"); assertFalse(strategy.isActionAuthorized(label, mambo)); tester.processRequestCycle(); tester.destroy(); } > MetaDataRoleAuthorizationStrategy.unauthorize() doesn't work > ------------------------------------------------------------ > > Key: WICKET-1152 > URL: https://issues.apache.org/jira/browse/WICKET-1152 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles > Affects Versions: 1.3.0-rc1 > Reporter: David > Assignee: Maurice Marrink > Original Estimate: 0h > Remaining Estimate: 0h > > Try this: > MetaDataRoleAuthorizationStrategy.unauthorize(this, RENDER, "USER"); > The page will still be rendered for user with USER role. > The following will work fine to prevent rendering by anybody: > MetaDataRoleAuthorizationStrategy.authorize(this, RENDER, ""); -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.