[ https://issues.apache.org/jira/browse/WICKET-3240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Emberson updated WICKET-3240: ------------------------------------- Priority: Trivial (was: Major) Issue Type: Improvement (was: Bug) Ok, Class authorization overrides Package authorization so its not a bug. One could check if the classAnnotation is null and if it is then and only then attempt to get the packageAnnotation. A little faster but not so important. > AnnotationsRoleAuthorizationStrategy isInstantiationAuthorized > package==false, class==true returns true > ------------------------------------------------------------------------------------------------------- > > Key: WICKET-3240 > URL: https://issues.apache.org/jira/browse/WICKET-3240 > Project: Wicket > Issue Type: Improvement > Components: wicket-auth-roles > Affects Versions: 1.5-M3 > Environment: all > Reporter: Richard Emberson > Priority: Trivial > > In the class AnnotationsRoleAuthorizationStrategy's > isInstantiationAuthorized method if > the package authorization is false but the class authorization is true, then > the user > will be authorized. > Maybe, check the class authorization only if the authorized variable is true. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.