Author: mgrigorov Date: Tue Dec 14 14:00:21 2010 New Revision: 1049093 URL: http://svn.apache.org/viewvc?rev=1049093&view=rev Log: WICKET-3240 AnnotationsRoleAuthorizationStrategy isInstantiationAuthorized package==false, class==true returns true
Little optimization: there is no need to check Package's annotation if the more specific one on the Class itself is there. Modified: wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java Modified: wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java URL: http://svn.apache.org/viewvc/wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java?rev=1049093&r1=1049092&r2=1049093&view=diff ============================================================================== --- wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java (original) +++ wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java Tue Dec 14 14:00:21 2010 @@ -53,24 +53,25 @@ public class AnnotationsRoleAuthorizatio // We are authorized unless we are found not to be boolean authorized = true; - // Check package annotation first - final Package componentPackage = componentClass.getPackage(); - if (componentPackage != null) - { - final AuthorizeInstantiation packageAnnotation = componentPackage.getAnnotation(AuthorizeInstantiation.class); - if (packageAnnotation != null) - { - authorized = hasAny(new Roles(packageAnnotation.value())); - } - } - - // Check class annotation + // Check class annotation first because it is more specific than package annotation final AuthorizeInstantiation classAnnotation = componentClass.getAnnotation(AuthorizeInstantiation.class); if (classAnnotation != null) { - // If roles are defined for the class, that overrides the package authorized = hasAny(new Roles(classAnnotation.value())); } + else + { + // Check package annotation if there is no one on the the class + final Package componentPackage = componentClass.getPackage(); + if (componentPackage != null) + { + final AuthorizeInstantiation packageAnnotation = componentPackage.getAnnotation(AuthorizeInstantiation.class); + if (packageAnnotation != null) + { + authorized = hasAny(new Roles(packageAnnotation.value())); + } + } + } return authorized; }