Carl-Eric Menzel created WICKET-5308:
----------------------------------------
Summary: AuthenticatedWebSession#authenticate should be protected,
not public
Key: WICKET-5308
URL: https://issues.apache.org/jira/browse/WICKET-5308
Project: Wicket
Issue Type: Bug
Components: wicket-auth-roles
Affects Versions: 6.9.1, 7.0.0
Reporter: Carl-Eric Menzel
Fix For: 7.0.0, 6.10.0
A common source of confusion in trainings is that when implementing security
using wicket-auth-roles, you have to implement #authenticate in your own
session class, but in the login form's #onSubmit you have to call #signIn.
Both #authenticate and #signIn are public and both have identical signatures.
Their names mean basically the same thing too. This is rather error-prone.
I propose changing the visibility of #authenticate to protected. That way, it
will still work the same as it does now, except it won't show up in
code-completion anymore and won't compete with #signIn anymore.
This should not be an API break, since #authenticate is abstract anyway and is
always implemented in user code. Raising visibility from protected to public is
always legal, so user code should not break from this change.
Opinions?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
