Carl-Eric Menzel created WICKET-5308: ----------------------------------------
Summary: AuthenticatedWebSession#authenticate should be protected, not public Key: WICKET-5308 URL: https://issues.apache.org/jira/browse/WICKET-5308 Project: Wicket Issue Type: Bug Components: wicket-auth-roles Affects Versions: 6.9.1, 7.0.0 Reporter: Carl-Eric Menzel Fix For: 7.0.0, 6.10.0 A common source of confusion in trainings is that when implementing security using wicket-auth-roles, you have to implement #authenticate in your own session class, but in the login form's #onSubmit you have to call #signIn. Both #authenticate and #signIn are public and both have identical signatures. Their names mean basically the same thing too. This is rather error-prone. I propose changing the visibility of #authenticate to protected. That way, it will still work the same as it does now, except it won't show up in code-completion anymore and won't compete with #signIn anymore. This should not be an API break, since #authenticate is abstract anyway and is always implemented in user code. Raising visibility from protected to public is always legal, so user code should not break from this change. Opinions? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira