[
https://issues.apache.org/jira/browse/WICKET-5308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13732155#comment-13732155
]
Carl-Eric Menzel commented on WICKET-5308:
------------------------------------------
[mode: nitpick!] That means that technically it's not an API break but a bug in
clirr ;-)
That said, I don't mind if we skip this for 6.x and just put it in 7.
> AuthenticatedWebSession#authenticate should be protected, not public
> --------------------------------------------------------------------
>
> Key: WICKET-5308
> URL: https://issues.apache.org/jira/browse/WICKET-5308
> Project: Wicket
> Issue Type: Bug
> Components: wicket-auth-roles
> Affects Versions: 7.0.0, 6.9.1
> Reporter: Carl-Eric Menzel
> Fix For: 7.0.0, 6.10.0
>
>
> A common source of confusion in trainings is that when implementing security
> using wicket-auth-roles, you have to implement #authenticate in your own
> session class, but in the login form's #onSubmit you have to call #signIn.
> Both #authenticate and #signIn are public and both have identical signatures.
> Their names mean basically the same thing too. This is rather error-prone.
> I propose changing the visibility of #authenticate to protected. That way, it
> will still work the same as it does now, except it won't show up in
> code-completion anymore and won't compete with #signIn anymore.
> This should not be an API break, since #authenticate is abstract anyway and
> is always implemented in user code. Raising visibility from protected to
> public is always legal, so user code should not break from this change.
> Opinions?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
