Thanks Igor for making my point much better than I did. I agree 100%. Carl-Eric
On Fri, 20 Dec 2013 08:14:27 -0800 Igor Vaynberg <[email protected]> wrote: > this is a security check, so the whole idea is that it is ran before > any of the user's code in the constructor which may have side-effects. > eg a constructor marking a record as ready to be deleted because a > delete panel was instantiated. the class itself should be enough. even > if you get an instance you cant use anything in it because its > partially constructed. the question is if we do pass an instance how > many users will bother reading javadoc? and out of those how many > really understand how objects are constructed? i think we should close > the issue as wont-fix, reading it "It would be easier to decide if > instantiation is authorized if one could access some properties of the > component being constructed." which is exactly what you cannot/must > not do because the object is only partially initialized, thus proving > my point above. > > the ComponentInstantiationListener is a very special case where we > make an exception. the entire point of this interface is to work with > a partially constructed object and most users will never implement > their own as opposed to the authorization strategy... > > -igor > > > On Fri, Dec 20, 2013 at 12:53 AM, Martin Grigorov > <[email protected]> wrote: > > Hi, > > > > The reporter of https://issues.apache.org/jira/browse/WICKET-5454 > > asked to pass the Component instance > > to IAuthorizationStrategy#isInstantiationAuthorized() instead of > > just its class. > > I have no idea why the API has been designed this way but Carl-Eric > > gave a good explanation - the component is not yet fully > > constructed. > > > > The thing that bothers me is why it is OK to use the instance in my > > custom IComponentInstantiationListener and it is not OK to do the > > same in IAuthorizationStrategy#isInstantiationAuthorized() ? > > If there is a javadoc explaining the possible problem (as for > > IComponentInstantiationListener#onInstantiation()) then it is OK. > > > > Even more - at > > https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/Application.java#L276you > > can see that right ater rejecting the *Class* we pass the *instance* > > to > > the UnauthorizedComponentInstantiationListener! > > > > > > Martin Grigorov > > Wicket Training and Consulting
