svn commit: r1049093 - /wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java

Tue, 14 Dec 2010 06:00:46 -0800 

Author: mgrigorov
Date: Tue Dec 14 14:00:21 2010
New Revision: 1049093

URL: http://svn.apache.org/viewvc?rev=1049093&view=rev
Log:
WICKET-3240 AnnotationsRoleAuthorizationStrategy isInstantiationAuthorized 
package==false, class==true returns true

Little optimization: there is no need to check Package's annotation if the more 
specific one on the Class itself is there.

Modified:
    
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java

Modified: 
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java
URL: 
http://svn.apache.org/viewvc/wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java?rev=1049093&r1=1049092&r2=1049093&view=diff
==============================================================================
--- 
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java
 (original)
+++ 
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java
 Tue Dec 14 14:00:21 2010
@@ -53,24 +53,25 @@ public class AnnotationsRoleAuthorizatio
                // We are authorized unless we are found not to be
                boolean authorized = true;
 
-               // Check package annotation first
-               final Package componentPackage = componentClass.getPackage();
-               if (componentPackage != null)
-               {
-                       final AuthorizeInstantiation packageAnnotation = 
componentPackage.getAnnotation(AuthorizeInstantiation.class);
-                       if (packageAnnotation != null)
-                       {
-                               authorized = hasAny(new 
Roles(packageAnnotation.value()));
-                       }
-               }
-
-               // Check class annotation
+               // Check class annotation first because it is more specific 
than package annotation
                final AuthorizeInstantiation classAnnotation = 
componentClass.getAnnotation(AuthorizeInstantiation.class);
                if (classAnnotation != null)
                {
-                       // If roles are defined for the class, that overrides 
the package
                        authorized = hasAny(new Roles(classAnnotation.value()));
                }
+               else
+               {
+                       // Check package annotation if there is no one on the 
the class
+                       final Package componentPackage = 
componentClass.getPackage();
+                       if (componentPackage != null)
+                       {
+                               final AuthorizeInstantiation packageAnnotation 
= componentPackage.getAnnotation(AuthorizeInstantiation.class);
+                               if (packageAnnotation != null)
+                               {
+                                       authorized = hasAny(new 
Roles(packageAnnotation.value()));
+                               }
+                       }
+               }
 
                return authorized;
        }

Reply via email to