Re: Strange thing in Application constructor

Sun, 02 Mar 2008 09:26:10 -0800 

it is that way so you can have a different auth strategy per session
by overriding sesssion.getauthstrat()

-igor


On Sun, Mar 2, 2008 at 1:57 AM, Roberto Fasciolo
<[EMAIL PROTECTED]> wrote:
>
>  Hi,
>
>  while trying profiling and debugging our application (which seems to have
>  some memory leak problems) I've found a strange thing in the constructor of
>  org.apache.wicket.Application.
>
>  When the object is constructed a new component instantiation listener is
>  created with this code:
>
>                 // Install default component instantiation listener that uses
>                 // authorization strategy to check component instantiations.
>                 addComponentInstantiationListener(new 
> IComponentInstantiationListener()
>                 {
>                         /**
>                          * @see
>  
> org.apache.wicket.application.IComponentInstantiationListener#onInstantiation(org.apache.wicket.Component)
>                          */
>                         public void onInstantiation(final Component component)
>                         {
>                                 // If component instantiation is not 
> authorized
>                                 if 
> (!Session.get().getAuthorizationStrategy().isInstantiationAuthorized(
>                                         component.getClass()))
>                                 {
>                                         // then call any unauthorized 
> component instantiation
>                                         // listener
>                                         
> getSecuritySettings().getUnauthorizedComponentInstantiationListener()
>                                                 
> .onUnauthorizedInstantiation(component);
>                                 }
>                         }
>                 });
>
>
>  But while having a look at the Session object I've found out that
>  getAuthorizationStrategy() is calling back Application:
>
>         /**
>          * @return The authorization strategy for this session
>          */
>         public IAuthorizationStrategy getAuthorizationStrategy()
>         {
>                 return 
> getApplication().getSecuritySettings().getAuthorizationStrategy();
>         }
>
>
>  I wonder why it has been implemented in that way. Could this statement:
>
>  if
>  
> (!Session.get().getAuthorizationStrategy().isInstantiationAuthorized(component.getClass()))
>
>  be rewritten as:
>
>  if
>  
> (!getSecuritySettings().getAuthorizationStrategy().isInstantiationAuthorized(component.getClass()))
>
>  ??
>
>  -Roberto
>
>
>
>  --
>  View this message in context: 
> http://www.nabble.com/Strange-thing-in-Application-constructor-tp15786017p15786017.html
>  Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
>  ---------------------------------------------------------------------
>  To unsubscribe, e-mail: [EMAIL PROTECTED]
>  For additional commands, e-mail: [EMAIL PROTECTED]
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to