session represents a user's session, while application represents the
application that users access.
-igor
On Sun, Mar 2, 2008 at 11:03 PM, Roberto Fasciolo
<[EMAIL PROTECTED]> wrote:
>
> So, what are the responsibilities of the class org.apache.wicket.Session and
> what's the contract between Session and org.apache.wicket.Application?
>
> I'm asking because to me both them are a bit unclear (and the javadocs can't
> help me in understand them at all).
>
> -Roberto
>
>
>
>
> igor.vaynberg wrote:
> >
> > it is that way so you can have a different auth strategy per session
> > by overriding sesssion.getauthstrat()
> >
> > -igor
> >
> >
> > On Sun, Mar 2, 2008 at 1:57 AM, Roberto Fasciolo
> > <[EMAIL PROTECTED]> wrote:
> >>
> >> Hi,
> >>
> >> while trying profiling and debugging our application (which seems to
> >> have
> >> some memory leak problems) I've found a strange thing in the constructor
> >> of
> >> org.apache.wicket.Application.
> >>
> >> When the object is constructed a new component instantiation listener is
> >> created with this code:
> >>
> >> // Install default component instantiation listener that
> >> uses
> >> // authorization strategy to check component
> >> instantiations.
> >> addComponentInstantiationListener(new
> >> IComponentInstantiationListener()
> >> {
> >> /**
> >> * @see
> >>
> >>
> org.apache.wicket.application.IComponentInstantiationListener#onInstantiation(org.apache.wicket.Component)
> >> */
> >> public void onInstantiation(final Component
> >> component)
> >> {
> >> // If component instantiation is not
> >> authorized
> >> if
> >> (!Session.get().getAuthorizationStrategy().isInstantiationAuthorized(
> >> component.getClass()))
> >> {
> >> // then call any unauthorized
> >> component instantiation
> >> // listener
> >>
> >> getSecuritySettings().getUnauthorizedComponentInstantiationListener()
> >>
> >> .onUnauthorizedInstantiation(component);
> >> }
> >> }
> >> });
> >>
> >>
> >> But while having a look at the Session object I've found out that
> >> getAuthorizationStrategy() is calling back Application:
> >>
> >> /**
> >> * @return The authorization strategy for this session
> >> */
> >> public IAuthorizationStrategy getAuthorizationStrategy()
> >> {
> >> return
> >> getApplication().getSecuritySettings().getAuthorizationStrategy();
> >> }
> >>
> >>
> >> I wonder why it has been implemented in that way. Could this statement:
> >>
> >> if
> >>
> >>
> (!Session.get().getAuthorizationStrategy().isInstantiationAuthorized(component.getClass()))
> >>
> >> be rewritten as:
> >>
> >> if
> >>
> >>
> (!getSecuritySettings().getAuthorizationStrategy().isInstantiationAuthorized(component.getClass()))
> >>
> >> ??
> >>
> >> -Roberto
> >>
> >>
> >>
> >> --
> >> View this message in context:
> >>
> http://www.nabble.com/Strange-thing-in-Application-constructor-tp15786017p15786017.html
> >> Sent from the Wicket - User mailing list archive at Nabble.com.
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Strange-thing-in-Application-constructor-tp15786017p15798693.html
>
>
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
