incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Murray Altheim <>
Subject Re: Classmapping and final classes
Date Mon, 21 Jan 2008 20:49:46 GMT
Janne Jalkanen wrote:
> On 21 Jan 2008, at 21:05, Andrew Jaquith wrote:
>> I cannot imagine a class with more security implications than 
>> AuthorizationManager (or AuthenticationManager), can you? :)
> Having said that, I'm all for having a proper developer API and 
> correctly designed extension mechanisms, and use cases and plans and 
> roadmaps and releases and requirements management and all that jazz, but 
> to me it feels somewhat odd to say to an open source hacker that "you 
> can't extend it because we want you to extend only things that we have 
> decided to be extensible."


But it might be remarked that people (including myself) have been able
to extend and embed JSPWiki without this modification. I've been doing
it for several years now, and while my methods have changed it's
certainly possible without hacking so deeply. I tend to agree with
Andrew, i.e., not mess with security unless necessary, and this isn't
(to my understanding) necessary in the core code. Yes, if someone wants
to hack it, let *them* remove the 'final' declarations.


Murray Altheim <murray07 at>                           ===  = =                                     = =  ===
SGML Grease Monkey, Banjo Player, Wantanabe Zen Monk               = =  = =

       Boundless wind and moon - the eye within eyes,
       Inexhaustible heaven and earth - the light beyond light,
       The willow dark, the flower bright - ten thousand houses,
       Knock at any door - there's one who will respond.
                                       -- The Blue Cliff Record

View raw message