wicket-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maurice Marrink" <marr...@gmail.com>
Subject Re: Strange thing in Application constructor
Date Sun, 02 Mar 2008 17:30:44 GMT
Swarm for instances uses the "strategy per session" technique to also
store the user credentials in the strategy.

Maurice

On Sun, Mar 2, 2008 at 6:25 PM, Igor Vaynberg <igor.vaynberg@gmail.com> wrote:
> it is that way so you can have a different auth strategy per session
>  by overriding sesssion.getauthstrat()
>
>  -igor
>
>
>
>
>  On Sun, Mar 2, 2008 at 1:57 AM, Roberto Fasciolo
>  <roberto.fasciolo@eget.fi> wrote:
>  >
>  >  Hi,
>  >
>  >  while trying profiling and debugging our application (which seems to have
>  >  some memory leak problems) I've found a strange thing in the constructor of
>  >  org.apache.wicket.Application.
>  >
>  >  When the object is constructed a new component instantiation listener is
>  >  created with this code:
>  >
>  >                 // Install default component instantiation listener that uses
>  >                 // authorization strategy to check component instantiations.
>  >                 addComponentInstantiationListener(new IComponentInstantiationListener()
>  >                 {
>  >                         /**
>  >                          * @see
>  >  org.apache.wicket.application.IComponentInstantiationListener#onInstantiation(org.apache.wicket.Component)
>  >                          */
>  >                         public void onInstantiation(final Component component)
>  >                         {
>  >                                 // If component instantiation is not authorized
>  >                                 if (!Session.get().getAuthorizationStrategy().isInstantiationAuthorized(
>  >                                         component.getClass()))
>  >                                 {
>  >                                         // then call any unauthorized component
instantiation
>  >                                         // listener
>  >                                         getSecuritySettings().getUnauthorizedComponentInstantiationListener()
>  >                                                 .onUnauthorizedInstantiation(component);
>  >                                 }
>  >                         }
>  >                 });
>  >
>  >
>  >  But while having a look at the Session object I've found out that
>  >  getAuthorizationStrategy() is calling back Application:
>  >
>  >         /**
>  >          * @return The authorization strategy for this session
>  >          */
>  >         public IAuthorizationStrategy getAuthorizationStrategy()
>  >         {
>  >                 return getApplication().getSecuritySettings().getAuthorizationStrategy();
>  >         }
>  >
>  >
>  >  I wonder why it has been implemented in that way. Could this statement:
>  >
>  >  if
>  >  (!Session.get().getAuthorizationStrategy().isInstantiationAuthorized(component.getClass()))
>  >
>  >  be rewritten as:
>  >
>  >  if
>  >  (!getSecuritySettings().getAuthorizationStrategy().isInstantiationAuthorized(component.getClass()))
>  >
>  >  ??
>  >
>  >  -Roberto
>  >
>  >
>  >
>  >  --
>  >  View this message in context: http://www.nabble.com/Strange-thing-in-Application-constructor-tp15786017p15786017.html
>  >  Sent from the Wicket - User mailing list archive at Nabble.com.
>  >
>  >
>  >  ---------------------------------------------------------------------
>  >  To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>  >  For additional commands, e-mail: users-help@wicket.apache.org
>  >
>  >
>
>  ---------------------------------------------------------------------
>  To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>  For additional commands, e-mail: users-help@wicket.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org


Mime
View raw message