WebPage instantiation before asking the AuthorizationStrategy?
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
WebPage instantiation before asking the AuthorizationStrategy?
by Daniele Dellafiore
::
Rate this Message:
Hi everyone. I noticed this strange behavior this way. I mounted
MyPage to /mypage and if IO point to: http://localhost:8080/myapp/mypage before being authenticated, instead of being redirected to the LoginPage I receive a blank page. The reason is in MyPage constructor I try to access to the user, that is null so I get a NullPointer. Now, the user is never supposed to be null cause MyPage is a SecureWebPage so I expect it get instantiated just after being authenticated. Now, I made some debug and have seen that the constructor of MyPage is invoked before any calls to any AuthorizationStrategy method. This happens for every page! This sounds strange to me, and to you? I expect isInstantiationAuthorized to be called before... -- Daniele Dellafiore http://blog.ildella.net http://twitter.com/ildella --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: WebPage instantiation before asking the AuthorizationStrategy?
by igor.vaynberg
::
Rate this Message:
there is no mechanism in pure java that would allow us to intercept an
instantiation and execute something before that. we could do that with aop but that would force whatever aop solution we choose into your projects. so we do the next best thing, we call the auth strategy from the Page constructor. what this means is that this is called as soon as you instantiate the page but *before* any code in any other subclass constructors runs. this is why isinstantiationauthorized gets a class and not an instance - because the instance is not yet fully constructed. so the auth code does run *before* your code. -igor On Thu, Jul 2, 2009 at 3:06 AM, Daniele Dellafiore<ildella@...> wrote: > Hi everyone. I noticed this strange behavior this way. I mounted > MyPage to /mypage and if IO point to: > > http://localhost:8080/myapp/mypage > > before being authenticated, instead of being redirected to the > LoginPage I receive a blank page. The reason is in MyPage constructor > I try to access to the user, that is null so I get a NullPointer. > Now, the user is never supposed to be null cause MyPage is a > SecureWebPage so I expect it get instantiated just after being > authenticated. > > Now, I made some debug and have seen that the constructor of MyPage is > invoked before any calls to any AuthorizationStrategy method. > This happens for every page! > > This sounds strange to me, and to you? I expect > isInstantiationAuthorized to be called before... > > -- > Daniele Dellafiore > http://blog.ildella.net > http://twitter.com/ildella > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@... > For additional commands, e-mail: users-help@... > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: WebPage instantiation before asking the AuthorizationStrategy?
by Daniele Dellafiore
::
Rate this Message:
today I have done this
. I was using a mix of WASP and a custom AuthStrategy. Today I migrated to 1.4 so I completely remove WASP. Now I have my AuthorizationStrategy impl with this code: public boolean isInstantiationAuthorized(Class componentClass) { if (componentClass.isAnnotationPresent(AuthenticationRequired.class) && !isUserAuthenticated()) { throw new RestartResponseAtInterceptPageException(BasicWebApplication.get().getLoginPage()); } return true; } so I have a simple annotation on the pages (before they were SecureWebPage) and a custom isUserAuthenticated method. If fails, I redirect to login page like was do, but doing this in the isInstantiationAuthorized prevent the Page contructor code to be invoked. it works :) On Thu, Jul 2, 2009 at 5:39 PM, Igor Vaynberg<igor.vaynberg@...> wrote: > there is no mechanism in pure java that would allow us to intercept an > instantiation and execute something before that. we could do that with > aop but that would force whatever aop solution we choose into your > projects. > > so we do the next best thing, we call the auth strategy from the Page > constructor. what this means is that this is called as soon as you > instantiate the page but *before* any code in any other subclass > constructors runs. this is why isinstantiationauthorized gets a class > and not an instance - because the instance is not yet fully > constructed. > > so the auth code does run *before* your code. > > -igor > > On Thu, Jul 2, 2009 at 3:06 AM, Daniele Dellafiore<ildella@...> wrote: >> Hi everyone. I noticed this strange behavior this way. I mounted >> MyPage to /mypage and if IO point to: >> >> http://localhost:8080/myapp/mypage >> >> before being authenticated, instead of being redirected to the >> LoginPage I receive a blank page. The reason is in MyPage constructor >> I try to access to the user, that is null so I get a NullPointer. >> Now, the user is never supposed to be null cause MyPage is a >> SecureWebPage so I expect it get instantiated just after being >> authenticated. >> >> Now, I made some debug and have seen that the constructor of MyPage is >> invoked before any calls to any AuthorizationStrategy method. >> This happens for every page! >> >> This sounds strange to me, and to you? I expect >> isInstantiationAuthorized to be called before... >> >> -- >> Daniele Dellafiore >> http://blog.ildella.net >> http://twitter.com/ildella >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@... >> For additional commands, e-mail: users-help@... >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@... > For additional commands, e-mail: users-help@... > > -- Daniele Dellafiore http://blog.ildella.net http://twitter.com/ildella --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
| Free embeddable forum powered by Nabble | Forum Help |
