[JSecurity-Developer] Re: HasPermission default target and actions

[lhazlewood (s. by Nabble.com) <li...@na...>]

I had thought of doing this, but it rubs me the wrong way.

What about the case where a Permission class has a 1 and 2 argument constructor.  If I specify the annotation with just a target/name and no actions, I expect the 1 argument constructor to be called.  That would not happen now since JSecurity automatically assumes the second argument must be defaulted to the wildcard - thereby calling the 2 argument constructor, even if the developer didn't intend that to happen.

If one desires the default behavior (as do I almost all of the time), I think it is better form to have a 1 argument constructor that merely calls the two argument constructor, automatically filling in the second argument as the wildcard.  In fact, the JSecurity InstancePermission already does this.

If one specifies just a name and no actions, and there does not exist a single-argument constructor, this should be a programming error - not something JSecurity 'fixes' behind the scenes.  

That is, I feel it should be the responsibility of the person implementing the Permission class to provide that default behavior if desired (as with InstancePermission), not JSecurity.  By having JSecurity do things they way they are now, we limit flexibilty by enforcing a certain programming paradigm, which I don't favor when implementing a wide-use framework.
--
Sent from the Developer forum at Nabble.com:
http://www.nabble.com/HasPermission-default-target-and-actions-t826978c13668.html#a2148896