Bugg i introducerad (men nu fixad) iom. att bara pages undersöks efter instantieringsrättigheter

git-svn-id: svn://svn.dsv.su.se/scipro/scipro/trunk@252 73ecded7-942e-4092-bab0-0e58ef0ee984
2011-02-28 11:49:39 +00:00 · 2011-02-28 11:49:39 +00:00 · 97e7e5fa80
commit 97e7e5fa80
parent ed4075cb6c
1 changed files with 7 additions and 4 deletions
--- a/src/main/java/se/su/dsv/scipro/security/auth/RoleBasedAuthorizationStrategy.java
+++ b/src/main/java/se/su/dsv/scipro/security/auth/RoleBasedAuthorizationStrategy.java
@ -69,10 +69,7 @@ public class RoleBasedAuthorizationStrategy implements IAuthorizationStrategy {
 	}

 	public <T extends Component> boolean isInstantiationAuthorized(Class<T> componentClass) {
-		//We only check pages for instantiation authorization, other components are handled via ActionAuthorization 
-		if(!(componentClass.isAssignableFrom(Page.class)))
-			return true;
-		
+				
 		//Not annotated classes aren't checked further
 		Authorization annotation = (Authorization) componentClass.getAnnotation(Authorization.class);
 		if (annotation != null) {
@ -80,9 +77,15 @@ public class RoleBasedAuthorizationStrategy implements IAuthorizationStrategy {
 			//If component doesn't require login anyone may do it any time
 			if( !annotation.requiresLoggedInUser() )
 				return true;
+			
 			//If page requires login and user isn't logged in, send them to login page first
 			if( annotation.requiresLoggedInUser() && !SciProSession.get().isLoggedIn())				
 				throw new RestartResponseAtInterceptPageException(LoginPage.class);
+			
+			//We only check pages for instantiation authorization, other components are handled via ActionAuthorization 
+			if(!(componentClass.isAssignableFrom(Page.class)))
+				return true;
+			
 			//Check the users role for authorization to instantiate the component
 			for(Roles role : annotation.authorizedRoles()){
 				if( SciProSession.get().authorizedForRole(role) )