> Why don't you use annotations for that? Something like @PublicPage? If the > page hasn't it, it is protected. > > Unless there are pages that need some internal logic to decide if they're > public or protected (hence an interface with a isPublic() method), > annotations are a better solution for the problem.
I wanted to make it easy for the developer to have advanced control on who gets access to the page. For the PublicPage this is not so much an issue. For the ProtectedPage the developer can implement/override the isAccessAllowed method. On some pages we need more advanced control on who gets access. Users of our system are typically employees of an organisation and the organisation can decide which modules are accessible to its employees. So for some pages I have more complex rules than simple role-checking. By subclasses/overriding I can put all that logic in a single place on the page. This gives us more freedom. You are right though, if role-checking is all you want, you can indeed use a simple annotation-based system. regards, Onno
