During Wicket integration I found that securityInterceptor stops execution of bean toString() method when user is not stil logged in.
My bean is annotated with
@Restrict("#{identity.loggedIn}")
and getRestriction method checks only lifecycle methods in order to bypass the security control.
I think it would be useful to not execute any control on toString() method.
For istance the problem arises when (Wicket-1.3.1) the following trace of onFieldMatch method of InProcessor class is invoked:
logger.debug("Inject field: " + subject.getClass().getName() + "." + field.getName() + " = " + proxy);
regards