shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kalle Korhonen <>
Subject Proposed changes to Shiro annotations
Date Fri, 25 Jun 2010 20:24:34 GMT
Related to and some of
the Shiro extensions we ( have made, I'd like to change
@Target(ElementType.METHOD) of all annotations to
@Target({ElementType.TYPE, ElementType.METHOD}). The obvious semantics
of attaching a security annotation to a class is that the same
permission would apply to all method invocations in that class.

SHIRO-175 suggests that we'd deprecate the existing annotations in
favor of RequiresAnyXXX and RequiresAllXXX annotations, forcing to
target 1.1 release for the issue resolution. We could also keep the
existing annotations and pick either ANY or ALL semantics in order to
avoid deprecating anything - not sure which one is better. The current
semantics are unclear, the Javadoc implies ANY for RequiresRoles but
ALL for RequiresPermissions.

Here's what I'd suggest:
- 1.0.1 change @Target to apply to TYPEs as well, fix ambiguity of
current annotations (especially if we decide to keep them)
- 1.1.0 resolve SHIRO-175 and add RequiresAnyXXX and RequiresAllXXX
annotations (and deprecate existing annotations if we choose to do so)

I can handle implementing the changes. Any comments?


View raw message