shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jared Bunting (JIRA)" <j...@apache.org>
Subject [jira] Commented: (SHIRO-243) when method is unauthorized, please include method info in stack trace
Date Thu, 10 Feb 2011 20:57:57 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12993219#comment-12993219
] 

Jared Bunting commented on SHIRO-243:
-------------------------------------

There are subclasses of AuthorizationException.  Wrapping it will also break any attempts
to catch certain subclasses  (UnauthenticatedException for example).

> when method is unauthorized, please include method info in stack trace
> ----------------------------------------------------------------------
>
>                 Key: SHIRO-243
>                 URL: https://issues.apache.org/jira/browse/SHIRO-243
>             Project: Shiro
>          Issue Type: Improvement
>            Reporter: Jim Newsham
>            Assignee: Kalle Korhonen
>            Priority: Minor
>             Fix For: 1.2.0
>
>
> We are using Shiro's annotation-based method authorization support, to enforce security
checks on remotely invoked services.  The problem is that when we get an AuthorizationException,
it doesn't include any information about which particular method failed.  Looks like it would
be really easy to include this in AuthorizingAnnotationMethodInterceptor.assertAuthorized()
as follows:
>   public void assertAuthorized(MethodInvocation method) throws AuthorizationException
{
>     try {
>       ((AuthorizingAnnotationHandler)getHandler()).assertAuthorized(getAnnotation(mi));
>     }
>     catch(AuthorizationException ae) {
>       throw new AuthorizationException("method not authorized: " + method.getMethod(),
ae);
>     }
>   }

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message