shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jim Newsham (JIRA)" <j...@apache.org>
Subject [jira] Created: (SHIRO-243) when method is unauthorized, please include method info in stack trace
Date Wed, 09 Feb 2011 01:21:57 GMT
when method is unauthorized, please include method info in stack trace
----------------------------------------------------------------------

                 Key: SHIRO-243
                 URL: https://issues.apache.org/jira/browse/SHIRO-243
             Project: Shiro
          Issue Type: Improvement
            Reporter: Jim Newsham
            Priority: Minor


We are using Shiro's annotation-based method authorization support, to enforce security checks
on remotely invoked services.  The problem is that when we get an AuthorizationException,
it doesn't include any information about which particular method failed.  Looks like it would
be really easy to include this in AuthorizingAnnotationMethodInterceptor.assertAuthorized()
as follows:

  public void assertAuthorized(MethodInvocation method) throws AuthorizationException {
    try {
      ((AuthorizingAnnotationHandler)getHandler()).assertAuthorized(getAnnotation(mi));
    }
    catch(AuthorizationException ae) {
      throw new AuthorizationException("method not authorized: " + method.getMethod(), ae);
    }
  }


-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message