shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian M. Carr" <bc...@spredfast.com>
Subject @RequiresRoles interception on class
Date Mon, 16 Jan 2012 16:15:47 GMT
Hello all,

I'm working with Shiro 1.1.0 and have a project with a custom realm.  When I add a @RequiresRoles("admin")
annotation to a method in a controller, Shiro correctly intercepts the request, and throws
an expected AuthorizationEception.  However, when I move the annotation up to the class level,
users lacking the "admin" role are granted access without an exception.

The @RequiresRoles annotation has TYPE in it's target, so I was expecting this to work.  Is
this functionality currently available?  If it is available, is there additional configuration
necessary to cause Shiro to intercept all method calls in a class beyond what is needed to
intercept annotated methods?

Thank you,
--b


Mime
View raw message