shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: @RequiresRoles interception on class
Date Tue, 17 Jan 2012 07:18:13 GMT
Hi Brian,

What AOP mechanism are you using?  Typically the AOP interception
mechanism needs to check for the existence at the method or class
level and enforce accordingly.

Regards,

Les

On Mon, Jan 16, 2012 at 8:15 AM, Brian M. Carr <bcarr@spredfast.com> wrote:
> Hello all,
>
> I'm working with Shiro 1.1.0 and have a project with a custom realm.  When I add a @RequiresRoles("admin")
annotation to a method in a controller, Shiro correctly intercepts the request, and throws
an expected AuthorizationEception.  However, when I move the annotation up to the class level,
users lacking the "admin" role are granted access without an exception.
>
> The @RequiresRoles annotation has TYPE in it's target, so I was expecting this to work.
 Is this functionality currently available?  If it is available, is there additional configuration
necessary to cause Shiro to intercept all method calls in a class beyond what is needed to
intercept annotated methods?
>
> Thank you,
> --b

Mime
View raw message