You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by Les Hazlewood <lh...@apache.org> on 2011/02/11 00:50:29 UTC
Re: svn commit: r1069617 - /shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java
Nice solution!
On Thu, Feb 10, 2011 at 3:45 PM, <ka...@apache.org> wrote:
> Author: kaosko
> Date: Thu Feb 10 23:45:01 2011
> New Revision: 1069617
>
> URL: http://svn.apache.org/viewvc?rev=1069617&view=rev
> Log:
> RESOLVED - issue SHIRO-243: when method is unauthorized, please include method info in stack trace
> https://issues.apache.org/jira/browse/SHIRO-243
> - second try: instead of wrapping the specific exception into a more generic one, initialize cause of the thrown AuthorizationException in case not set with the message indicating the method name
>
> Modified:
> shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java
>
> Modified: shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java
> URL: http://svn.apache.org/viewvc/shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java?rev=1069617&r1=1069616&r2=1069617&view=diff
> ==============================================================================
> --- shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java (original)
> +++ shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java Thu Feb 10 23:45:01 2011
> @@ -81,6 +81,15 @@ public abstract class AuthorizingAnnotat
> * @throws AuthorizationException if the method invocation is not allowed to continue/execute.
> */
> public void assertAuthorized(MethodInvocation mi) throws AuthorizationException {
> - ((AuthorizingAnnotationHandler)getHandler()).assertAuthorized(getAnnotation(mi));
> + try {
> + ((AuthorizingAnnotationHandler)getHandler()).assertAuthorized(getAnnotation(mi));
> + }
> + catch(AuthorizationException ae) {
> + // Annotation handler doesn't know why it was called, so add the information here if possible.
> + // Don't wrap the exception here since we don't want to mask the specific exception, such as
> + // UnauthenticatedException etc.
> + if (ae.getCause() == null) ae.initCause(new AuthorizationException("Not authorized to invoke method: " + mi.getMethod()));
> + throw ae;
> + }
> }
> }