You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Laszlo Hornyak (JIRA)" <ji...@apache.org> on 2017/06/05 21:43:04 UTC

[jira] [Resolved] (SHIRO-607) AuthorizationAttributeSourceAdvisor ignores type-annotations

     [ https://issues.apache.org/jira/browse/SHIRO-607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Laszlo Hornyak resolved SHIRO-607.
----------------------------------
       Resolution: Fixed
    Fix Version/s: 1.4.0

> AuthorizationAttributeSourceAdvisor ignores type-annotations
> ------------------------------------------------------------
>
>                 Key: SHIRO-607
>                 URL: https://issues.apache.org/jira/browse/SHIRO-607
>             Project: Shiro
>          Issue Type: Bug
>          Components: Integration: Spring
>    Affects Versions: 1.3.2, 1.4.0-RC2
>            Reporter: Laszlo Hornyak
>            Assignee: Les Hazlewood
>              Labels: easyfix, newbie
>             Fix For: 1.4.0
>
>
> The spring integration only checks the method annotations. When the security annotations are on the type, no authentication will be required.
> {code:java}
> @RequiresAuthentication //ignored
> interface Business {
>   //not secured
>   void criticalSomething();
> }
> {code}
> h3. Links
> * Related mailing list thread: [mail archive|http://mail-archives.apache.org/mod_mbox/shiro-user/201612.mbox/%3CCAKRHFXUFKN1Yif94uGMMDoqfZ2d0JuE-zaiV_0SC3MgF9cKs2w%40mail.gmail.com%3E]
> * github [pull request|https://github.com/apache/shiro/pull/54]
> * [a possible workaround|https://github.com/kerubistan/kerub/commit/b843df6ba05f45dc04c41cd8730c7e86398c2aa5]



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)