You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Laszlo Hornyak (JIRA)" <ji...@apache.org> on 2017/06/05 21:43:04 UTC
[jira] [Resolved] (SHIRO-607) AuthorizationAttributeSourceAdvisor
ignores type-annotations
[ https://issues.apache.org/jira/browse/SHIRO-607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Laszlo Hornyak resolved SHIRO-607.
----------------------------------
Resolution: Fixed
Fix Version/s: 1.4.0
> AuthorizationAttributeSourceAdvisor ignores type-annotations
> ------------------------------------------------------------
>
> Key: SHIRO-607
> URL: https://issues.apache.org/jira/browse/SHIRO-607
> Project: Shiro
> Issue Type: Bug
> Components: Integration: Spring
> Affects Versions: 1.3.2, 1.4.0-RC2
> Reporter: Laszlo Hornyak
> Assignee: Les Hazlewood
> Labels: easyfix, newbie
> Fix For: 1.4.0
>
>
> The spring integration only checks the method annotations. When the security annotations are on the type, no authentication will be required.
> {code:java}
> @RequiresAuthentication //ignored
> interface Business {
> //not secured
> void criticalSomething();
> }
> {code}
> h3. Links
> * Related mailing list thread: [mail archive|http://mail-archives.apache.org/mod_mbox/shiro-user/201612.mbox/%3CCAKRHFXUFKN1Yif94uGMMDoqfZ2d0JuE-zaiV_0SC3MgF9cKs2w%40mail.gmail.com%3E]
> * github [pull request|https://github.com/apache/shiro/pull/54]
> * [a possible workaround|https://github.com/kerubistan/kerub/commit/b843df6ba05f45dc04c41cd8730c7e86398c2aa5]
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)