You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by mm...@wernervas.com on 2011/08/10 16:49:29 UTC

Performing Shiro Authorization Checks inside a Struts2 Action Class

Hello,

I've been tasked with implementing the shiro authorization framework in 
struts2. 

Struts will ignore the shiro annotations which is expected . 

Example:

public class AccountAction extends ActionSupport {
...
        @RequiresPermissions("account:create")
        public String createAccount(){
                ...
        }

}

Is it possible to get configure struts to process the annotation?

OR

Is it possible to create a custom annotation that struts will process?

OR

Create a custom validator to check permissions.  Don't like this option 
since validation should happen after the authorization check passes.

OR

Is my only option to use an interceptor that will process the shiro 
annotations?

Thanks.

Mitch

Re: Performing Shiro Authorization Checks inside a Struts2 Action Class

Posted by Maurizio Cucchiara <mc...@apache.org>.

On 10 August 2011 16:49, <mm...@wernervas.com> wrote:
>
> Is my only option to use an interceptor that will process the shiro
> annotations?

IMHO The interceptor way is the best option, why do you consider it as
the last one?
Unfortunately I am not a Shiro guru, but AFAIU from here [1] you can
integrate every Shiro's features with any web application
transparently, regardless of what framework you are using .

Maybe you will be luckier asking to the Shiro ML.
[1] http://shiro.apache.org/web.html#Web-%7B%7B%5Curls%5C%7D%7D
Maurizio Cucchiara

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Performing Shiro Authorization Checks inside a Struts2 Action Class

Posted by Dave Newton <da...@gmail.com>.

On Wed, Aug 10, 2011 at 10:49 AM, <mm...@wernervas.com> wrote:

> Struts will ignore the shiro annotations which is expected .
>

Not sure what that means.

>        @RequiresPermissions("account:create")
>        public String createAccount(){
>
> Is it possible to get configure struts to process the annotation?
>

Process them how?

> Is it possible to create a custom annotation that struts will process?
>

Why create another one?

> Is my only option to use an interceptor that will process the shiro
> annotations?
>

Isn't that the best option, since it's precisely what you want? (Assuming I
understand your problem statement correctly.)

Dave