You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Pillar <so...@hotmail.com> on 2013/06/27 16:49:21 UTC

Re: @RequiresRoles interception on class

It's been a while since this was posted but I was curious if any progress
(not shown in JIRA) was made.

I think the issue is in AuthorizationAttributeSourceAdvisor, in the
matches() method. It calls the method below which only looks for the
annotations on methods.

    private boolean isAuthzAnnotationPresent(Method method) {
        for( Class<? extends Annotation> annClass : AUTHZ_ANNOTATION_CLASSES
) {
            Annotation a = AnnotationUtils.findAnnotation(method, annClass);
// here
            if ( a != null ) {
                return true;
            }
        }
        return false;
    }

So if it returns false, matches() returns false. In this case, (I think) the
instance won't be proxied and the aspect won't apply.

Can you simply modify it to check class level too?



--
View this message in context: http://shiro-user.582556.n2.nabble.com/RequiresRoles-interception-on-class-tp7193081p7578879.html
Sent from the Shiro User mailing list archive at Nabble.com.