You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Pillar <so...@hotmail.com> on 2013/06/27 16:49:21 UTC
Re: @RequiresRoles interception on class
It's been a while since this was posted but I was curious if any progress
(not shown in JIRA) was made.
I think the issue is in AuthorizationAttributeSourceAdvisor, in the
matches() method. It calls the method below which only looks for the
annotations on methods.
private boolean isAuthzAnnotationPresent(Method method) {
for( Class<? extends Annotation> annClass : AUTHZ_ANNOTATION_CLASSES
) {
Annotation a = AnnotationUtils.findAnnotation(method, annClass);
// here
if ( a != null ) {
return true;
}
}
return false;
}
So if it returns false, matches() returns false. In this case, (I think) the
instance won't be proxied and the aspect won't apply.
Can you simply modify it to check class level too?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/RequiresRoles-interception-on-class-tp7193081p7578879.html
Sent from the Shiro User mailing list archive at Nabble.com.