[
https://issues.apache.org/jira/browse/SHIRO-243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12992272#comment-12992272
]
Jim Newsham commented on SHIRO-243:
-----------------------------------
P.S. I've already implemented a similar approach in the method interceptors
for our own custom annotations, but I would have to override Shiro's method
interceptors to get the same benefit there; seems more sensible for this to be
in the parent class -- AuthorizingAnnotationMethodInterceptor.
> when method is unauthorized, please include method info in stack trace
> ----------------------------------------------------------------------
>
> Key: SHIRO-243
> URL: https://issues.apache.org/jira/browse/SHIRO-243
> Project: Shiro
> Issue Type: Improvement
> Reporter: Jim Newsham
> Priority: Minor
>
> We are using Shiro's annotation-based method authorization support, to
> enforce security checks on remotely invoked services. The problem is that
> when we get an AuthorizationException, it doesn't include any information
> about which particular method failed. Looks like it would be really easy to
> include this in AuthorizingAnnotationMethodInterceptor.assertAuthorized() as
> follows:
> public void assertAuthorized(MethodInvocation method) throws
> AuthorizationException {
> try {
>
> ((AuthorizingAnnotationHandler)getHandler()).assertAuthorized(getAnnotation(mi));
> }
> catch(AuthorizationException ae) {
> throw new AuthorizationException("method not authorized: " +
> method.getMethod(), ae);
> }
> }
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
