[
https://issues.apache.org/jira/browse/SHIRO-243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12993219#comment-12993219
]
Jared Bunting commented on SHIRO-243:
-------------------------------------
There are subclasses of AuthorizationException. Wrapping it will also break
any attempts to catch certain subclasses (UnauthenticatedException for
example).
> when method is unauthorized, please include method info in stack trace
> ----------------------------------------------------------------------
>
> Key: SHIRO-243
> URL: https://issues.apache.org/jira/browse/SHIRO-243
> Project: Shiro
> Issue Type: Improvement
> Reporter: Jim Newsham
> Assignee: Kalle Korhonen
> Priority: Minor
> Fix For: 1.2.0
>
>
> We are using Shiro's annotation-based method authorization support, to
> enforce security checks on remotely invoked services. The problem is that
> when we get an AuthorizationException, it doesn't include any information
> about which particular method failed. Looks like it would be really easy to
> include this in AuthorizingAnnotationMethodInterceptor.assertAuthorized() as
> follows:
> public void assertAuthorized(MethodInvocation method) throws
> AuthorizationException {
> try {
>
> ((AuthorizingAnnotationHandler)getHandler()).assertAuthorized(getAnnotation(mi));
> }
> catch(AuthorizationException ae) {
> throw new AuthorizationException("method not authorized: " +
> method.getMethod(), ae);
> }
> }
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
