Re: svn commit: r1069617 - /shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java

Thu, 10 Feb 2011 15:51:00 -0800 

Nice solution!

On Thu, Feb 10, 2011 at 3:45 PM,  <[email protected]> wrote:
> Author: kaosko
> Date: Thu Feb 10 23:45:01 2011
> New Revision: 1069617
>
> URL: http://svn.apache.org/viewvc?rev=1069617&view=rev
> Log:
> RESOLVED - issue SHIRO-243: when method is unauthorized, please include 
> method info in stack trace
> https://issues.apache.org/jira/browse/SHIRO-243
> - second try: instead of wrapping the specific exception into a more generic 
> one, initialize cause of the thrown AuthorizationException in case not set 
> with the message indicating the method name
>
> Modified:
>    
> shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java
>
> Modified: 
> shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java
> URL: 
> http://svn.apache.org/viewvc/shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java?rev=1069617&r1=1069616&r2=1069617&view=diff
> ==============================================================================
> --- 
> shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java
>  (original)
> +++ 
> shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/AuthorizingAnnotationMethodInterceptor.java
>  Thu Feb 10 23:45:01 2011
> @@ -81,6 +81,15 @@ public abstract class AuthorizingAnnotat
>      * @throws AuthorizationException if the method invocation is not allowed 
> to continue/execute.
>      */
>     public void assertAuthorized(MethodInvocation mi) throws 
> AuthorizationException {
> -        
> ((AuthorizingAnnotationHandler)getHandler()).assertAuthorized(getAnnotation(mi));
> +        try {
> +            
> ((AuthorizingAnnotationHandler)getHandler()).assertAuthorized(getAnnotation(mi));
> +        }
> +        catch(AuthorizationException ae) {
> +            // Annotation handler doesn't know why it was called, so add the 
> information here if possible.
> +            // Don't wrap the exception here since we don't want to mask the 
> specific exception, such as
> +            // UnauthenticatedException etc.
> +            if (ae.getCause() == null) ae.initCause(new 
> AuthorizationException("Not authorized to invoke method: " + mi.getMethod()));
> +            throw ae;
> +        }
>     }
>  }

Reply via email to