[
https://issues.apache.org/jira/browse/SHIRO-243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kalle Korhonen resolved SHIRO-243.
----------------------------------
Resolution: Fixed
Initialize the cause of the thrown Exception if not previously set. May not
read that well if stacktrace is printed out (UnauthenticatedException caused by
AuthorizationException) but semantically can be seen as correct (method
authorization caused permission check).
> when method is unauthorized, please include method info in stack trace
> ----------------------------------------------------------------------
>
> Key: SHIRO-243
> URL: https://issues.apache.org/jira/browse/SHIRO-243
> Project: Shiro
> Issue Type: Improvement
> Reporter: Jim Newsham
> Assignee: Kalle Korhonen
> Priority: Minor
> Fix For: 1.2.0
>
>
> We are using Shiro's annotation-based method authorization support, to
> enforce security checks on remotely invoked services. The problem is that
> when we get an AuthorizationException, it doesn't include any information
> about which particular method failed. Looks like it would be really easy to
> include this in AuthorizingAnnotationMethodInterceptor.assertAuthorized() as
> follows:
> public void assertAuthorized(MethodInvocation method) throws
> AuthorizationException {
> try {
>
> ((AuthorizingAnnotationHandler)getHandler()).assertAuthorized(getAnnotation(mi));
> }
> catch(AuthorizationException ae) {
> throw new AuthorizationException("method not authorized: " +
> method.getMethod(), ae);
> }
> }
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
