Laszlo Hornyak created SHIRO-607:
------------------------------------
Summary: AuthorizationAttributeSourceAdvisor ignores
type-annotations
Key: SHIRO-607
URL: https://issues.apache.org/jira/browse/SHIRO-607
Project: Shiro
Issue Type: Bug
Components: Integration: Spring
Affects Versions: 1.4.0-RC2, 1.3.2
Reporter: Laszlo Hornyak
Assignee: Les Hazlewood
The spring integration only checks the method annotations. When the security
annotations are on the type, no authentication will be required.
{code:java}
@RequiresAuthentication //ignored
interface Business {
//not secured
void criticalSomething();
}
{code}
h3. Links
* Related mailing list thread: [mail
archive|http://mail-archives.apache.org/mod_mbox/shiro-user/201612.mbox/%3CCAKRHFXUFKN1Yif94uGMMDoqfZ2d0JuE-zaiV_0SC3MgF9cKs2w%40mail.gmail.com%3E]
* github [pull request|https://github.com/apache/shiro/pull/54]
* [a possible
workaround|https://github.com/kerubistan/kerub/commit/b843df6ba05f45dc04c41cd8730c7e86398c2aa5]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
