[
https://issues.apache.org/jira/browse/SHIRO-607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Laszlo Hornyak resolved SHIRO-607.
----------------------------------
Resolution: Fixed
Fix Version/s: 1.4.0
> AuthorizationAttributeSourceAdvisor ignores type-annotations
> ------------------------------------------------------------
>
> Key: SHIRO-607
> URL: https://issues.apache.org/jira/browse/SHIRO-607
> Project: Shiro
> Issue Type: Bug
> Components: Integration: Spring
> Affects Versions: 1.3.2, 1.4.0-RC2
> Reporter: Laszlo Hornyak
> Assignee: Les Hazlewood
> Labels: easyfix, newbie
> Fix For: 1.4.0
>
>
> The spring integration only checks the method annotations. When the security
> annotations are on the type, no authentication will be required.
> {code:java}
> @RequiresAuthentication //ignored
> interface Business {
> //not secured
> void criticalSomething();
> }
> {code}
> h3. Links
> * Related mailing list thread: [mail
> archive|http://mail-archives.apache.org/mod_mbox/shiro-user/201612.mbox/%3CCAKRHFXUFKN1Yif94uGMMDoqfZ2d0JuE-zaiV_0SC3MgF9cKs2w%40mail.gmail.com%3E]
> * github [pull request|https://github.com/apache/shiro/pull/54]
> * [a possible
> workaround|https://github.com/kerubistan/kerub/commit/b843df6ba05f45dc04c41cd8730c7e86398c2aa5]
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
