Related to https://issues.apache.org/jira/browse/SHIRO-175 and some of the Shiro extensions we (Tynamo.org) have made, I'd like to change @Target(ElementType.METHOD) of all annotations to @Target({ElementType.TYPE, ElementType.METHOD}). The obvious semantics of attaching a security annotation to a class is that the same permission would apply to all method invocations in that class.
SHIRO-175 suggests that we'd deprecate the existing annotations in favor of RequiresAnyXXX and RequiresAllXXX annotations, forcing to target 1.1 release for the issue resolution. We could also keep the existing annotations and pick either ANY or ALL semantics in order to avoid deprecating anything - not sure which one is better. The current semantics are unclear, the Javadoc implies ANY for RequiresRoles but ALL for RequiresPermissions. Here's what I'd suggest: - 1.0.1 change @Target to apply to TYPEs as well, fix ambiguity of current annotations (especially if we decide to keep them) - 1.1.0 resolve SHIRO-175 and add RequiresAnyXXX and RequiresAllXXX annotations (and deprecate existing annotations if we choose to do so) I can handle implementing the changes. Any comments? Kalle
