@RequiresPermissions not being activated

Fri, 24 Sep 2010 07:31:22 -0700 

Hi, I obviously do not have this set up correctly but for the life of me I
can not find why. I am using spring remoting using HttpInvokerBean and on
one of my service methods I have
@RequiresPermission("nobody-has-this-permission") yet anyone can call it.


the content of my application context is as follows



        <bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <property name="realm" ref="mySecurityRealm"/>
                <property name="sessionMode" value="native"/>
        </bean>
        
        <bean id="mySecurityRealm" class="<path-to-my-realm>"/>

    <bean id="lifecycleBeanPostProcessor"
class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
    <bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor"/>
    <bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager"/>
    </bean>

    <bean id="secureRemoteInvocationExecutor"
class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor">
        <property name="securityManager" ref="securityManager"/>
    </bean>
 

        <bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
            <property name="securityManager" ref="securityManager"/>
            <!-- override these for application-specific URLs if you like:-->
            <!-- <property name="loginUrl" value="/remote/securityService"/>
            <property name="unauthorizedUrl" value="/remote/**"/>  --> 
            <!-- The 'filters' property is not necessary since any declared
javax.servlet.Filter bean  -->
            <!-- defined will be automatically acquired and available via its
beanName in chain        -->
            <!-- definitions, but you can perform instance overrides or name
aliases here if you like: -->
            <!-- <property name="filters">
                <util:map>
                    <entry key="anAlias" value-ref="someFilter"/>
                </util:map>
            </property> -->
            <property name="filterChainDefinitions">
                <value>
                                /remote/** = perms
                </value>
            </property>
        </bean>
        


-- 
View this message in context: 
http://shiro-user.582556.n2.nabble.com/RequiresPermissions-not-being-activated-tp5567042p5567042.html
Sent from the Shiro User mailing list archive at Nabble.com.

Reply via email to