Looking at the RequiresPermissions class, it appears that this
annotation is not inherited. So, I suspect that adding it to your
interface method is not having much of an effect, as the instance method
is what is actually being intercepted. Can you try applying the
annotation to the methods directly on LayoutEventHandlerImpl and see
what effect that has?
Thanks,
Jared
On 07/28/2011 04:30 AM, blacksensei wrote:
> Hi Gurus!!
>
> first thing first, i would to congratulate those who put together effort to
> get this awesome framework out.
> it's simple and powerful , kudos guys!!
>
> Now i've tried using shiro 1.1.0+ maven3+spring 3.0.5.RELEASE, hibernate
> 3.6.1.Final with ZK 5.0.6.
> i got my hibernaterealm working , talking to database, i got the
> authentication working, i successfully(i believe) get the roles and
> permission loaded.
> so to test the authorization side i have somewhere in my code this :
>
> Subject currentUser = SecurityUtils.getSubject();
> if (!currentUser.isPermitted("businessaccount:list")) {
> throw new AuthorizationException("User not authorized");
> }
>
> and it works fine. So i know my permissions were loaded.
> i'll be convenient for me using annotations to i've put it in implementation
> class, because i didn't plan on using interface at first place with my
> controller classes which are extending ZK GenericForwardController.
>
> i've seen this https://issues.apache.org/jira/browse/SHIRO-185 bug and
> i've decided to do a try with one interface with the @RequiresPersmissions
> on it.
>
> apparently it's still not working.Maybe i'm doing something wrong here are
> snippet of the codes:
>
>
> @Component("layouteventhandler")
> public class LayoutEventHandlerImpl extends GenericForwardComposer
> implements LayoutEventHandler {
>
> Logger logger = Logger.getLogger(LayoutEventHandlerImpl.class);
> Menuitem logout;
>
> //...
>
>
> @Override
> public void onClick$pAccounts() {
> try {
> execution.sendRedirect("/accounts/personal/list");
> } catch (Exception ex) {
> logger.info("Error redirecting to personal accounts", ex);
> }
> }
>
>
> @Override
> public void onClick$bAccounts() {
> try {
> execution.sendRedirect("/accounts/business/list");
> } catch (Exception ex) {
> logger.info("Error redirecting to business accounts", ex);
> }
> }
> //.....
> }
>
>
> its interface it :
>
> public interface LayoutEventHandler {
>
> @RequiresPermissions(value="personalaccount:list")
> public void onClick$pAccounts();
>
> @RequiresPermissions(value="businessaccount:list")
> public void onClick$bAccounts();
> //.....
>
> }
>
> So even using interface it seems not to be working here is my
> securityApplicationContext.xml
>
>
> <bean id="hibernateRealm"
> class="com.personal.project.admin.webapp.security.DatabaseRealm" />
> <bean id="securityManager"
> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
> <property name="realm" ref="hibernateRealm" />
> </bean>
>
> <bean id="lifecycleBeanPostProcessor"
> class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
>
> <bean
> class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
> depends-on="lifecycleBeanPostProcessor">
>
> </bean>
> <bean
> class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
> <property name="securityManager" ref="securityManager"/>
> </bean>
>
>
> <bean id="secureRemoteInvocationExecutor"
> class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor">
> <property name="securityManager" ref="securityManager"/>
> </bean>
>
>
> <bean id="shiroFilter"
> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
> <property name="securityManager" ref="securityManager" />
> <property name="loginUrl" value="/authentication/login" />
> <property name="unauthorizedUrl"
> value="/authentication/unauthorized" />
> <property name="filterChainDefinitions">
> <value>
> /authentication/** = anon
> / = authc
> /accounts/** = authc
> /transactions/** = authc
> /subscribers/** = authc
> /i-charges/** = authc
> /charge-model = authc
> /settings/** = authc
> </value>
> </property>
> </bean>
>
>
> I would like to know if the technology am using matters meaning, is it ok to
> have ZK+shrio?
> Am sure i'm the one not configuring something well. I would appreciate if
> anyone shed some light on this for me.thanks for reading
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/shiro-1-1-0-RequiresAnnotations-not-working-in-spring-container-isn-t-it-fixed-tp6629236p6629236.html
> Sent from the Shiro User mailing list archive at Nabble.com.
