Best I can tell is that Spring AOP does not actually support class-level
interception. I had it working with aspect-J but not Spring.
Mike.
On Jan 17, 2012, at 10:07 AM, Les Hazlewood-2 [via Shiro User] wrote:
> Ah, can you please open a JIRA issue for this? It must be Spring AOP
> related (i.e. we'll probably have to change something in Shiro's code
> to reflect class-level inspection).
>
> Thanks,
>
> Les
>
> On Tue, Jan 17, 2012 at 7:10 AM, Brian M. Carr <[hidden email]> wrote:
>
> > Hi Les,
> >
> > I'm using the spring integration as shown in the shiro documentation.
> >
> > <bean id="lifecycleBeanPostProcessor"
> > class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
> > <bean
> > class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
> >
> > <property name="securityManager" ref="securityManager"/>
> > </bean>
> >
> > It's creating CGLIB proxies for the controllers, and method security works
> > great, but class-level is ignored.
> >
> > --b
> >
> > On Jan 17, 2012, at 1:18 AM, Les Hazlewood wrote:
> >
> >> Hi Brian,
> >>
> >> What AOP mechanism are you using? Typically the AOP interception
> >> mechanism needs to check for the existence at the method or class
> >> level and enforce accordingly.
> >>
> >> Regards,
> >>
> >> Les
> >>
> >> On Mon, Jan 16, 2012 at 8:15 AM, Brian M. Carr <[hidden email]> wrote:
> >>> Hello all,
> >>>
> >>> I'm working with Shiro 1.1.0 and have a project with a custom realm.
> >>> When I add a @RequiresRoles("admin") annotation to a method in a
> >>> controller, Shiro correctly intercepts the request, and throws an
> >>> expected AuthorizationEception. However, when I move the annotation up
> >>> to the class level, users lacking the "admin" role are granted access
> >>> without an exception.
> >>>
> >>> The @RequiresRoles annotation has TYPE in it's target, so I was expecting
> >>> this to work. Is this functionality currently available? If it is
> >>> available, is there additional configuration necessary to cause Shiro to
> >>> intercept all method calls in a class beyond what is needed to intercept
> >>> annotated methods?
> >>>
> >>> Thank you,
> >>> --b
>
>
> If you reply to this email, your message will be added to the discussion
> below:
> http://shiro-user.582556.n2.nabble.com/RequiresRoles-interception-on-class-tp7193081p7197262.html
> To start a new topic under Shiro User, email
> [email protected]
> To unsubscribe from Shiro User, click here.
> NAML
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/RequiresRoles-interception-on-class-tp7193081p7204602.html
Sent from the Shiro User mailing list archive at Nabble.com.
