Thanks!
On Tue, Jan 24, 2012 at 6:10 AM, Brian M. Carr <[email protected]> wrote: > I have created https://issues.apache.org/jira/browse/SHIRO-343 to track this. > > thanks, > --b > > > On Jan 23, 2012, at 5:51 PM, Les Hazlewood wrote: > >> Yeah, this is something our AOPAlliance interceptor would have to >> check for - first the method and if it has annotations, and then the >> class to see if it has annotations. Please open a Jira issue if you >> get a chance. >> >> Cheers, >> >> Les >> >> On Thu, Jan 19, 2012 at 8:55 AM, Mike K <[email protected]> wrote: >>> Best I can tell is that Spring AOP does not actually support class-level >>> interception. I had it working with aspect-J but not Spring. >>> >>> Mike. >>> >>> On Jan 17, 2012, at 10:07 AM, Les Hazlewood-2 [via Shiro User] wrote: >>> >>>> Ah, can you please open a JIRA issue for this? It must be Spring AOP >>>> related (i.e. we'll probably have to change something in Shiro's code >>>> to reflect class-level inspection). >>>> >>>> Thanks, >>>> >>>> Les >>>> >>>> On Tue, Jan 17, 2012 at 7:10 AM, Brian M. Carr <[hidden email]> wrote: >>>> >>>>> Hi Les, >>>>> >>>>> I'm using the spring integration as shown in the shiro documentation. >>>>> >>>>> <bean id="lifecycleBeanPostProcessor" >>>>> class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> >>>>> <bean >>>>> class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> >>>>> <property name="securityManager" ref="securityManager"/> >>>>> </bean> >>>>> >>>>> It's creating CGLIB proxies for the controllers, and method security >>>>> works great, but class-level is ignored. >>>>> >>>>> --b >>>>> >>>>> On Jan 17, 2012, at 1:18 AM, Les Hazlewood wrote: >>>>> >>>>>> Hi Brian, >>>>>> >>>>>> What AOP mechanism are you using? Typically the AOP interception >>>>>> mechanism needs to check for the existence at the method or class >>>>>> level and enforce accordingly. >>>>>> >>>>>> Regards, >>>>>> >>>>>> Les >>>>>> >>>>>> On Mon, Jan 16, 2012 at 8:15 AM, Brian M. Carr <[hidden email]> wrote: >>>>>>> Hello all, >>>>>>> >>>>>>> I'm working with Shiro 1.1.0 and have a project with a custom realm. >>>>>>> When I add a @RequiresRoles("admin") annotation to a method in a >>>>>>> controller, Shiro correctly intercepts the request, and throws an >>>>>>> expected AuthorizationEception. However, when I move the annotation up >>>>>>> to the class level, users lacking the "admin" role are granted access >>>>>>> without an exception. >>>>>>> >>>>>>> The @RequiresRoles annotation has TYPE in it's target, so I was >>>>>>> expecting this to work. Is this functionality currently available? If >>>>>>> it is available, is there additional configuration necessary to cause >>>>>>> Shiro to intercept all method calls in a class beyond what is needed to >>>>>>> intercept annotated methods? >>>>>>> >>>>>>> Thank you, >>>>>>> --b >>>> >>>> >>>> If you reply to this email, your message will be added to the discussion >>>> below: >>>> http://shiro-user.582556.n2.nabble.com/RequiresRoles-interception-on-class-tp7193081p7197262.html >>>> To start a new topic under Shiro User, email >>>> [email protected] >>>> To unsubscribe from Shiro User, click here. >>>> NAML >>> >>> >>> >>> -- >>> View this message in context: >>> http://shiro-user.582556.n2.nabble.com/RequiresRoles-interception-on-class-tp7193081p7204602.html >>> Sent from the Shiro User mailing list archive at Nabble.com.
