[jira] [Created] (SHIRO-607) AuthorizationAttributeSourceAdvisor ignores type-annotations

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Created] (SHIRO-607) AuthorizationAttributeSourceAdvisor ignores type-annotations

JIRA jira@apache.org
Laszlo Hornyak created SHIRO-607:
------------------------------------

             Summary: AuthorizationAttributeSourceAdvisor ignores type-annotations
                 Key: SHIRO-607
                 URL: https://issues.apache.org/jira/browse/SHIRO-607
             Project: Shiro
          Issue Type: Bug
          Components: Integration: Spring
    Affects Versions: 1.4.0-RC2, 1.3.2
            Reporter: Laszlo Hornyak
            Assignee: Les Hazlewood


The spring integration only checks the method annotations. When the security annotations are on the type, no authentication will be required.

{code:java}
@RequiresAuthentication //ignored
interface Business {
  //not secured
  void criticalSomething();
}
{code}

h3. Links

* Related mailing list thread: [mail archive|http://mail-archives.apache.org/mod_mbox/shiro-user/201612.mbox/%3CCAKRHFXUFKN1Yif94uGMMDoqfZ2d0JuE-zaiV_0SC3MgF9cKs2w%40mail.gmail.com%3E]
* github [pull request|https://github.com/apache/shiro/pull/54]
* [a possible workaround|https://github.com/kerubistan/kerub/commit/b843df6ba05f45dc04c41cd8730c7e86398c2aa5]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)