Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-243

when method is unauthorized, please include method info in stack trace

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.2.0
    • Component/s: None
    • Labels:
      None

      Description

      We are using Shiro's annotation-based method authorization support, to enforce security checks on remotely invoked services. The problem is that when we get an AuthorizationException, it doesn't include any information about which particular method failed. Looks like it would be really easy to include this in AuthorizingAnnotationMethodInterceptor.assertAuthorized() as follows:

      public void assertAuthorized(MethodInvocation method) throws AuthorizationException {
      try

      { ((AuthorizingAnnotationHandler)getHandler()).assertAuthorized(getAnnotation(mi)); }

      catch(AuthorizationException ae)

      { throw new AuthorizationException("method not authorized: " + method.getMethod(), ae); }

      }

        Attachments

          Activity

            People

            • Assignee:
              kaosko Kalle Korhonen
              Reporter:
              jn Jim Newsham
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: