Shiro
  1. Shiro
  2. SHIRO-243

when method is unauthorized, please include method info in stack trace

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.2.0
    • Component/s: None
    • Labels:
      None

      Description

      We are using Shiro's annotation-based method authorization support, to enforce security checks on remotely invoked services. The problem is that when we get an AuthorizationException, it doesn't include any information about which particular method failed. Looks like it would be really easy to include this in AuthorizingAnnotationMethodInterceptor.assertAuthorized() as follows:

      public void assertAuthorized(MethodInvocation method) throws AuthorizationException {
      try

      { ((AuthorizingAnnotationHandler)getHandler()).assertAuthorized(getAnnotation(mi)); }

      catch(AuthorizationException ae)

      { throw new AuthorizationException("method not authorized: " + method.getMethod(), ae); }

      }

        Activity

          People

          • Assignee:
            Kalle Korhonen
            Reporter:
            Jim Newsham
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development