Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
None
-
None
-
None
Description
We are using Shiro's annotation-based method authorization support, to enforce security checks on remotely invoked services. The problem is that when we get an AuthorizationException, it doesn't include any information about which particular method failed. Looks like it would be really easy to include this in AuthorizingAnnotationMethodInterceptor.assertAuthorized() as follows:
public void assertAuthorized(MethodInvocation method) throws AuthorizationException {
try
catch(AuthorizationException ae)
{ throw new AuthorizationException("method not authorized: " + method.getMethod(), ae); }}