[SHIRO-243] when method is unauthorized, please include method info in stack trace - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.2.0
Component/s: None
Labels:
None

Description

We are using Shiro's annotation-based method authorization support, to enforce security checks on remotely invoked services. The problem is that when we get an AuthorizationException, it doesn't include any information about which particular method failed. Looks like it would be really easy to include this in AuthorizingAnnotationMethodInterceptor.assertAuthorized() as follows:

public void assertAuthorized(MethodInvocation method) throws AuthorizationException {
try

{ ((AuthorizingAnnotationHandler)getHandler()).assertAuthorized(getAnnotation(mi)); }

catch(AuthorizationException ae)

{ throw new AuthorizationException("method not authorized: " + method.getMethod(), ae); }

}

Attachments

Activity

People

Assignee:: Kalle Korhonen

Reporter:: Jim Newsham

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 09/Feb/11 01:20

Updated:: 24/Jan/12 01:11

Resolved:: 10/Feb/11 23:49