Shiro
  1. Shiro
  2. SHIRO-343

RequiresRoles annotation is not intercepting on a class level when configured with Spring MVC

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      With the shown sanitized context definition, Shiro intercepts method invocations annotated with RequiresRoles, but fails to intercept if the annotation is at the class level. This requires duplication of the annotation to every method within a Controller class.

      Les says: "[...] this is something our AOPAlliance interceptor would have to
      check for - first the method and if it has annotations, and then the
      class to see if it has annotations [...]"

        Activity

        Hide
        Brian M. Carr added a comment -

        an example context which should work for both class and method invocation

        Show
        Brian M. Carr added a comment - an example context which should work for both class and method invocation
        Hide
        Ryan Connolly added a comment -

        I am also seeing this same behavior using the AspectJ Sample Application without Spring: (http://svn.apache.org/repos/asf/shiro/trunk/samples/aspectj/)

        Show
        Ryan Connolly added a comment - I am also seeing this same behavior using the AspectJ Sample Application without Spring: ( http://svn.apache.org/repos/asf/shiro/trunk/samples/aspectj/ )
        Hide
        Alexey Balchunas added a comment -

        There is the same issue with guice.
        It just takes a proxy guice object which of course doesn't contain the annotation.
        It can be fixed by overriding the "createAnnotationResolver" method of ShiroAopModule.
        Here is my fix. Don't know if it's the right way, but works for me.
        http://cl.ly/1n0V1M2t1Y3L213U312m

        Show
        Alexey Balchunas added a comment - There is the same issue with guice. It just takes a proxy guice object which of course doesn't contain the annotation. It can be fixed by overriding the "createAnnotationResolver" method of ShiroAopModule. Here is my fix. Don't know if it's the right way, but works for me. http://cl.ly/1n0V1M2t1Y3L213U312m

          People

          • Assignee:
            Unassigned
            Reporter:
            Brian M. Carr
          • Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:

              Development