Annotation authorizations should throw UnauthenticationException if the subject
identity is not known.
------------------------------------------------------------------------------------------------------
Key: SHIRO-146
URL: https://issues.apache.org/jira/browse/SHIRO-146
Project: Shiro
Issue Type: Improvement
Affects Versions: 1.0.0
Reporter: Les Hazlewood
Assignee: Les Hazlewood
Fix For: 1.0.0
Currently the AuthorizingAnnotationHandlers often perform an if-check to see if
the Subject has roles or permissions, and if not, throws an
UnauthorizedException. The Subject API already has assertion methods
(checkRoles, checkPermission, etc) that correctly throw an
UnauthenticationException if an authorization check is not possible. Those
methods should be used in the AnnotationHandler implementations instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
