[
https://issues.apache.org/jira/browse/SHIRO-146?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Les Hazlewood resolved SHIRO-146.
---------------------------------
Resolution: Fixed
Committed to trunk
> Annotation authorizations should throw UnauthenticationException if the
> subject identity is not known.
> ------------------------------------------------------------------------------------------------------
>
> Key: SHIRO-146
> URL: https://issues.apache.org/jira/browse/SHIRO-146
> Project: Shiro
> Issue Type: Improvement
> Affects Versions: 1.0.0
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.0.0
>
> Original Estimate: 0.5h
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Currently the AuthorizingAnnotationHandlers often perform an if-check to see
> if the Subject has roles or permissions, and if not, throws an
> UnauthorizedException. The Subject API already has assertion methods
> (checkRoles, checkPermission, etc) that correctly throw an
> UnauthenticationException if an authorization check is not possible. Those
> methods should be used in the AnnotationHandler implementations instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
