[
https://issues.apache.org/jira/browse/SHIRO-146?page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#action_11014
]
Les Hazlewood logged work on SHIRO-146:
---------------------------------------
Author: Les Hazlewood
Created on: 19/Mar/10 06:03 PM
Start Date: 18/Mar/10 07:00 PM
Worklog Time Spent: 0.5h
Work Description: Fixed Roles and Permissions assertions to use
subject.checkRole/checkPermission method calls instead of duplicating logic.
Issue Time Tracking
-------------------
Time Spent: 0.5h
Remaining Estimate: 0h (was: 0.5h)
> Annotation authorizations should throw UnauthenticationException if the
> subject identity is not known.
> ------------------------------------------------------------------------------------------------------
>
> Key: SHIRO-146
> URL: https://issues.apache.org/jira/browse/SHIRO-146
> Project: Shiro
> Issue Type: Improvement
> Affects Versions: 1.0.0
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.0.0
>
> Original Estimate: 0.5h
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Currently the AuthorizingAnnotationHandlers often perform an if-check to see
> if the Subject has roles or permissions, and if not, throws an
> UnauthorizedException. The Subject API already has assertion methods
> (checkRoles, checkPermission, etc) that correctly throw an
> UnauthenticationException if an authorization check is not possible. Those
> methods should be used in the AnnotationHandler implementations instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
