Hi Brian, Can you put this into a very simple test webapp that shows the failure? I'd be very happy to test it out, I just don't have the time today to put that together myself. You could use the Spring sample application as the base to get you 90% started.
Les On Fri, Sep 24, 2010 at 7:30 AM, zooxmusic <[email protected]> wrote: > > Hi, I obviously do not have this set up correctly but for the life of me I > can not find why. I am using spring remoting using HttpInvokerBean and on > one of my service methods I have > @RequiresPermission("nobody-has-this-permission") yet anyone can call it. > > > the content of my application context is as follows > > > > <bean id="securityManager" > class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> > <property name="realm" ref="mySecurityRealm"/> > <property name="sessionMode" value="native"/> > </bean> > > <bean id="mySecurityRealm" class="<path-to-my-realm>"/> > > <bean id="lifecycleBeanPostProcessor" > class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> > <bean > class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" > depends-on="lifecycleBeanPostProcessor"/> > <bean > class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> > <property name="securityManager" ref="securityManager"/> > </bean> > > <bean id="secureRemoteInvocationExecutor" > class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor"> > <property name="securityManager" ref="securityManager"/> > </bean> > > > <bean id="shiroFilter" > class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> > <property name="securityManager" ref="securityManager"/> > <!-- override these for application-specific URLs if you like:--> > <!-- <property name="loginUrl" value="/remote/securityService"/> > <property name="unauthorizedUrl" value="/remote/**"/> --> > <!-- The 'filters' property is not necessary since any declared > javax.servlet.Filter bean --> > <!-- defined will be automatically acquired and available via its > beanName in chain --> > <!-- definitions, but you can perform instance overrides or name > aliases here if you like: --> > <!-- <property name="filters"> > <util:map> > <entry key="anAlias" value-ref="someFilter"/> > </util:map> > </property> --> > <property name="filterChainDefinitions"> > <value> > /remote/** = perms > </value> > </property> > </bean> > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/RequiresPermissions-not-being-activated-tp5567042p5567042.html > Sent from the Shiro User mailing list archive at Nabble.com. >
