Hello all,
I'm working with Shiro 1.1.0 and have a project with a custom realm. When I
add a @RequiresRoles("admin") annotation to a method in a controller, Shiro
correctly intercepts the request, and throws an expected AuthorizationEception.
However, when I move the annotation up to the class level, users lacking the
"admin" role are granted access without an exception.
The @RequiresRoles annotation has TYPE in it's target, so I was expecting this
to work. Is this functionality currently available? If it is available, is
there additional configuration necessary to cause Shiro to intercept all method
calls in a class beyond what is needed to intercept annotated methods?
Thank you,
--b
