Hi Brian, What AOP mechanism are you using? Typically the AOP interception mechanism needs to check for the existence at the method or class level and enforce accordingly.
Regards, Les On Mon, Jan 16, 2012 at 8:15 AM, Brian M. Carr <[email protected]> wrote: > Hello all, > > I'm working with Shiro 1.1.0 and have a project with a custom realm. When I > add a @RequiresRoles("admin") annotation to a method in a controller, Shiro > correctly intercepts the request, and throws an expected > AuthorizationEception. However, when I move the annotation up to the class > level, users lacking the "admin" role are granted access without an exception. > > The @RequiresRoles annotation has TYPE in it's target, so I was expecting > this to work. Is this functionality currently available? If it is > available, is there additional configuration necessary to cause Shiro to > intercept all method calls in a class beyond what is needed to intercept > annotated methods? > > Thank you, > --b
