I have created https://issues.apache.org/jira/browse/SHIRO-343 to track this.
thanks, --b On Jan 23, 2012, at 5:51 PM, Les Hazlewood wrote: > Yeah, this is something our AOPAlliance interceptor would have to > check for - first the method and if it has annotations, and then the > class to see if it has annotations. Please open a Jira issue if you > get a chance. > > Cheers, > > Les > > On Thu, Jan 19, 2012 at 8:55 AM, Mike K <[email protected]> wrote: >> Best I can tell is that Spring AOP does not actually support class-level >> interception. I had it working with aspect-J but not Spring. >> >> Mike. >> >> On Jan 17, 2012, at 10:07 AM, Les Hazlewood-2 [via Shiro User] wrote: >> >>> Ah, can you please open a JIRA issue for this? It must be Spring AOP >>> related (i.e. we'll probably have to change something in Shiro's code >>> to reflect class-level inspection). >>> >>> Thanks, >>> >>> Les >>> >>> On Tue, Jan 17, 2012 at 7:10 AM, Brian M. Carr <[hidden email]> wrote: >>> >>>> Hi Les, >>>> >>>> I'm using the spring integration as shown in the shiro documentation. >>>> >>>> <bean id="lifecycleBeanPostProcessor" >>>> class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> >>>> <bean >>>> class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> >>>> <property name="securityManager" ref="securityManager"/> >>>> </bean> >>>> >>>> It's creating CGLIB proxies for the controllers, and method security works >>>> great, but class-level is ignored. >>>> >>>> --b >>>> >>>> On Jan 17, 2012, at 1:18 AM, Les Hazlewood wrote: >>>> >>>>> Hi Brian, >>>>> >>>>> What AOP mechanism are you using? Typically the AOP interception >>>>> mechanism needs to check for the existence at the method or class >>>>> level and enforce accordingly. >>>>> >>>>> Regards, >>>>> >>>>> Les >>>>> >>>>> On Mon, Jan 16, 2012 at 8:15 AM, Brian M. Carr <[hidden email]> wrote: >>>>>> Hello all, >>>>>> >>>>>> I'm working with Shiro 1.1.0 and have a project with a custom realm. >>>>>> When I add a @RequiresRoles("admin") annotation to a method in a >>>>>> controller, Shiro correctly intercepts the request, and throws an >>>>>> expected AuthorizationEception. However, when I move the annotation up >>>>>> to the class level, users lacking the "admin" role are granted access >>>>>> without an exception. >>>>>> >>>>>> The @RequiresRoles annotation has TYPE in it's target, so I was >>>>>> expecting this to work. Is this functionality currently available? If >>>>>> it is available, is there additional configuration necessary to cause >>>>>> Shiro to intercept all method calls in a class beyond what is needed to >>>>>> intercept annotated methods? >>>>>> >>>>>> Thank you, >>>>>> --b >>> >>> >>> If you reply to this email, your message will be added to the discussion >>> below: >>> http://shiro-user.582556.n2.nabble.com/RequiresRoles-interception-on-class-tp7193081p7197262.html >>> To start a new topic under Shiro User, email >>> [email protected] >>> To unsubscribe from Shiro User, click here. >>> NAML >> >> >> >> -- >> View this message in context: >> http://shiro-user.582556.n2.nabble.com/RequiresRoles-interception-on-class-tp7193081p7204602.html >> Sent from the Shiro User mailing list archive at Nabble.com.
