i've started using shiro 1.1.0 in a web application using spring mvc 3.0.5
and zk 5.0.8 as admin. i wasn't having shiro annotation working so i
specified the requiredroles in the security application context :
//*admin = authc, roles[ADMIN]*/
which works fine and redirect me to the unautorized paged i created. Now i
got the Annotation working so i used
@RequiresRoles(value={"manager","admin","superadmin"}) on top of a class:
*/@RequiresRoles(value = {"manager","admin","superadmin"})
public class ContentController extends GenericForwardComposer {...}/*
and it throws
org.apache.shiro.authz.UnauthorizedException: Subject does not have role
[manager]
Is there anything to activate when using annotation for these kind of
authorization to be caught?
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/how-to-handle-org-apache-shiro-authz-UnauthorizedException-Exception-in-a-webapp-spring-tp7345227p7345227.html
Sent from the Shiro User mailing list archive at Nabble.com.
