I think I figured out what is going on here - Shiro's DefaultAdvisorAutoProxyCreator might be interfering with your existing Spring proxy mechanism. Were you able to work through this? If so, what was the fix? -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
On Sun, Mar 17, 2013 at 8:19 PM, Pillar <[email protected]> wrote: > I'm trying to configure my spring mvc application with Shiro annotations such > that a controller handler method cannot be called unless a Subject is > authenticated, eg. > > @Controller > @RequestMapping(value = "/admin") > public class AdminController { > @RequiresAuthentication > @RequestMapping(method = RequestMethod.GET) > public String adminHome() { > return "admin"; > } > } > > To make it work, I tried adding the following to my spring configuration: > > @Bean > public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { > return new LifecycleBeanPostProcessor(); > } > > @Bean > @DependsOn(value = "lifecycleBeanPostProcessor") > public DefaultAdvisorAutoProxyCreator > defaultAdvisorAutoProxyCreator() { > return new DefaultAdvisorAutoProxyCreator(); > } > > @Bean > public AuthorizationAttributeSourceAdvisor > authorizationAttributeSourceAdvisor() { > AuthorizationAttributeSourceAdvisor > authorizationAttributeSourceAdvisor = > new AuthorizationAttributeSourceAdvisor(); > > authorizationAttributeSourceAdvisor.setSecurityManager(securityManager()); > return authorizationAttributeSourceAdvisor; > } > > Not only did this not enable the annotations, but it also screwed with my > hibernate transaction management annotations (I have no idea how). Is this a > limitation of Spring, since it manages its bean separately? Is there any way > around it? > > Thanks, > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Shiro-annotations-on-Spring-MVC-Controllers-tp7578426.html > Sent from the Shiro User mailing list archive at Nabble.com.
