@RequiresRole annotations on spring mvc controller are simply ignored.
I have javaconfig spring mvc application with shiro security and everything
works, but I must put roles and permissions on the filter config like this
Map<String, String> map = new LinkedHashMap<>();
map.put("/app/users/", "authc, roles[admin]");
map.put("/app/users/", "authc, perms["user:edit"]);
map.put("/src/**", "anon");
factoryBean.setFilterChainDefinitionMap(map);
I tried everything, setup is basically copied from sample apps found on the
net. I noticed lots of same questions on this forum and stackoverflow but no
real solutions.
Now I just wonder if someone could give a hint how to debug this. I have
shiro and spring source and I shoud be able do figure out this myself - if I
knew where to start.
I guess it is about AOP, maybe classpath issuse but I see no errors in the
log. I have, among others, these jars:
asm-3.3.1.jar
aspectjrt.jar
aspectjweaver.jar
cglib-2.2.jar
com.springsource.org.aopalliance-1.0.0.jar
javassist-3.17.1-GA.jar
shiro-all-1.2.3.jar
shiro-aspectj-1.2.3.jar
spring-aop-4.0.1.RELEASE.jar
spring-aspects-4.0.1.RELEASE.jar
spring-instrument-4.0.1.RELEASE.jar
spring-instrument-tomcat-4.0.1.RELEASE.jar
AOP is tricky thing, I can't figure out where does annotation scan actually
occurs and where are the interceptors set in the code itself?
I would appreciate any hint for debugging this. Thanks!
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/security-annotations-with-spring-controllers-don-t-work-tp7580496.html
Sent from the Shiro User mailing list archive at Nabble.com.
