Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-146

Annotation authorizations should throw UnauthenticationException if the subject identity is not known.

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.0.0
    • 1.0.0
    • None
    • None

    Description

      Currently the AuthorizingAnnotationHandlers often perform an if-check to see if the Subject has roles or permissions, and if not, throws an UnauthorizedException. The Subject API already has assertion methods (checkRoles, checkPermission, etc) that correctly throw an UnauthenticationException if an authorization check is not possible. Those methods should be used in the AnnotationHandler implementations instead.

      Attachments

        Activity

          People

            lhazlewood Les Hazlewood
            lhazlewood Les Hazlewood
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 0.5h
                0.5h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 0.5h
                0.5h