Spring MVC MultiActionController and Apache Shiro

StackOverflow https://stackoverflow.com/questions/9317980

Pergunta

I am trying to use Apache Shiro with Spring MVC.

The controllers we expose (and want to secure) extend MultiActionController. I have configured Apache Shiro for Spring the way they describe it here: http://shiro.apache.org/spring.html

I wanted to use @RequiresRoles annotation on my controller method, but it doesn't work...

It doesn't give any error in the logs, from what I have seen in debug it looks as if only handleRequest method from AbstractController (a superclass of MultiActionController) is checked for annotations.

The "internal" call from handleRequest to my annotated method is not invoked through proxy, so there is no check for Shiro annotations.

Can I somehow make the call to my method go through proxy despite the fact it's a call to method of the same object as the caller?

Or is there any other solution to this problem?

Thanks in advance

Foi útil?

Solução

You will need to configure AspectJ for compile-time or run-time weaving. This is the only way I know of in Spring to enforce annotations on instances that are not interface-based proxies.

Shiro has an AspectJ sample project you can look at for ideas here: http://svn.apache.org/repos/asf/shiro/trunk/samples/aspectj/

Also read about Spring's AOP and AspectJ integration here: http://static.springsource.org/spring/docs/3.1.0.RELEASE/reference/html/aop.html#aop-using-aspectj

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top