2

I am trying to use Apache Shiro with Spring MVC.

The controllers we expose (and want to secure) extend MultiActionController. I have configured Apache Shiro for Spring the way they describe it here: http://shiro.apache.org/spring.html

I wanted to use @RequiresRoles annotation on my controller method, but it doesn't work...

It doesn't give any error in the logs, from what I have seen in debug it looks as if only handleRequest method from AbstractController (a superclass of MultiActionController) is checked for annotations.

The "internal" call from handleRequest to my annotated method is not invoked through proxy, so there is no check for Shiro annotations.

Can I somehow make the call to my method go through proxy despite the fact it's a call to method of the same object as the caller?

Or is there any other solution to this problem?

Thanks in advance

Michał
  • 33
  • 4

1 Answers1

0

You will need to configure AspectJ for compile-time or run-time weaving. This is the only way I know of in Spring to enforce annotations on instances that are not interface-based proxies.

Shiro has an AspectJ sample project you can look at for ideas here: http://svn.apache.org/repos/asf/shiro/trunk/samples/aspectj/

Also read about Spring's AOP and AspectJ integration here: http://static.springsource.org/spring/docs/3.1.0.RELEASE/reference/html/aop.html#aop-using-aspectj

Les Hazlewood
  • 18,480
  • 13
  • 68
  • 76
  • Thank you very much :) I used compile-time weaving and everything works fine. Btw, is there any reason for using load-time-weaving instead of compile-time-weaving? – Michał Feb 17 '12 at 14:39
  • @Michał the only reason might be that you don't want to spend build time on this task. Either approach is fine. – Les Hazlewood Mar 12 '12 at 17:48
  • SO as of apache shiro `1.2.0` using annotation in a spring(MVC) container is still dependent on AspectJ. as in we still need to add aspectj dependency to the lib folder as explained here http://stackoverflow.com/questions/7743749/shiro-authorization-permission-check-using-annotation-not-working#answer-8305355 ? – black sensei Sep 22 '12 at 17:19