Quantcast

how to handle org.apache.shiro.authz.UnauthorizedException Exception in a webapp+spring

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

how to handle org.apache.shiro.authz.UnauthorizedException Exception in a webapp+spring

blacksensei
i've started using shiro 1.1.0 in a web application using spring mvc 3.0.5 and zk 5.0.8 as admin. i wasn't having shiro annotation working so i specified the requiredroles in the security application context :

/admin = authc, roles[ADMIN]
which works fine and redirect me to the unautorized paged i created. Now i got the Annotation working so i used @RequiresRoles(value={"manager","admin","superadmin"}) on top of a class:

@RequiresRoles(value = {"manager","admin","superadmin"})
public class ContentController extends GenericForwardComposer {...}


and it throws

org.apache.shiro.authz.UnauthorizedException: Subject does not have role [manager]

Is there anything to activate when using annotation for these kind of authorization to be caught?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: how to handle org.apache.shiro.authz.UnauthorizedException Exception in a webapp+spring

Les Hazlewood-2
Most people set up a Spring MVC 'catch all' exception handler that
will automatically forward the end-user to a different page - e.g. an
'unauthorized' view.  Look at the Spring @ExceptionHandler annotation
or the ExceptionHandlerResolver:

http://stackoverflow.com/questions/2538031/spring-mvc-best-practice-handling-unrecoverable-exceptions-in-controller
and
http://www.captaindebug.com/2012/02/spring-3-mvc-exception-handlers.html

HTH,

--
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com
Loading...