[
https://issues.apache.org/jira/browse/DELTASPIKE-449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13841300#comment-13841300
]
Rainer Schön commented on DELTASPIKE-449:
-----------------------------------------
I came across the same issue. In my opinion, it could be solved by providing an
additional security interceptor, say ExceptionHandlingAwareSecurityInterceptor.
This interceptor catches the AccessDenied exception and fires a
ExceptionToCatchEven instead:
{quote}
@Dependent // important, otherwise it gets not installed in CDI 1.1 when
bean-discovery-mode="annotated", alternatively you must set "all"
@SecurityInterceptorBinding
@Interceptor
public class ExceptionHandlingAwareSecurityInterceptor implements Serializable
{
private static final long serialVersionUID = 1L;
@Inject
private SecurityStrategy securityStrategy;
{color:red}
@Inject
private Event<ExceptionToCatchEvent> exEvt;
{color}
@AroundInvoke
public Object filterDeniedInvocations(InvocationContext invocationContext)
throws Exception
{
Object retval = null;
try {
retval = securityStrategy.execute(invocationContext);
} catch (AccessDeniedException e) {
{color:red}exEvt.fire(new ExceptionToCatchEvent(e));{color}
}
return retval;
}
}
{quote}
I implemented the idea above in my test environment (same package names as the
original interceptor of course) and it works as expected.
> ExceptionHandler not invoked for AccessDeniedException
> ------------------------------------------------------
>
> Key: DELTASPIKE-449
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-449
> Project: DeltaSpike
> Issue Type: New Feature
> Components: Security-Module
> Affects Versions: 0.5
> Environment: Glassfish 4 / Weld 2.0.4
> Reporter: John Schneider
> Assignee: Jason Porter
>
> When an
> org.apache.deltaspike.security.api.authorization.AccessDeniedException is
> thrown, a valid ExceptionHandler method is not invoked.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
