[ 
https://issues.apache.org/jira/browse/DELTASPIKE-449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13841300#comment-13841300
 ] 

Rainer Schön commented on DELTASPIKE-449:
-----------------------------------------

I came across the same issue. In my opinion, it could be solved by providing an 
additional security interceptor, say ExceptionHandlingAwareSecurityInterceptor. 
This interceptor catches the AccessDenied exception and fires a 
ExceptionToCatchEven instead:
{quote}
@Dependent  // important, otherwise it gets not installed in CDI 1.1 when 
bean-discovery-mode="annotated", alternatively you must set "all"
@SecurityInterceptorBinding
@Interceptor
public class ExceptionHandlingAwareSecurityInterceptor implements Serializable
{
    private static final long serialVersionUID = 1L;

    @Inject
    private SecurityStrategy securityStrategy;
    {color:red}
    @Inject
    private Event<ExceptionToCatchEvent> exEvt;
   {color}

    @AroundInvoke
    public Object filterDeniedInvocations(InvocationContext invocationContext) 
throws Exception
    {
        
        Object retval = null;
      
        try {
                retval = securityStrategy.execute(invocationContext);
        
        }  catch (AccessDeniedException e) {
        
                  {color:red}exEvt.fire(new ExceptionToCatchEvent(e));{color}   
                                
        }
 
        return retval; 
    }
}
{quote}

I implemented the idea above in my test environment (same package names as the 
original interceptor of course) and it works as expected.

> ExceptionHandler not invoked for AccessDeniedException
> ------------------------------------------------------
>
>                 Key: DELTASPIKE-449
>                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-449
>             Project: DeltaSpike
>          Issue Type: New Feature
>          Components: Security-Module
>    Affects Versions: 0.5
>         Environment: Glassfish 4 / Weld 2.0.4
>            Reporter: John Schneider
>            Assignee: Jason Porter
>
> When an 
> org.apache.deltaspike.security.api.authorization.AccessDeniedException is 
> thrown, a valid ExceptionHandler method is not invoked.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to