[ https://issues.apache.org/jira/browse/JENA-2055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17287906#comment-17287906 ]
Andy Seaborne commented on JENA-2055: ------------------------------------- Thank for the patch! There are other routes that can cause the same situation - accessing the protected data with graph store protocol or SPARQL Update. These are all be handled once if the {{OperationDeniedException}} exception is caught in the main loop of request processing: [ActionExecLib.java#L115|https://github.com/apache/jena/blob/b2d3991615d6ee87f89397b8dd13944487650fce/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/servlets/ActionExecLib.java#L115] with a general message "Request forbidden". If you want per operation error strings, there'll need to catch in each operation operation, but I don't see that is useful in any way and a blunt "You can't do that" is fine. There ought to be handling in the main loop anyway to be robust to new operations being added. > handle properly the denied access generated by jena-permission security > evaluator > --------------------------------------------------------------------------------- > > Key: JENA-2055 > URL: https://issues.apache.org/jira/browse/JENA-2055 > Project: Apache Jena > Issue Type: Bug > Components: Fuseki > Affects Versions: Jena 3.17.0 > Environment: jena-fuseki 3.17.0 > openjdk version "1.8.0_275" > Reporter: info parlepeuple > Priority: Major > Labels: fuseki2, permission > Attachments: > 0001-handle-properly-the-denied-access-generated-by-jena-.patch > > > When the dataset is secured with [jena > permission|https://jena.apache.org/documentation/permissions/] , and some > access is denied, an exception is thrown from the SecuredGraph. > This exception is not catched in SPARQLQueryProcessor, which results in a 500 > error returned to the HTTP client. > exception OperationDeniedException should return a 403, not a 500. > > attached is the patch ! > > -- This message was sent by Atlassian Jira (v8.3.4#803005)