I was reading a post dating back some time (http://tim-sparg.blogspot.co.uk/2010/10/basic-authentication-and-authorizat ion_28.html) and in the comments Les mentions that "Seeing this makes me think that we should support the JAX RS Interceptor mechanism directly in Shiro".. did anything ever come of this?
I'd like to be able to check permissions in some JAX-RS services (Jersey) and when an authorization exception is thrown within a service method control how that is passed back to the client (currently Jersey gives a 500 internal error to the client but a 403 forbidden response would be preferred). Is there currently any way to do this with a filter / interceptor configuration or do I need to catch all authorization exceptions? Catching the exceptions is ok when using the SubjectUtils method of obtaining permissions but I would prefer to use the @RequiresPermissions annotation config instead since when using Spring AOP this becomes possible. I don't ask for much J Any hints / tips / suggestions most welcome Regards, Marcus
