I gave up on this and went with SecurityUtils. Am interested as well in a more clean way to approach this issue :-)
PP On Wed Aug 1 19:44:50 2012, Marcus Bond wrote: > I was reading a post dating back some time > (http://tim-sparg.blogspot.co.uk/2010/10/basic-authentication-and-authorization_28.html) > and in the comments Les mentions that “Seeing this makes me think that > we should support the JAX RS Interceptor mechanism directly in > Shiro”.. did anything ever come of this? > > > > I’d like to be able to check permissions in some JAX-RS services > (Jersey) and when an authorization exception is thrown within a > service method control how that is passed back to the client > (currently Jersey gives a 500 internal error to the client but a 403 > forbidden response would be preferred). Is there currently any way to > do this with a filter / interceptor configuration or do I need to > catch all authorization exceptions? Catching the exceptions is ok when > using the SubjectUtils method of obtaining permissions but I would > prefer to use the @RequiresPermissions annotation config instead since > when using Spring AOP this becomes possible… I don’t ask for much J > > > > Any hints / tips / suggestions most welcome > > > > Regards, > > Marcus > -- Paulo Pires
