RE: JAX-RS support

[Marcus Bond]

Thanks for the info Paulo, I was just about to respond and say yes you're right 
when I found this article 
http://bhaveshthaker.com/blog/184/technical-article-customize-handling-server-side-exceptions-with-error-codes-using-exceptionmapper-with-jersey-jax-rs-in-java/

Basically you can implement an ExceptionMapper and annotate it with @Provider 
so that Jersey finds it and viola no more try / catch nonsense :) Hopefully now 
I can hook up Spring and use annotations all the way!
The class I wrote is below, hope this is of use to you!

Regards,
Marcus.

package com.marcusbond.jaxrs.shiro;

import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.ext.ExceptionMapper;
import javax.ws.rs.ext.Provider;

import org.apache.shiro.authz.AuthorizationException;

@Provider
public class AuthorizationExceptionMapper implements 
ExceptionMapper<AuthorizationException> {

        @Override
        public Response toResponse(AuthorizationException exception) {
                return Response.status(Status.FORBIDDEN).build();
        }

}



-----Original Message-----
From: Paulo Pires [mailto:pjpi...@ubiwhere.com] 
Sent: 01 August 2012 20:36
To: user@shiro.apache.org
Cc: Marcus Bond
Subject: Re: JAX-RS support

I gave up on this and went with SecurityUtils. Am interested as well in a more 
clean way to approach this issue :-)

PP

On Wed Aug  1 19:44:50 2012, Marcus Bond wrote:
> I was reading a post dating back some time
> (http://tim-sparg.blogspot.co.uk/2010/10/basic-authentication-and-auth
> orization_28.html) and in the comments Les mentions that “Seeing this 
> makes me think that we should support the JAX RS Interceptor mechanism 
> directly in Shiro”.. did anything ever come of this?
>
>
>
> I’d like to be able to check permissions in some JAX-RS services
> (Jersey) and when an authorization exception is thrown within a 
> service method control how that is passed back to the client 
> (currently Jersey gives a 500 internal error to the client but a 403 
> forbidden response would be preferred). Is there currently any way to 
> do this with a filter / interceptor configuration or do I need to 
> catch all authorization exceptions? Catching the exceptions is ok when 
> using the SubjectUtils method of obtaining permissions but I would 
> prefer to use the @RequiresPermissions annotation config instead since 
> when using Spring AOP this becomes possible… I don’t ask for much J
>
>
>
> Any hints / tips / suggestions most welcome
>
>
>
> Regards,
>
> Marcus
>

--
Paulo Pires