Will try this (so simple!!!) and let you know :-) Thanks Marcus, PP
On Wed Aug 1 21:12:20 2012, Marcus Bond wrote: > Thanks for the info Paulo, I was just about to respond and say yes you're > right when I found this article > http://bhaveshthaker.com/blog/184/technical-article-customize-handling-server-side-exceptions-with-error-codes-using-exceptionmapper-with-jersey-jax-rs-in-java/ > > Basically you can implement an ExceptionMapper and annotate it with @Provider > so that Jersey finds it and viola no more try / catch nonsense :) Hopefully > now I can hook up Spring and use annotations all the way! > The class I wrote is below, hope this is of use to you! > > Regards, > Marcus. > > package com.marcusbond.jaxrs.shiro; > > import javax.ws.rs.core.Response; > import javax.ws.rs.core.Response.Status; > import javax.ws.rs.ext.ExceptionMapper; > import javax.ws.rs.ext.Provider; > > import org.apache.shiro.authz.AuthorizationException; > > @Provider > public class AuthorizationExceptionMapper implements > ExceptionMapper<AuthorizationException> { > > @Override > public Response toResponse(AuthorizationException exception) { > return Response.status(Status.FORBIDDEN).build(); > } > > } > > > > -----Original Message----- > From: Paulo Pires [mailto:[email protected]] > Sent: 01 August 2012 20:36 > To: [email protected] > Cc: Marcus Bond > Subject: Re: JAX-RS support > > I gave up on this and went with SecurityUtils. Am interested as well in a > more clean way to approach this issue :-) > > PP > > On Wed Aug 1 19:44:50 2012, Marcus Bond wrote: >> I was reading a post dating back some time >> (http://tim-sparg.blogspot.co.uk/2010/10/basic-authentication-and-auth >> orization_28.html) and in the comments Les mentions that “Seeing this >> makes me think that we should support the JAX RS Interceptor mechanism >> directly in Shiro”.. did anything ever come of this? >> >> >> >> I’d like to be able to check permissions in some JAX-RS services >> (Jersey) and when an authorization exception is thrown within a >> service method control how that is passed back to the client >> (currently Jersey gives a 500 internal error to the client but a 403 >> forbidden response would be preferred). Is there currently any way to >> do this with a filter / interceptor configuration or do I need to >> catch all authorization exceptions? Catching the exceptions is ok when >> using the SubjectUtils method of obtaining permissions but I would >> prefer to use the @RequiresPermissions annotation config instead since >> when using Spring AOP this becomes possible… I don’t ask for much J >> >> >> >> Any hints / tips / suggestions most welcome >> >> >> >> Regards, >> >> Marcus >> > > -- > Paulo Pires > -- Paulo Pires
