Hi, I am using Acegi fo a 3-tier Eclipse RCP application using HTTP remoting. It has come to my attention that when a remote call throws a AccessDeniedException, in the client it is translated to a RemoteInvocationException. It would be useful to have an AccessDeniedException in this cases instead.
As the AuthenticationSimpleHttpInvokerRequestExecutor can override the validateResponse method, it is fairly simple to examine the HTTP status code and throw the appropiate exception. I made a Snippet of it: public class AuthenticationHttpInvokerRequestExecutor extends AuthenticationSimpleHttpInvokerRequestExecutor { protected void validateResponse(HttpInvokerClientConfiguration config, HttpURLConnection con) throws IOException { if (con.getResponseCode() == 401) { throw new AccessDeniedException("Access Denied"); } else if (con.getResponseCode() == 403) { throw new AccessDeniedException("Acceso Denied"); } else { super.validateResponse(config, con); } } } It works good for me, therefore I think It would be a good idea to add it to the actual AuthenticationHttpInvokerRequestExecutor. What do you guys think? Regards, Camilo Arango. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer