Hi,
I am using Acegi fo a 3-tier Eclipse RCP application using HTTP
remoting. It has come to my attention that when a remote call throws a
AccessDeniedException, in the client it is translated to a
RemoteInvocationException. It would be useful to have an
AccessDeniedException in this cases instead.
As the AuthenticationSimpleHttpInvokerRequestExecutor can override the
validateResponse method, it is fairly simple to examine the HTTP
status code and throw the appropiate exception. I made a Snippet of
it:
public class AuthenticationHttpInvokerRequestExecutor extends
AuthenticationSimpleHttpInvokerRequestExecutor {
protected void validateResponse(HttpInvokerClientConfiguration config,
HttpURLConnection con) throws IOException {
if (con.getResponseCode() == 401) {
throw new AccessDeniedException("Access Denied");
} else if (con.getResponseCode() == 403) {
throw new AccessDeniedException("Acceso Denied");
} else {
super.validateResponse(config, con);
}
}
}
It works good for me, therefore I think It would be a good idea to add
it to the actual AuthenticationHttpInvokerRequestExecutor.
What do you guys think?
Regards,
Camilo Arango.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
