> Message: 4 > Date: Thu, 11 Jan 2007 08:15:09 +1100 > From: Ben Alex <[EMAIL PROTECTED]> > Subject: Re: [Acegisecurity-developer] > AuthenticationSimpleHttpInvokerRequestExecutor should validate > response codes? > To: acegisecurity-developer@lists.sourceforge.net > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=us-ascii > > Camilo Arango wrote: > > Not always. I seems that only exceptions thrown by the called object > > are propagated by the client. In my case, the exception is thrown by a > > filter, and therefore the call to the Spring remoting proxy never > > occurs and I get and ugly 500 response code at the client. > > > > What would be the best thing to do in that case? > > Depends where ExceptionTranslationFilter appears in your chain. Which > filter is throwing the exception, and where is ETF in your chain? > > Cheers > Ben
The filter chain is the following: authenticationProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor The exception is thrown by the filterInvocationInterceptor, and then the exceptionTranslationFilter sends a 401 code to the client. If the exceptionTranslationFilter is removed from the chain, the client receives a 500 code. As far as I understand, the serialization of exceptions is performed by the Spring Remoting servlet, which is invoked after the filterInvocationInterceptor. Therefore, if the filterInvocationInterceptor throws an exception before calling the servlet, that exception is never serialized. One solution I have found is removing both the exceptionTranslationFilter and filterInvocationInterceptor from the chain and managing authorization with AOP. That way, the exceptions are serialized correctly. Nevertheless, I think it would be nice that the 401 codes received by the client would be translated by the AuthenticationSimpleHttpInvokerRequestExecutor into AccessDeniedExceptions. Regards, Camilo Arango. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
