I think SimplerequestProcessor incorrectly packages server-side runtime exceptions as ReportableException and RequestServlet returns HttpServletResponse.SC_OK instead of reporting the error.
I will describe in more details: I have UserRequest with findUser(String username) method. I have implemented all the necessary 'plumbing' and I can see request going all the way to the server, calling spring service (through static SpringHelper.getUserService()) and returning user to the client. However, I now want to enforce that only logged-in users can call findUser(...) method. I add some security configuration to the spring layer, so all unauthorized calls to the findUser(...) will throw a security exception. When following the above steps to fetch User object from the server, it fails as ReflectiveServiceLayer->invoke() will catch the org.springframework.security.authentication.AuthenticationCredentialsNotFoundException exception and wrap it into ReportableException. ReportableException is then caught by SimpleRequestProcessor->processInvocationMessages(...) and encoded in the SimpleRequestProcessor->process(...) into JSON object using AutoBeanCodex.encode(...) So client succefully recieves JSON object that contains exception (but not User). The client then reports that 'Uncaught exception escaped'. Obviously I would prefer to handle such (security) exceptions in a generic way, change response code from HttpServletResponse.SC_OK to HttpServletResponse.SC_UNAUTHORIZED. The problem is I cannot find easy way to map such exceptions. I do not want to subclass SimpleRequestProcessor's processInvocationMessages(...) or invoke(...) as there are no easy hooks there. any ideas please? thank you Eugen -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
