[jira] Commented: (CXF-2345) Returning AOP/CGLIB proxy as Subresource throws Fault "object is not an instance of declaring class"

Fri, 17 Jul 2009 12:44:47 -0700 

    [ 
https://issues.apache.org/jira/browse/CXF-2345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12732698#action_12732698
 ] 

Sergey Beryozkin commented on CXF-2345:
---------------------------------------

Hi,

> In fact, my use case is that the rootresource class itself is secured, so I 
> guess that means in my specific use case, there's actually no need to protect 
> any of its methods and its subresources, is my assumption is correct? 

If your global root resource security rules apply to all 'leafs'/subresources, 
then yes, no need to secure the subresources or individual methods. One may 
want to do apply more fine-grained authorization rules in other cases.

I'll update the docs, there's so much that has to be added...
thanks, Sergey  

> Returning AOP/CGLIB proxy as Subresource throws Fault "object is not an 
> instance of declaring class"
> ----------------------------------------------------------------------------------------------------
>
>                 Key: CXF-2345
>                 URL: https://issues.apache.org/jira/browse/CXF-2345
>             Project: CXF
>          Issue Type: Bug
>          Components: REST
>    Affects Versions: 2.2.2
>            Reporter: Hendy Irawan
>            Assignee: Sergey Beryozkin
>             Fix For: 2.2.3, 2.3
>
>
> Test case:
> RootResource.java :
> public class RootResource {
>   @Path("subresource")
>   public abstract SubResource getSubResource();
> }
> In spring-beans.xml:
> <bean class="RootResource">
>   <lookup-method name="getSubResource" bean="subResource" />
> </bean>
> <bean id="subResource" class="SubResource" />
> Then the AOP proxied SubResource:
> @RolesAllowed({"ROLE_USER"}) // activate Spring Security global method 
> annotations
> public class SubResource {
> }
> Getting the /subresource will throw exception:
> org.apache.cxf.interceptor.Fault: object is not an instance of declaring 
> class while invoking
> Tried this workaround but not working: Make SubResource implement an 
> interface then on RootResource.getSubResource() use interface as the return 
> type, not the class

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to