[jira] [Created] (CXF-4934) JAXRSInvoker and Proxy classes (Spring Security)

Fri, 29 Mar 2013 02:49:19 -0700 

Fran Pregernik created CXF-4934:
-----------------------------------

             Summary: JAXRSInvoker and Proxy classes (Spring Security)
                 Key: CXF-4934
                 URL: https://issues.apache.org/jira/browse/CXF-4934
             Project: CXF
          Issue Type: Bug
          Components: JAX-RS
    Affects Versions: 2.7.3, 2.8.0
         Environment: Spring framework ver 3.1.3.RELEASE
            Reporter: Fran Pregernik


Hi,


I am aware of other tickets regarding the proxy invocation issues.

During development I noticed an exception popping up:
IllegalArgumentException: object not instance of class

I narrowed it down to AbstractInvoker.java:performInvocation(Exchange exchange, 
Object serviceObject, Method m, Object[] paramArray)

This kept happening whenever I added a @Secured annotation to a rest method. 
This annotation caused a Spring Security AOP Proxy to be passed to the default 
Invoker (JAXRSInvoker.java) instead of the original target class. Which is fine.

The problem (I think) is in the method performInvocation. The serviceObject 
parameter is a reference to the Proxy and not the target class causing the line:
{noformat}
return m.invoke(serviceObject, paramArray);
{noformat}

to fail with the above mentioned error.


I resolved this by extending JAXRSInvoker and registering it via:
{noformat}
<jaxrs:invoker>
    <bean class="hr.altima.web.security.SpringSecurityInvokerProxy"/>
</jaxrs:invoker>
{noformat}

and overriding the performInvocation method like so:
{noformat}
public class SpringSecurityInvokerProxy extends JAXRSInvoker {

    @Override
    protected Object performInvocation(Exchange exchange, Object serviceObject, 
Method m, Object[] paramArray) throws Exception {
        paramArray = insertExchange(m, paramArray, exchange);


        if (serviceObject instanceof Proxy) {
            try {
                return 
Proxy.getInvocationHandler(serviceObject).invoke(serviceObject, m, paramArray);
            } catch (Throwable throwable) {
                throw new Exception("Proxy invocation threw an exception", 
throwable);
            }
        } else {
            return m.invoke(serviceObject, paramArray);
        }
    }
}
{noformat}


My reasoning is that you want to call the proxied method (security check) and 
not the target method directly but the call through proxies should be done 
differently.

I am not saying this is the correct way to invoke proxies but it works for this 
situation although I prefer this to be built in the CXF lib.




--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to