Hello,

When a user is denied access to a resource annotated with @RolesAllowed,
RESTEasy throws an UnauthorizedException, which results in a 401 response
back to the client.  I'm curious as to why it doesn't respond with 403
Forbidden.  In my understanding of the HTTP protocol, a 401 response should
be returned if authentication is necessary (or if it fails), but in this
case, the user is authenticated successfully but is denied access to a
specific resource.  For my web service, I've created an
ExceptionMapper<UnauthorizedException>
to return 403 Forbidden responses, but I thought I'd ping the RESTEasy
community to gain some insight into the default behavior.

Thanks!

-Allen
------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of 
discussion for anyone considering optimizing the pricing and packaging model 
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users

Reply via email to