Works like a charm! So easy... :-s Tks, PP
On Thu Aug 2 10:58:37 2012, Paulo Pires wrote: > Will try this (so simple!!!) and let you know :-) > > Thanks Marcus, > PP > > On Wed Aug 1 21:12:20 2012, Marcus Bond wrote: >> Thanks for the info Paulo, I was just about to respond and say yes you're >> right when I found this article >> http://bhaveshthaker.com/blog/184/technical-article-customize-handling-server-side-exceptions-with-error-codes-using-exceptionmapper-with-jersey-jax-rs-in-java/ >> >> Basically you can implement an ExceptionMapper and annotate it with >> @Provider so that Jersey finds it and viola no more try / catch nonsense :) >> Hopefully now I can hook up Spring and use annotations all the way! >> The class I wrote is below, hope this is of use to you! >> >> Regards, >> Marcus. >> >> package com.marcusbond.jaxrs.shiro; >> >> import javax.ws.rs.core.Response; >> import javax.ws.rs.core.Response.Status; >> import javax.ws.rs.ext.ExceptionMapper; >> import javax.ws.rs.ext.Provider; >> >> import org.apache.shiro.authz.AuthorizationException; >> >> @Provider >> public class AuthorizationExceptionMapper implements >> ExceptionMapper<AuthorizationException> { >> >> @Override >> public Response toResponse(AuthorizationException exception) { >> return Response.status(Status.FORBIDDEN).build(); >> } >> >> } >> >> >> >> -----Original Message----- >> From: Paulo Pires [mailto:[email protected]] >> Sent: 01 August 2012 20:36 >> To: [email protected] >> Cc: Marcus Bond >> Subject: Re: JAX-RS support >> >> I gave up on this and went with SecurityUtils. Am interested as well in a >> more clean way to approach this issue :-) >> >> PP >> >> On Wed Aug 1 19:44:50 2012, Marcus Bond wrote: >>> I was reading a post dating back some time >>> (http://tim-sparg.blogspot.co.uk/2010/10/basic-authentication-and-auth >>> orization_28.html) and in the comments Les mentions that “Seeing this >>> makes me think that we should support the JAX RS Interceptor mechanism >>> directly in Shiro”.. did anything ever come of this? >>> >>> >>> >>> I’d like to be able to check permissions in some JAX-RS services >>> (Jersey) and when an authorization exception is thrown within a >>> service method control how that is passed back to the client >>> (currently Jersey gives a 500 internal error to the client but a 403 >>> forbidden response would be preferred). Is there currently any way to >>> do this with a filter / interceptor configuration or do I need to >>> catch all authorization exceptions? Catching the exceptions is ok when >>> using the SubjectUtils method of obtaining permissions but I would >>> prefer to use the @RequiresPermissions annotation config instead since >>> when using Spring AOP this becomes possible… I don’t ask for much J >>> >>> >>> >>> Any hints / tips / suggestions most welcome >>> >>> >>> >>> Regards, >>> >>> Marcus >>> >> >> -- >> Paulo Pires >> > > -- > Paulo Pires -- Paulo Pires
