Hi, Sergey, thank you so much for the reply. You are right, SS is added as a chain of filters to accomplish authentication and authorization before the invocation of CXF. we don't use it for service method level authorization. So it does not sound likely that I can use any exception mapper to get SS exceptions rendered the same way as CXF exceptions then. I do manually set the statuses of response when SS exceptions are seen. Just want to display them in a better format
On Wed, Feb 1, 2012 at 7:17 AM, Sergey Beryozkin <[email protected]>wrote: > Hi > > On 01/02/12 03:59, gigi shea wrote: > >> Hello, there, >> >> we have Spring Security (SS) to provide authentication and authorization >> for our web services impl. by CXF jax-rs. It works fine but for the >> exception part. When SS throws authentication/accessDenied exception, it >> will never reach CXF's exception mappers. But we'd like the exceptions >> handled uniformly. >> >> I've been searching online for solutions but cannot find any good one. Can >> someone please share some hints? really appreciate it >> >> In this demo > http://svn.apache.org/repos/**asf/cxf/trunk/distribution/** > src/main/release/samples/jax_**rs/spring_security/<http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/jax_rs/spring_security/> > > we use an exception mapper: > > http://svn.apache.org/repos/**asf/cxf/trunk/distribution/** > src/main/release/samples/jax_**rs/spring_security/src/main/** > java/demo/jaxrs/service/**SecurityExceptionMapper.java<http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/jax_rs/spring_security/src/main/java/demo/jaxrs/service/SecurityExceptionMapper.java> > > to convert the exception to 403. > > I suspect in your case Spring security is enforced before the CXF chain is > initiated, if yes, then you'd need to convert the exceptions to proper > statuses at the servlet filter level > > Cheers, Sergey > > -- > Sergey Beryozkin > > Talend Community Coders > http://coders.talend.com/ > > Blog: http://sberyozkin.blogspot.com >
