Hi, Sergey,

thank you so much for the reply. You are right, SS is added as a chain of
filters to accomplish authentication and authorization before the
invocation of CXF. we don't use it for service method level authorization.
So it does not sound likely that I can use any exception mapper to get SS
exceptions rendered the same way as CXF exceptions then. I do manually set
the statuses of response when SS exceptions are seen. Just want to display
them in a better format



On Wed, Feb 1, 2012 at 7:17 AM, Sergey Beryozkin <[email protected]>wrote:

> Hi
>
> On 01/02/12 03:59, gigi shea wrote:
>
>> Hello, there,
>>
>> we have Spring Security (SS) to provide authentication and authorization
>> for our web services impl. by CXF jax-rs. It works fine but for the
>> exception part. When SS throws authentication/accessDenied exception, it
>> will never reach CXF's exception mappers. But we'd like the exceptions
>> handled uniformly.
>>
>> I've been searching online for solutions but cannot find any good one. Can
>> someone please share some hints? really appreciate it
>>
>>  In this demo
> http://svn.apache.org/repos/**asf/cxf/trunk/distribution/**
> src/main/release/samples/jax_**rs/spring_security/<http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/jax_rs/spring_security/>
>
> we use an exception mapper:
>
> http://svn.apache.org/repos/**asf/cxf/trunk/distribution/**
> src/main/release/samples/jax_**rs/spring_security/src/main/**
> java/demo/jaxrs/service/**SecurityExceptionMapper.java<http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/jax_rs/spring_security/src/main/java/demo/jaxrs/service/SecurityExceptionMapper.java>
>
> to convert the exception to 403.
>
> I suspect in your case Spring security is enforced before the CXF chain is
> initiated, if yes, then you'd need to convert the exceptions to proper
> statuses at the servlet filter level
>
> Cheers, Sergey
>
> --
> Sergey Beryozkin
>
> Talend Community Coders
> http://coders.talend.com/
>
> Blog: http://sberyozkin.blogspot.com
>

Reply via email to