> -----Original Message----- > From: Sergey Beryozkin [mailto:[email protected]] > Sent: Tuesday, October 29, 2013 9:14 AM > > Right, it is a fault that the in chain is not aborted immediately when > Response becomes available as it interferes with the CXF interceptors > which 'think' the invocation is still ahead. Will have to investigate. > > Please use > http://svn.apache.org/repos/asf/cxf/tags/cxf- > 2.7.7/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/Sim > pleAuthorizingFilter.java > > on the JAX-RS path instead, it should resolve this issue
OK, I see how that would work, but there's no code to scan the JSR-250 annotations, but it wouldn't be wild to port SecureAnnotationsInterceptor logic over. However, I tried the original route using Spring Security and fixed. My issue is that I have interface MyService and beans in api project, then implementation project has class MyServiceImpl, which uses @Context. When Spring Security creates java.lang.reflect.Proxy, the which can't extend MyServiceImpl, and thus CXF JAX-RS cannot work with @Context fields and methods. The solution was to create an interface MyServiceContext extends MyService which has methods like @Context setUriInfo, then CXF will call through the interface, which works against the proxy. So I no longer need the interceptor approach. And since proxy throws exception from the calling method, I can use standard JAX-RS ExceptionMapper. Jason ---------------------------------------------------------------------- This email message and any attachments are for the sole use of the intended recipient(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments.
