On 29/10/13 13:49, Winnebeck, Jason wrote:
-----Original Message-----
From: Sergey Beryozkin [mailto:[email protected]]
Sent: Tuesday, October 29, 2013 9:14 AM
Right, it is a fault that the in chain is not aborted immediately when
Response becomes available as it interferes with the CXF interceptors
which 'think' the invocation is still ahead. Will have to investigate.
Please use
http://svn.apache.org/repos/asf/cxf/tags/cxf-
2.7.7/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/Sim
pleAuthorizingFilter.java
on the JAX-RS path instead, it should resolve this issue
OK, I see how that would work, but there's no code to scan the JSR-250
annotations, but it wouldn't be wild to port SecureAnnotationsInterceptor logic
over. However, I tried the original route using Spring Security and fixed. My
issue is that I have interface MyService and beans in api project, then
implementation project has class MyServiceImpl, which uses @Context. When
Spring Security creates java.lang.reflect.Proxy, the which can't extend
MyServiceImpl, and thus CXF JAX-RS cannot work with @Context fields and
methods. The solution was to create an interface MyServiceContext extends
MyService which has methods like @Context setUriInfo, then CXF will call
through the interface, which works against the proxy. So I no longer need the
interceptor approach. And since proxy throws exception from the calling method,
I can use standard JAX-RS ExceptionMapper.
That filter is simply initialized with a reference to
SecureAnnotationsInterceptor (or other authorizing interceptor), the
latter will scan the annotations as expected.
Re contexts, you can create a standalone interface only, called say
Injectable and have MyServiceImpl implementing both MyService & Injectable
Cheers, Sergey
Jason
----------------------------------------------------------------------
This email message and any attachments are for the sole use of the intended
recipient(s). Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message and any attachments.
