RE: [Method setSecurityContext can not be accessed due to security manager] RE: trying to inject javax.ws.rs.core.SecurityContext in a setter-style method

Wed, 02 Apr 2014 03:30:27 -0700 

Hi all,

I actually dig and the message is misleading.

Actually an InvocationTargetException is raised, with a targetException = 
NullPointerException.

That was in turn caused by me extracting the Principal out of the 
SecurityContext sooner than populated, especially in the context in which the 
actual SecurityContext implementation in runtime is a ThreadLocal proxy to the 
(perhaps yet inexistent) SecurityContext of this request.

Problem solved!
Thanks,
Nicu

-----Original Message-----
From: Sergey Beryozkin [mailto:[email protected]] 
Sent: Wednesday, April 02, 2014 1:27 PM
To: [email protected]
Subject: Re: [Method setSecurityContext can not be accessed due to security 
manager] RE: trying to inject javax.ws.rs.core.SecurityContext in a 
setter-style method

Hi Nicu,
I wonder if SecurityManager restrictions can be lifted a bit, something like 
this:
http://cxf.apache.org/docs/secure-jax-rs-services.html#SecureJAX-RSServices-NoteaboutSecurityManager

I'm not seeing CXF using PriviledAction to invoke on a given method 
reflectively, only done when dealing with fields, so I guess SecurityManager 
needs to be configured a bit

Sergey
On 02/04/14 11:09, Nicolae Marasoiu wrote:
> Hi,
>
> Changing the method name to setSecurityContext made the injection attempt 
> possible.
>
> However, even if removing final, the injector now reports (at runtime HTTP 
> call):
>
> Apr 02, 2014 1:05:44 PM org.apache.cxf.jaxrs.utils.InjectionUtils 
> reportServerError
> SEVERE: Method setSecurityContext can not be accessed due to security 
> manager restrictions
>
> Current method signature:
> @Context
>      public void setSecurityContext(SecurityContext context) {..}
>
> Thank you,
> Nicu Marasoiu
>
> From: Nicolae Marasoiu
> Sent: Wednesday, April 02, 2014 12:30 PM
> To: '[email protected]'
> Subject: trying to inject javax.ws.rs.core.SecurityContext in a 
> setter-style method
>
> Hello,
>
> I am trying to inject javax.ws.rs.core.SecurityContext in a setter-style 
> method, from the CXF controller (annotated with @Path) (to capture the 
> context and access it across layers):
>
>      @Context
>      public final void setContext(@Context javax.ws.rs.core.SecurityContext 
> context) {
>      }
>
> It does not call the method at all!
>
> Pls help,
> Thanks
> Nicu Marasoiu
>

Reply via email to