users@jersey.java.net

Re: [Jersey] SpringContext eating exceptions

From: Reece Garrett <RGARRET_at_co.pierce.wa.us>
Date: Thu, 14 Aug 2008 09:19:35 -0700

Hey Paul,

Excellent; thanks for the quick reply. I tend to go brain dead after 4 PM so I didn't think to check the snapshot.

-Reece

>>> Paul Sandoz <Paul.Sandoz_at_Sun.COM> 8/14/2008 1:30 AM >>>
Hi Reece,

This is fixed in the 0.9 SNAPSHOT. The SpringServlet no longer overrides
the Servlet.service method.

Paul.

Reece Garrett wrote:
> Hello all,
>
> I am using spring security (provides security services for J2EE apps)
> with Jersey(version 0.8) and have encountered a problem. Without
> going into too much detail about the inner-workings of spring
> security it basically uses servlet filters, annotations, and AOP to
> secure resource methods. So the resource method is called and the AOP
> before-method code checks the user principal for the required
> permissions (defined in an annotation on that method). Runtime
> exceptions are thrown if the user is logged in but does not have
> sufficient permission or the user is not logged in. These exceptions
> are supposed to be handled by the spring security servlet filters,
> however, on lines 172-176 of
> com.sun.jersey.spi.spring.container.servlet.SpringServlet all runtime
> exceptions are caught and logged but not re-thrown.
>
> I am aware of the javax.ws.rs.ext.ExceptionMapper<E> interface that
> allows me to map Java exceptions to Responses. This works great when
> the user is logged in but has insufficient permissions; I simply map
> the exception to a 403 Response and I'm done. But when the user is
> not logged in I need the exception to reach spring security so that
> authentication can occur.
>
> I've temporarily fixed the problem by removing the try/catch block
> from SpringServlet but obviously I don't want to maintain that code.
> Can this change be integrated into the Jersey code base? I don't see
> any reason for SpringServlet to eat runtime exceptions especially
> given the ExceptionMapper interface.
>
> Thanks, -Reece
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net For
> additional commands, e-mail: users-help_at_jersey.dev.java.net
>

-- 
| ? + ? = To question
----------------\
    Paul Sandoz
         x38109
+33-4-76188109
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net 
For additional commands, e-mail: users-help_at_jersey.dev.java.net