Great, thanks.
On 21 June 2010 16:56, Paul Sandoz <Paul.Sandoz_at_sun.com> wrote:
> Hi Jeff,
>
> It is a bug, I have logged an issue here:
>
> https://jersey.dev.java.net/issues/show_bug.cgi?id=549
>
> and i have a fix for it in my local workspace i should be able to commit
> today.
>
> Paul.
>
>
> On Jun 18, 2010, at 8:35 AM, Jeff Crump wrote:
>
> Hi,
>>
>> My application has a filter in which I check some security constraints
>> against the credentials associated with the requesting user. This works
>> properly for GET methods that I've implemented in my resources and
>> sub-resources.
>>
>> I've haing a problem, though, with the HEAD support provided by Jersey.
>> Since I don't explicitly declare a @HEAD method in my resources, it's ending
>> up at ResourceHeaderWrapperMethod. The upshot is that my security filter is
>> not being called -- while a GET is rejected (I return a 403), a HEAD of the
>> same resource is permitted. I expected HEAD to work by invoking GET and
>> then discarding the body, but obviously things don't work this way.
>>
>> The simple answer would be to add new @HEAD methods to all my resources
>> (and subresources) but I really don't want to do this. Is there a way to
>> use a filter or some other mechanism to handle this in a central place?
>>
>> Thanks,
>>
>> Jeff
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>
>