403 is what I expected... not sure why I'm not getting it.
I'm using
guice 2.0
jersey-guice 1.2
jersey-server 1.2
grizzly 1.9.18
guice-servlet 2.0
My test resource looks like:
@Path("/")
public class RootResource {
...
@GET
@Produces("text/plain")
@RolesAllowed({"user"})
public Response getSomething(@Context SecurityContext sc) throws
JAXBException {
}
}
Could that be the problem - that I'm injecting the SecurityContext
into the method call rather than into the resource class itself? I
tried moving it out as just a class member, but then it wasn't getting
injected at all. I didn't try again, though.
The only other thing I can think of is that I'm doing something wrong
setting up grizzly ... but I can't think what that would be. I do
have some exception mappers set up, though I don't have one for
SecurityException.
On Wed, Jun 2, 2010 at 5:28 AM, Paul Sandoz <Paul.Sandoz_at_sun.com> wrote:
> On Jun 1, 2010, at 10:59 PM, Christopher Piggott wrote:
>>
>> If no roles match your resource methods marked @RolesAllowed what is
>> supposed to happen? I get a blank result, but no real indication that
>> it failed because of a permissions problem.
>
> If the authenticated user is not n any of the roles declared by
> @RolesAllowed then a 403 (Forbidden) response is returned.
>
> What app/web server and client are you using?
>
> Jersey does not include an entity in such a response so that the developer
> can use an exception mapper or servlet error mapping to customize.
>
> Paul.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>
>