I figured it out. What's happening is that I was getting confused by
trying to test with a browser. The error response I showed below is,
in fact, a 403 but with no body. I just need to figure out how to
control that.
On Wed, Jun 2, 2010 at 9:23 AM, Christopher Piggott <cpiggott_at_gmail.com> wrote:
> I wrote:
>
>> Could that be the problem - that I'm injecting the SecurityContext
>> into the method call rather than into the resource class itself?
>
> That seemed to fix it, actually:
>
> Request
> GET http://localhost:8000/ HTTP/1.0
> Accept: text/plain
> Authorization: Basic [redacted]
>
> Response when user is not in group
> HTTP/1.1 403 Forbidden
> server: grizzly/1.9.18
> Date: Wed, 02 Jun 2010 13:19:56 GMT
> Connection: close
>
> Response when user is in group
> HTTP/1.1 200 OK
> server: grizzly/1.9.18
> Content-Type: text/plain
> Date: Wed, 02 Jun 2010 13:22:53 GMT
> Connection: close
>
> Sorry for the false alarm, I must have been doing something stupid.
>
> --Chris
>