Hello everybody,
I'm using Spring security on top of a REST web application that uses
Jersey. This application declares a filter
"org.springframework.security.ui.ExceptionTranslationFilter" that
handles org.springframework.security.AccessDeniedException in the filter
chain.
From the Jersey side, I also use a translator
"javax.ws.rs.ext.ExceptionMapper" that converts any caught exceptions
into appropriate http responses. Unfortunately, with this filter the
AccessDenied is also caught and thus never propagated to the spring
security filter.
So, what is the best way of dealing with that ? Rethrow the exception
within the toResponse() method of the ExceptionMapper implementation
doesn't work ! Jersey considers this like a severe error and reports it
but does not propagate the exception to the caller.
Thanks for any help.
Chris.