Marc Hadley said the following on 01/14/2009 05:27 PM:
>
>> 4. If a field initialization fails due to SecurityManager
>> restrictions then will it also be treated as a client error ?
>
> Seems like a 500 would be most appropriate since the error is due to
> misconfiguration on the server side.
forwarding the unchecked SecurityException to the container may cause
this to have the user log-in and the request to be repeated with
different permissions. So it would be nice if implementation would
forward at least AccessControlExceptions to the container regardless
whether they are thrown by the resource method (where they are currently
forwarded) or during parameter processing (where they aren't currently
forwarded).
Reto