On Jan 14, 2009, at 2:52 PM, Reto Bachmann-Gmür wrote:
> Marc Hadley said the following on 01/14/2009 05:27 PM:
>>
>>> 4. If a field initialization fails due to SecurityManager
>>> restrictions then will it also be treated as a client error ?
>>
>> Seems like a 500 would be most appropriate since the error is due to
>> misconfiguration on the server side.
> forwarding the unchecked SecurityException to the container may cause
> this to have the user log-in and the request to be repeated with
> different permissions. So it would be nice if implementation would
> forward at least AccessControlExceptions to the container regardless
> whether they are thrown by the resource method (where they are
> currently
> forwarded) or during parameter processing (where they aren't currently
> forwarded).
>
Hmm, I would have thought that any workable JAX-RS codebase needs to
be granted java.lang.ReflectPermission("suppressAccessChecks")
irrespective of the current user principle ?
Marc.
---
Marc Hadley <marc.hadley at sun.com>
CTO Office, Sun Microsystems.