[exo-jcr-commits] exo-jcr SVN: r3335 - ws/trunk/exo.ws.rest.ext/src/main/java/org/exoplatform/services/rest/ext/method/filter.

do-not-reply at jboss.org do-not-reply at jboss.org
Fri Oct 22 06:13:47 EDT 2010 

Author: aparfonov
Date: 2010-10-22 06:13:46 -0400 (Fri, 22 Oct 2010)
New Revision: 3335

Modified:
   ws/trunk/exo.ws.rest.ext/src/main/java/org/exoplatform/services/rest/ext/method/filter/MethodAccessFilter.java
Log:
EXOJCR-1002

Modified: ws/trunk/exo.ws.rest.ext/src/main/java/org/exoplatform/services/rest/ext/method/filter/MethodAccessFilter.java
===================================================================
--- ws/trunk/exo.ws.rest.ext/src/main/java/org/exoplatform/services/rest/ext/method/filter/MethodAccessFilter.java	2010-10-22 09:08:28 UTC (rev 3334)
+++ ws/trunk/exo.ws.rest.ext/src/main/java/org/exoplatform/services/rest/ext/method/filter/MethodAccessFilter.java	2010-10-22 10:13:46 UTC (rev 3335)
@@ -28,13 +28,15 @@
 import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.SecurityContext;
 
 /**
  * Contract of this class thats constrains access to the resource method that
- * use JSR-250 security common annotations. See also https://jsr250.dev.java.net .
- * 
+ * use JSR-250 security common annotations. See also https://jsr250.dev.java.net
+ * .
+ *
  * @author <a href="mailto:andrew00x at gmail.com">Andrey Parfonov</a>
  * @version $Id: $
  */
@@ -44,7 +46,7 @@
    /**
     * Check does <tt>method</tt> contains one on of security annotations
     * PermitAll, DenyAll, RolesAllowed.
-    * 
+    *
     * @see PermitAll
     * @see DenyAll
     * @see RolesAllowed {@inheritDoc}
@@ -66,7 +68,9 @@
          {
 
             // nobody allowed to call method
-            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).build());
+            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(
+               "You do not have access rights to this resource, please contact your administrator. ").type(
+               MediaType.TEXT_PLAIN).build());
 
          }
          if (ac == RolesAllowed.class)
@@ -78,14 +82,16 @@
                   return;
 
             // user is not in allowed roles
-            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).build());
+            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(
+               "You do not have access rights to this resource, please contact your administrator. ").type(
+               MediaType.TEXT_PLAIN).build());
          }
       }
    }
 
    /**
     * Extract roles from {@link RolesAllowed} annotation.
-    * 
+    *
     * @param roles See {@link RolesAllowed}
     * @return roles
     */

More information about the exo-jcr-commits mailing list