[JBoss JIRA] (WFLY-4097) JAX-RS Returns Wrong Repsonse Code When A Method Is Not Allowed

Wednesday, 7 January 2015

     [
https://issues.jboss.org/browse/WFLY-4097?page=com.atlassian.jira.plugin....
]

Stuart Douglas resolved WFLY-4097.
----------------------------------
    Resolution: Rejected

This is not a bug. To return a 403 response code you need to create an ExceptionMapper for
the EjbAccessException that can return any response you want. 

...
 JAX-RS Returns Wrong Repsonse Code When A Method Is Not Allowed
 ---------------------------------------------------------------

                 Key: WFLY-4097
                 URL: https://issues.jboss.org/browse/WFLY-4097
             Project: WildFly
          Issue Type: Bug
          Components: EJB, REST, Security
    Affects Versions: 8.1.0.Final
         Environment: Windows 7
 Java 8u25
 WildFly 8.1.0.Final
            Reporter: shinzey shinzey
            Assignee: David Lloyd
            Priority: Critical

 My RESTful service is protected with @RolesAllowed:
 {quote}
 @Stateless
 @RolesAllowed("admin")
 @Path("admin")
 {quote}
 When a non-admin user is trying to request this service, it fails with 500 Internal
Server Error, instead of 403 Forbidden. From the log we can see that @RolesAllowed is
working as expected:
 {quote}
 org.jboss.resteasy.spi.UnhandledException: javax.ejb.EJBAccessException: JBAS014502:
Invocation on method: public zhyi.wildweb.AdminService
zhyi.wildweb.AdminService.getUsers() of bean: AdminService is not allowed
 {quote} 

--
This message was sent by Atlassian JIRA
(v6.3.11#6341)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006