Hi
My web service client (e.g. soapUI) receives a HTTP status code 500 when the authenticated user is not authorized to call a method on an EJB (the user is lacking the required role).
I would have expected a 4xx code, e.g. 403 Forbidden (or 403 Method Not Allowed). IMHO, 500 Internal Server error is not appropriate in that case.
Am I to catch the exception and transform it to a 403 response? How would I do that?
regards
Leo