[jboss-jira] [JBoss JIRA] (WFLY-4097) JAX-RS Returnes Wrong Repsonse Code When A Method Is Not Allowed
shinzey shinzey (JIRA)
issues at jboss.org
Wed Nov 19 00:59:39 EST 2014
shinzey shinzey created WFLY-4097:
-------------------------------------
Summary: JAX-RS Returnes Wrong Repsonse Code When A Method Is Not Allowed
Key: WFLY-4097
URL: https://issues.jboss.org/browse/WFLY-4097
Project: WildFly
Issue Type: Bug
Components: EJB, REST, Security
Affects Versions: 8.1.0.Final
Environment: Windows 7
Java 8u25
WildFly 8.1.0.Final
Reporter: shinzey shinzey
Assignee: David Lloyd
Priority: Critical
My RESTful service is protected with @RolesAllowed:
{quote}
@Stateless
@RolesAllowed("admin")
@Path("admin")
{quote}
When a non-admin user is trying to request this service, it fails with a HTTP 500 response, instead of 401. From the log we can see that @RolesAllowed is working as expected:
{quote}
org.jboss.resteasy.spi.UnhandledException: javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public zhyi.wildweb.AdminService zhyi.wildweb.AdminService.getUsers() of bean: AdminService is not allowed
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.8#6338)
More information about the jboss-jira
mailing list