[jboss-jira] [JBoss JIRA] (WFLY-4097) JAX-RS Returnes Wrong Repsonse Code When A Method Is Not Allowed

shinzey shinzey (JIRA) issues at jboss.org
Wed Nov 19 01:01:39 EST 2014 

     [ https://issues.jboss.org/browse/WFLY-4097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

shinzey shinzey updated WFLY-4097:
----------------------------------
    Description: 
My RESTful service is protected with @RolesAllowed:
{quote}
@Stateless
@RolesAllowed("admin")
@Path("admin")
{quote}
When a non-admin user is trying to request this service, it fails with 500 Internal Server Error, instead of 401 Unauthorized. From the log we can see that @RolesAllowed is working as expected:
{quote}
org.jboss.resteasy.spi.UnhandledException: javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public zhyi.wildweb.AdminService zhyi.wildweb.AdminService.getUsers() of bean: AdminService is not allowed
{quote}

  was:
My RESTful service is protected with @RolesAllowed:
{quote}
@Stateless
@RolesAllowed("admin")
@Path("admin")
{quote}
When a non-admin user is trying to request this service, it fails with a HTTP 500 response, instead of 401. From the log we can see that @RolesAllowed is working as expected:
{quote}
org.jboss.resteasy.spi.UnhandledException: javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public zhyi.wildweb.AdminService zhyi.wildweb.AdminService.getUsers() of bean: AdminService is not allowed
{quote}



> JAX-RS Returnes Wrong Repsonse Code When A Method Is Not Allowed
> ----------------------------------------------------------------
>
>                 Key: WFLY-4097
>                 URL: https://issues.jboss.org/browse/WFLY-4097
>             Project: WildFly
>          Issue Type: Bug
>          Components: EJB, REST, Security
>    Affects Versions: 8.1.0.Final
>         Environment: Windows 7
> Java 8u25
> WildFly 8.1.0.Final
>            Reporter: shinzey shinzey
>            Assignee: David Lloyd
>            Priority: Critical
>
> My RESTful service is protected with @RolesAllowed:
> {quote}
> @Stateless
> @RolesAllowed("admin")
> @Path("admin")
> {quote}
> When a non-admin user is trying to request this service, it fails with 500 Internal Server Error, instead of 401 Unauthorized. From the log we can see that @RolesAllowed is working as expected:
> {quote}
> org.jboss.resteasy.spi.UnhandledException: javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public zhyi.wildweb.AdminService zhyi.wildweb.AdminService.getUsers() of bean: AdminService is not allowed
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.8#6338)

More information about the jboss-jira mailing list