[jboss-jira] [JBoss JIRA] (WFLY-4097) JAX-RS Returns Wrong Repsonse Code When A Method Is Not Allowed
Stuart Douglas (JIRA)
issues at jboss.org
Wed Jan 7 17:51:29 EST 2015
[ https://issues.jboss.org/browse/WFLY-4097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stuart Douglas resolved WFLY-4097.
----------------------------------
Resolution: Rejected
This is not a bug. To return a 403 response code you need to create an ExceptionMapper for the EjbAccessException that can return any response you want.
> JAX-RS Returns Wrong Repsonse Code When A Method Is Not Allowed
> ---------------------------------------------------------------
>
> Key: WFLY-4097
> URL: https://issues.jboss.org/browse/WFLY-4097
> Project: WildFly
> Issue Type: Bug
> Components: EJB, REST, Security
> Affects Versions: 8.1.0.Final
> Environment: Windows 7
> Java 8u25
> WildFly 8.1.0.Final
> Reporter: shinzey shinzey
> Assignee: David Lloyd
> Priority: Critical
>
> My RESTful service is protected with @RolesAllowed:
> {quote}
> @Stateless
> @RolesAllowed("admin")
> @Path("admin")
> {quote}
> When a non-admin user is trying to request this service, it fails with 500 Internal Server Error, instead of 403 Forbidden. From the log we can see that @RolesAllowed is working as expected:
> {quote}
> org.jboss.resteasy.spi.UnhandledException: javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public zhyi.wildweb.AdminService zhyi.wildweb.AdminService.getUsers() of bean: AdminService is not allowed
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
More information about the jboss-jira
mailing list