You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Fran Pregernik (JIRA)" <ji...@apache.org> on 2013/04/02 11:35:16 UTC
[jira] [Updated] (CXF-4934) JAXRSInvoker and Proxy classes (Spring
Security)
[ https://issues.apache.org/jira/browse/CXF-4934?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Fran Pregernik updated CXF-4934:
--------------------------------
Attachment: web-template-2.zip
Updated project - fixed AccessDeniedException by switching to Spring Security pre-post annotations.
> JAXRSInvoker and Proxy classes (Spring Security)
> ------------------------------------------------
>
> Key: CXF-4934
> URL: https://issues.apache.org/jira/browse/CXF-4934
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.7.3, 2.8.0
> Environment: Spring framework ver 3.1.3.RELEASE
> Reporter: Fran Pregernik
> Priority: Minor
> Labels: invoker, newbie, proxy, rest, springsecurity
> Attachments: web-template-2.zip, web-template.zip
>
>
> Hi,
> I am aware of other tickets regarding the proxy invocation issues.
> During development I noticed an exception popping up:
> IllegalArgumentException: object not instance of class
> I narrowed it down to AbstractInvoker.java:performInvocation(Exchange exchange, Object serviceObject, Method m, Object[] paramArray)
> This kept happening whenever I added a @Secured annotation to a rest method. This annotation caused a Spring Security AOP Proxy to be passed to the default Invoker (JAXRSInvoker.java) instead of the original target class. Which is fine.
> The problem (I think) is in the method performInvocation. The serviceObject parameter is a reference to the Proxy and not the target class causing the line:
> {noformat}
> return m.invoke(serviceObject, paramArray);
> {noformat}
> to fail with the above mentioned error.
> I resolved this by extending JAXRSInvoker and registering it via:
> {noformat}
> <jaxrs:invoker>
> <bean class="hr.altima.web.security.SpringSecurityInvokerProxy"/>
> </jaxrs:invoker>
> {noformat}
> and overriding the performInvocation method like so:
> {noformat}
> public class SpringSecurityInvokerProxy extends JAXRSInvoker {
> @Override
> protected Object performInvocation(Exchange exchange, Object serviceObject, Method m, Object[] paramArray) throws Exception {
> paramArray = insertExchange(m, paramArray, exchange);
> if (serviceObject instanceof Proxy) {
> try {
> return Proxy.getInvocationHandler(serviceObject).invoke(serviceObject, m, paramArray);
> } catch (Throwable throwable) {
> throw new Exception("Proxy invocation threw an exception", throwable);
> }
> } else {
> return m.invoke(serviceObject, paramArray);
> }
> }
> }
> {noformat}
> My reasoning is that you want to call the proxied method (security check) and not the target method directly but the call through proxies should be done differently.
> I am not saying this is the correct way to invoke proxies but it works for this situation although I prefer this to be built in the CXF lib.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira