cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hendy Irawan (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CXF-2345) Returning AOP/CGLIB proxy as Subresource throws Fault "object is not an instance of declaring class"
Date Fri, 17 Jul 2009 17:21:14 GMT

    [ https://issues.apache.org/jira/browse/CXF-2345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12732616#action_12732616
] 

Hendy Irawan commented on CXF-2345:
-----------------------------------

Thank you Sergey for your excellent explanation. That definitely clears up everything.

I mistook your #2 point above as putting annotations on all methods on the subresource class,
as opposed to what you suggested putting the annotation on the rootresource method.

In fact, my use case is that the rootresource class itself is secured, so I guess that means
in my specific use case, there's actually no need to protect any of its methods and its subresources,
is my assumption is correct?

Your explanation is so excellent it begs inclusion in : http://cwiki.apache.org/CXF20DOC/jax-rs.html
There is very little discussion (or more accurately: example) on security there.

I'm new with JSR-250 security annotations but currently I'm thinking that for me, it's a best
practice approach to use CXF with Spring, Spring AOP, Spring Security Tiger, and JSR-250,
for all security/authn/authz needs.

Regarding injecting a SubResource to a property, I couldn't do it because the subresource
bean is a prototype one. It's still possible to,  say, inject a factory of SubResource to
the RootResource property, and then invoke that factory upon RootResource.getSubResource()
call, but I guess that's too much jumping hoops. ;-)

> Returning AOP/CGLIB proxy as Subresource throws Fault "object is not an instance of declaring
class"
> ----------------------------------------------------------------------------------------------------
>
>                 Key: CXF-2345
>                 URL: https://issues.apache.org/jira/browse/CXF-2345
>             Project: CXF
>          Issue Type: Bug
>          Components: REST
>    Affects Versions: 2.2.2
>            Reporter: Hendy Irawan
>            Assignee: Sergey Beryozkin
>             Fix For: 2.2.3, 2.3
>
>
> Test case:
> RootResource.java :
> public class RootResource {
>   @Path("subresource")
>   public abstract SubResource getSubResource();
> }
> In spring-beans.xml:
> <bean class="RootResource">
>   <lookup-method name="getSubResource" bean="subResource" />
> </bean>
> <bean id="subResource" class="SubResource" />
> Then the AOP proxied SubResource:
> @RolesAllowed({"ROLE_USER"}) // activate Spring Security global method annotations
> public class SubResource {
> }
> Getting the /subresource will throw exception:
> org.apache.cxf.interceptor.Fault: object is not an instance of declaring class while
invoking
> Tried this workaround but not working: Make SubResource implement an interface then on
RootResource.getSubResource() use interface as the return type, not the class

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message