cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CXF-2345) Returning AOP/CGLIB proxy as Subresource throws Fault "object is not an instance of declaring class"
Date Fri, 17 Jul 2009 19:44:14 GMT

    [ https://issues.apache.org/jira/browse/CXF-2345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12732698#action_12732698
] 

Sergey Beryozkin commented on CXF-2345:
---------------------------------------

Hi,

> In fact, my use case is that the rootresource class itself is secured, so I guess that
means in my specific use case, there's actually no need to protect any of its methods and
its subresources, is my assumption is correct? 

If your global root resource security rules apply to all 'leafs'/subresources, then yes, no
need to secure the subresources or individual methods. One may want to do apply more fine-grained
authorization rules in other cases.

I'll update the docs, there's so much that has to be added...
thanks, Sergey  

> Returning AOP/CGLIB proxy as Subresource throws Fault "object is not an instance of declaring
class"
> ----------------------------------------------------------------------------------------------------
>
>                 Key: CXF-2345
>                 URL: https://issues.apache.org/jira/browse/CXF-2345
>             Project: CXF
>          Issue Type: Bug
>          Components: REST
>    Affects Versions: 2.2.2
>            Reporter: Hendy Irawan
>            Assignee: Sergey Beryozkin
>             Fix For: 2.2.3, 2.3
>
>
> Test case:
> RootResource.java :
> public class RootResource {
>   @Path("subresource")
>   public abstract SubResource getSubResource();
> }
> In spring-beans.xml:
> <bean class="RootResource">
>   <lookup-method name="getSubResource" bean="subResource" />
> </bean>
> <bean id="subResource" class="SubResource" />
> Then the AOP proxied SubResource:
> @RolesAllowed({"ROLE_USER"}) // activate Spring Security global method annotations
> public class SubResource {
> }
> Getting the /subresource will throw exception:
> org.apache.cxf.interceptor.Fault: object is not an instance of declaring class while
invoking
> Tried this workaround but not working: Make SubResource implement an interface then on
RootResource.getSubResource() use interface as the return type, not the class

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message