cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-4934) JAXRSInvoker and Proxy classes (Spring Security)
Date Fri, 29 Mar 2013 18:23:16 GMT

    [ https://issues.apache.org/jira/browse/CXF-4934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13617579#comment-13617579
] 

Sergey Beryozkin commented on CXF-4934:
---------------------------------------

Hi - thanks for reporting the issue - good the see you've found a workaround. 
I've thought we've had most of these issues resolved - for example, see
http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/SecureBookInterface.java

this interface is implemented by

http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/SecureBookStore.java

and is referenced here:
http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_security/WEB-INF/beans.xml

I wonder what is  different in your case ?

                
> JAXRSInvoker and Proxy classes (Spring Security)
> ------------------------------------------------
>
>                 Key: CXF-4934
>                 URL: https://issues.apache.org/jira/browse/CXF-4934
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 2.7.3, 2.8.0
>         Environment: Spring framework ver 3.1.3.RELEASE
>            Reporter: Fran Pregernik
>            Priority: Minor
>              Labels: invoker, newbie, proxy, rest, springsecurity
>
> Hi,
> I am aware of other tickets regarding the proxy invocation issues.
> During development I noticed an exception popping up:
> IllegalArgumentException: object not instance of class
> I narrowed it down to AbstractInvoker.java:performInvocation(Exchange exchange, Object
serviceObject, Method m, Object[] paramArray)
> This kept happening whenever I added a @Secured annotation to a rest method. This annotation
caused a Spring Security AOP Proxy to be passed to the default Invoker (JAXRSInvoker.java)
instead of the original target class. Which is fine.
> The problem (I think) is in the method performInvocation. The serviceObject parameter
is a reference to the Proxy and not the target class causing the line:
> {noformat}
> return m.invoke(serviceObject, paramArray);
> {noformat}
> to fail with the above mentioned error.
> I resolved this by extending JAXRSInvoker and registering it via:
> {noformat}
> <jaxrs:invoker>
>     <bean class="hr.altima.web.security.SpringSecurityInvokerProxy"/>
> </jaxrs:invoker>
> {noformat}
> and overriding the performInvocation method like so:
> {noformat}
> public class SpringSecurityInvokerProxy extends JAXRSInvoker {
>     @Override
>     protected Object performInvocation(Exchange exchange, Object serviceObject, Method
m, Object[] paramArray) throws Exception {
>         paramArray = insertExchange(m, paramArray, exchange);
>         if (serviceObject instanceof Proxy) {
>             try {
>                 return Proxy.getInvocationHandler(serviceObject).invoke(serviceObject,
m, paramArray);
>             } catch (Throwable throwable) {
>                 throw new Exception("Proxy invocation threw an exception", throwable);
>             }
>         } else {
>             return m.invoke(serviceObject, paramArray);
>         }
>     }
> }
> {noformat}
> My reasoning is that you want to call the proxied method (security check) and not the
target method directly but the call through proxies should be done differently.
> I am not saying this is the correct way to invoke proxies but it works for this situation
although I prefer this to be built in the CXF lib.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message