cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fran Pregernik (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CXF-4934) JAXRSInvoker and Proxy classes (Spring Security)
Date Sat, 30 Mar 2013 05:43:15 GMT

     [ https://issues.apache.org/jira/browse/CXF-4934?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Fran Pregernik updated CXF-4934:
--------------------------------

    Attachment: web-template.zip

Demo project
                
> JAXRSInvoker and Proxy classes (Spring Security)
> ------------------------------------------------
>
>                 Key: CXF-4934
>                 URL: https://issues.apache.org/jira/browse/CXF-4934
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 2.7.3, 2.8.0
>         Environment: Spring framework ver 3.1.3.RELEASE
>            Reporter: Fran Pregernik
>            Priority: Minor
>              Labels: invoker, newbie, proxy, rest, springsecurity
>         Attachments: web-template.zip
>
>
> Hi,
> I am aware of other tickets regarding the proxy invocation issues.
> During development I noticed an exception popping up:
> IllegalArgumentException: object not instance of class
> I narrowed it down to AbstractInvoker.java:performInvocation(Exchange exchange, Object
serviceObject, Method m, Object[] paramArray)
> This kept happening whenever I added a @Secured annotation to a rest method. This annotation
caused a Spring Security AOP Proxy to be passed to the default Invoker (JAXRSInvoker.java)
instead of the original target class. Which is fine.
> The problem (I think) is in the method performInvocation. The serviceObject parameter
is a reference to the Proxy and not the target class causing the line:
> {noformat}
> return m.invoke(serviceObject, paramArray);
> {noformat}
> to fail with the above mentioned error.
> I resolved this by extending JAXRSInvoker and registering it via:
> {noformat}
> <jaxrs:invoker>
>     <bean class="hr.altima.web.security.SpringSecurityInvokerProxy"/>
> </jaxrs:invoker>
> {noformat}
> and overriding the performInvocation method like so:
> {noformat}
> public class SpringSecurityInvokerProxy extends JAXRSInvoker {
>     @Override
>     protected Object performInvocation(Exchange exchange, Object serviceObject, Method
m, Object[] paramArray) throws Exception {
>         paramArray = insertExchange(m, paramArray, exchange);
>         if (serviceObject instanceof Proxy) {
>             try {
>                 return Proxy.getInvocationHandler(serviceObject).invoke(serviceObject,
m, paramArray);
>             } catch (Throwable throwable) {
>                 throw new Exception("Proxy invocation threw an exception", throwable);
>             }
>         } else {
>             return m.invoke(serviceObject, paramArray);
>         }
>     }
> }
> {noformat}
> My reasoning is that you want to call the proxied method (security check) and not the
target method directly but the call through proxies should be done differently.
> I am not saying this is the correct way to invoke proxies but it works for this situation
although I prefer this to be built in the CXF lib.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message