cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-4934) JAXRSInvoker and Proxy classes (Spring Security)
Date Sun, 31 Mar 2013 19:41:15 GMT

    [ https://issues.apache.org/jira/browse/CXF-4934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13618451#comment-13618451
] 

Sergey Beryozkin commented on CXF-4934:
---------------------------------------

Hi - thanks for attaching the test project.

What I've found out is that changing CrudService to have "public Response findById(Long id);"
instead of "public Response findById(I id);" fixes the issue. JAX-RS runtime tries to find
out which method to invoke on the proxy and I guess CrudService methods have actually Object
parameters due to the erasure so the runtime can not spot the actual method on the proxy so
it fails and the workaround is needed.

I'm not sure yet if we can generalize what you typed in the custom invoker...


 

Note that even with your custom service invoker, SpringSecurity still blocks 'findById' with
403, it kind of works during the 1st attempt but then fails after the retry.  




                
> JAXRSInvoker and Proxy classes (Spring Security)
> ------------------------------------------------
>
>                 Key: CXF-4934
>                 URL: https://issues.apache.org/jira/browse/CXF-4934
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 2.7.3, 2.8.0
>         Environment: Spring framework ver 3.1.3.RELEASE
>            Reporter: Fran Pregernik
>            Priority: Minor
>              Labels: invoker, newbie, proxy, rest, springsecurity
>         Attachments: web-template.zip
>
>
> Hi,
> I am aware of other tickets regarding the proxy invocation issues.
> During development I noticed an exception popping up:
> IllegalArgumentException: object not instance of class
> I narrowed it down to AbstractInvoker.java:performInvocation(Exchange exchange, Object
serviceObject, Method m, Object[] paramArray)
> This kept happening whenever I added a @Secured annotation to a rest method. This annotation
caused a Spring Security AOP Proxy to be passed to the default Invoker (JAXRSInvoker.java)
instead of the original target class. Which is fine.
> The problem (I think) is in the method performInvocation. The serviceObject parameter
is a reference to the Proxy and not the target class causing the line:
> {noformat}
> return m.invoke(serviceObject, paramArray);
> {noformat}
> to fail with the above mentioned error.
> I resolved this by extending JAXRSInvoker and registering it via:
> {noformat}
> <jaxrs:invoker>
>     <bean class="hr.altima.web.security.SpringSecurityInvokerProxy"/>
> </jaxrs:invoker>
> {noformat}
> and overriding the performInvocation method like so:
> {noformat}
> public class SpringSecurityInvokerProxy extends JAXRSInvoker {
>     @Override
>     protected Object performInvocation(Exchange exchange, Object serviceObject, Method
m, Object[] paramArray) throws Exception {
>         paramArray = insertExchange(m, paramArray, exchange);
>         if (serviceObject instanceof Proxy) {
>             try {
>                 return Proxy.getInvocationHandler(serviceObject).invoke(serviceObject,
m, paramArray);
>             } catch (Throwable throwable) {
>                 throw new Exception("Proxy invocation threw an exception", throwable);
>             }
>         } else {
>             return m.invoke(serviceObject, paramArray);
>         }
>     }
> }
> {noformat}
> My reasoning is that you want to call the proxied method (security check) and not the
target method directly but the call through proxies should be done differently.
> I am not saying this is the correct way to invoke proxies but it works for this situation
although I prefer this to be built in the CXF lib.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message