cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-5402) Cannot report customized error back from loginHandler to ResourceOwnerGrantHandler
Date Tue, 19 Nov 2013 21:33:21 GMT

     [ https://issues.apache.org/jira/browse/CXF-5402?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sergey Beryozkin resolved CXF-5402.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.7.8
                   3.0.0-milestone1
         Assignee: Sergey Beryozkin

I've update the handler to let the runtime exceptions escape to AccessTokenService, thanks,
you can throw OAuthServiceException initialized with OAuthError, JAX-RS exceptions or some
custom runtime exception and register JAX-RS ExceptionMapper for it. This is the best we can
do for now, the release is due shortly.
Also note, you can always register your own custom handler if any of the shipped handlers
has a bug which needs to fixed

Thanks

> Cannot report customized error back from loginHandler to ResourceOwnerGrantHandler
> ----------------------------------------------------------------------------------
>
>                 Key: CXF-5402
>                 URL: https://issues.apache.org/jira/browse/CXF-5402
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>    Affects Versions: 2.7.7
>            Reporter: Jason Wang
>            Assignee: Sergey Beryozkin
>             Fix For: 3.0.0-milestone1, 2.7.8
>
>
> You can supply loginHander, like MylongHandler to GrantHandler (like ResourceOwnerGrantHandler),
but there is no way to report back errors.
> All customized error message will be dropped by those lines.
>    try {
>             subject = loginHandler.createSubject(ownerName, ownerPassword);
>         } catch (Exception ex) { 
>             throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
>         }
> My suggestion would be to follow the AccessTokenService's example, which can support
writeCustomErrors by setting the property and report back OauthServiceException(CustomerFault()).



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message