Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-1342

RoleBasedSecurityFilter doesn't allow customizing response


    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 3.1.1.Final, 3.0.21.Final
    • 3.0.16.Final
    • jaxrs
    • None

      RESTEASY-1249 introduced default message for 403 errors generated by RoleBasedSecurityFilter. However, this default message cannot be overridden by an ExceptionMapper, because an ExceptionMapper is not executed on exceptions that already have an entity. This makes it impossible to customize the response body (or headers) for those errors, and is essentially a regression.

      Workaround: ContainerResponseFilter can still be used to customize response, but it would have to filter all responses by status and at that point exception info is already partially lost.

            kanovotn Katerina Odabasi (Inactive)
            koscejev Anton Koščejev (Inactive)
            0 Vote for this issue
            6 Start watching this issue