Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-4097

JAX-RS Returns Wrong Repsonse Code When A Method Is Not Allowed

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Critical Critical
    • None
    • 8.1.0.Final
    • EJB, REST, Security
    • None

    • Windows 7
      Java 8u25
      WildFly 8.1.0.Final

      My RESTful service is protected with @RolesAllowed:

      @Stateless
      @RolesAllowed("admin")
      @Path("admin")

      When a non-admin user is trying to request this service, it fails with 500 Internal Server Error, instead of 403 Forbidden. From the log we can see that @RolesAllowed is working as expected:

      org.jboss.resteasy.spi.UnhandledException: javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public zhyi.wildweb.AdminService zhyi.wildweb.AdminService.getUsers() of bean: AdminService is not allowed

              dlloyd@redhat.com David Lloyd
              shinzey shinzey shinzey (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: