-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong class registered in jaxrs feature #1383
Comments
…text [#1383] bugfix: fix exception mapper type from registered features
There may still be something wrong with this...? I tried the current main snapshot today and my unit tests were flipped: The test expecting status code 401 got 403 and the test expecting status code 403 got 401. I tried the snapshot since I got failing unit tests when using shiro 2.0.0: https://lists.apache.org/thread/fwslydgdtnscv5tg6yqgnx88zdl50gco With shiro 2.0.0 I got 401 Unauthorized responses where I was expecting 403 Forbidden (accessing rest endpoint with a logged in user without the required role) and I got UnauthenticatedException where I was expecting a 401 Unauthorized response. But with a snapshot built from the current main I no longer got UnauthenticatedException, but the tests expected 401 and 403 status code got unexpected results (the actual values of the tests were flipped wrt the expected values).
Here is the shiro-jaxrs annotated jersey resource used by the tests: https://github.com/steinarb/servlet/blob/master/servlet/servlet.jersey/src/test/java/no/priv/bang/servlet/jersey/test/resources/ProtectedHelloResource.java#L13 Here is the shiro.ini file defining the users and role used by the tests: https://github.com/steinarb/servlet/blob/master/servlet/servlet.jersey/src/test/resources/test.shiro.ini |
The mapper code in shiro-jaxrs looks OK. The exceptions both inherit from the same class but not from each other so there shouldn't be one mapper "eating" the exceptions of the other. And my tests seem to do the right thing...? (though, I am open to the fact that I may be wrong...?). But if the mappers are OK and my tests are OK: are the wrong exceptions thrown by something? |
[#1383] bugfix(jax-rs): unauthenticated vs. authorized HTTP response codes we…
…er and UnauthorizedExceptionExceptionMapper to show correct return codes relates to apache#1383
shiro/support/jaxrs/src/main/java/org/apache/shiro/web/jaxrs/ShiroFeature.java
Line 60 in 7512358
It should be UnauthenticatedExceptionExceptionMapper not UnauthenticatedException
The text was updated successfully, but these errors were encountered: