A
adamcrume
I have a Java bean web service which has different required roles per
method. (In one case, the required role even varies depending on the
parameters.) Since this can't be done declaratively, I'm calling
ServletEndpointContext.isUserInRole(String roleName) and throwing a
SecurityException if they're not. This works, but it returns an HTTP
status of 500. I would rather return the more appropriate status
403. Does anyone know how to do this without resorting to tricks like
using a filter and a ThreadLocal?
method. (In one case, the required role even varies depending on the
parameters.) Since this can't be done declaratively, I'm calling
ServletEndpointContext.isUserInRole(String roleName) and throwing a
SecurityException if they're not. This works, but it returns an HTTP
status of 500. I would rather return the more appropriate status
403. Does anyone know how to do this without resorting to tricks like
using a filter and a ThreadLocal?