[
https://issues.apache.org/jira/browse/CXF-4934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13617579#comment-13617579
]
Sergey Beryozkin commented on CXF-4934:
---------------------------------------
Hi - thanks for reporting the issue - good the see you've found a workaround.
I've thought we've had most of these issues resolved - for example, see
http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/SecureBookInterface.java
this interface is implemented by
http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/SecureBookStore.java
and is referenced here:
http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_security/WEB-INF/beans.xml
I wonder what is different in your case ?
> JAXRSInvoker and Proxy classes (Spring Security)
> ------------------------------------------------
>
> Key: CXF-4934
> URL: https://issues.apache.org/jira/browse/CXF-4934
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.7.3, 2.8.0
> Environment: Spring framework ver 3.1.3.RELEASE
> Reporter: Fran Pregernik
> Priority: Minor
> Labels: invoker, newbie, proxy, rest, springsecurity
>
> Hi,
> I am aware of other tickets regarding the proxy invocation issues.
> During development I noticed an exception popping up:
> IllegalArgumentException: object not instance of class
> I narrowed it down to AbstractInvoker.java:performInvocation(Exchange
> exchange, Object serviceObject, Method m, Object[] paramArray)
> This kept happening whenever I added a @Secured annotation to a rest method.
> This annotation caused a Spring Security AOP Proxy to be passed to the
> default Invoker (JAXRSInvoker.java) instead of the original target class.
> Which is fine.
> The problem (I think) is in the method performInvocation. The serviceObject
> parameter is a reference to the Proxy and not the target class causing the
> line:
> {noformat}
> return m.invoke(serviceObject, paramArray);
> {noformat}
> to fail with the above mentioned error.
> I resolved this by extending JAXRSInvoker and registering it via:
> {noformat}
> <jaxrs:invoker>
> <bean class="hr.altima.web.security.SpringSecurityInvokerProxy"/>
> </jaxrs:invoker>
> {noformat}
> and overriding the performInvocation method like so:
> {noformat}
> public class SpringSecurityInvokerProxy extends JAXRSInvoker {
> @Override
> protected Object performInvocation(Exchange exchange, Object
> serviceObject, Method m, Object[] paramArray) throws Exception {
> paramArray = insertExchange(m, paramArray, exchange);
> if (serviceObject instanceof Proxy) {
> try {
> return
> Proxy.getInvocationHandler(serviceObject).invoke(serviceObject, m,
> paramArray);
> } catch (Throwable throwable) {
> throw new Exception("Proxy invocation threw an exception",
> throwable);
> }
> } else {
> return m.invoke(serviceObject, paramArray);
> }
> }
> }
> {noformat}
> My reasoning is that you want to call the proxied method (security check) and
> not the target method directly but the call through proxies should be done
> differently.
> I am not saying this is the correct way to invoke proxies but it works for
> this situation although I prefer this to be built in the CXF lib.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
