[
https://issues.apache.org/jira/browse/CXF-4934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13619499#comment-13619499
]
Fran Pregernik commented on CXF-4934:
-------------------------------------
Hi,
thank you for your effort. I just started configuring Spring Security and
chances are high that I misconfigured something - ignore that :D
You are right, there is no need to use the generic form of CrudService. Now I
have two workarounds for this issue.
To generalize this in the future maybe you could find out how is it that the
proxy invocation handler resolves and calls the method on the proxy without
problems and use that in CXF. Maybe Spring Security took into account the
generic parameter when creating the proxy wrapper, created the proper method
signature and that is why the call works (just speculating).
That being said I am satisfied with the workarounds so you can treat this issue
as you see fit.
> JAXRSInvoker and Proxy classes (Spring Security)
> ------------------------------------------------
>
> Key: CXF-4934
> URL: https://issues.apache.org/jira/browse/CXF-4934
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 2.7.3, 2.8.0
> Environment: Spring framework ver 3.1.3.RELEASE
> Reporter: Fran Pregernik
> Priority: Minor
> Labels: invoker, newbie, proxy, rest, springsecurity
> Attachments: web-template.zip
>
>
> Hi,
> I am aware of other tickets regarding the proxy invocation issues.
> During development I noticed an exception popping up:
> IllegalArgumentException: object not instance of class
> I narrowed it down to AbstractInvoker.java:performInvocation(Exchange
> exchange, Object serviceObject, Method m, Object[] paramArray)
> This kept happening whenever I added a @Secured annotation to a rest method.
> This annotation caused a Spring Security AOP Proxy to be passed to the
> default Invoker (JAXRSInvoker.java) instead of the original target class.
> Which is fine.
> The problem (I think) is in the method performInvocation. The serviceObject
> parameter is a reference to the Proxy and not the target class causing the
> line:
> {noformat}
> return m.invoke(serviceObject, paramArray);
> {noformat}
> to fail with the above mentioned error.
> I resolved this by extending JAXRSInvoker and registering it via:
> {noformat}
> <jaxrs:invoker>
> <bean class="hr.altima.web.security.SpringSecurityInvokerProxy"/>
> </jaxrs:invoker>
> {noformat}
> and overriding the performInvocation method like so:
> {noformat}
> public class SpringSecurityInvokerProxy extends JAXRSInvoker {
> @Override
> protected Object performInvocation(Exchange exchange, Object
> serviceObject, Method m, Object[] paramArray) throws Exception {
> paramArray = insertExchange(m, paramArray, exchange);
> if (serviceObject instanceof Proxy) {
> try {
> return
> Proxy.getInvocationHandler(serviceObject).invoke(serviceObject, m,
> paramArray);
> } catch (Throwable throwable) {
> throw new Exception("Proxy invocation threw an exception",
> throwable);
> }
> } else {
> return m.invoke(serviceObject, paramArray);
> }
> }
> }
> {noformat}
> My reasoning is that you want to call the proxied method (security check) and
> not the target method directly but the call through proxies should be done
> differently.
> I am not saying this is the correct way to invoke proxies but it works for
> this situation although I prefer this to be built in the CXF lib.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
