Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong class registered in jaxrs feature #1383

Closed
zenios opened this issue Mar 23, 2024 · 2 comments · Fixed by #1384 or #1487
Closed

Wrong class registered in jaxrs feature #1383

zenios opened this issue Mar 23, 2024 · 2 comments · Fixed by #1384 or #1487
Assignees
@lprimak
Labels
jakartaee Jakarta EE java Pull requests that update Java code
Milestone
2.0.1

Comments

@zenios
Copy link

zenios commented Mar 23, 2024

shiro/support/jaxrs/src/main/java/org/apache/shiro/web/jaxrs/ShiroFeature.java

Line 60 in 7512358

context.register(UnauthenticatedException.class);

It should be UnauthenticatedExceptionExceptionMapper not UnauthenticatedException
@lprimak lprimak mentioned this issue Mar 23, 2024
Merged
10 tasks
@lprimak lprimak added this to the 2.0.1 milestone Mar 23, 2024
@lprimak lprimak added java Pull requests that update Java code jakartaee Jakarta EE labels Mar 23, 2024
@lprimak lprimak self-assigned this Mar 23, 2024
lprimak added a commit that referenced this issue Mar 25, 2024
@lprimak
Merge pull request #1384 from lprimak/remove-exception-from-jaxrs-con…
e577150 
…text

[#1383] bugfix: fix exception mapper type from registered features
@steinarb
Copy link
Contributor

steinarb commented May 20, 2024
edited
Loading

There may still be something wrong with this...?

I tried the current main snapshot today and my unit tests were flipped: The test expecting status code 401 got 403 and the test expecting status code 403 got 401.

I tried the snapshot since I got failing unit tests when using shiro 2.0.0: https://lists.apache.org/thread/fwslydgdtnscv5tg6yqgnx88zdl50gco

With shiro 2.0.0 I got 401 Unauthorized responses where I was expecting 403 Forbidden (accessing rest endpoint with a logged in user without the required role) and I got UnauthenticatedException where I was expecting a 401 Unauthorized response.

But with a snapshot built from the current main I no longer got UnauthenticatedException, but the tests expected 401 and 403 status code got unexpected results (the actual values of the tests were flipped wrt the expected values).

Here is the shiro-jaxrs annotated jersey resource used by the tests: https://github.com/steinarb/servlet/blob/master/servlet/servlet.jersey/src/test/java/no/priv/bang/servlet/jersey/test/resources/ProtectedHelloResource.java#L13

Here is the shiro.ini file defining the users and role used by the tests: https://github.com/steinarb/servlet/blob/master/servlet/servlet.jersey/src/test/resources/test.shiro.ini
@steinarb
Copy link
Contributor

The mapper code in shiro-jaxrs looks OK. The exceptions both inherit from the same class but not from each other so there shouldn't be one mapper "eating" the exceptions of the other.

And my tests seem to do the right thing...? (though, I am open to the fact that I may be wrong...?).

But if the mappers are OK and my tests are OK: are the wrong exceptions thrown by something?
@lprimak lprimak mentioned this issue May 20, 2024
Merged
10 tasks
@lprimak lprimak reopened this May 20, 2024
lprimak added a commit that referenced this issue May 21, 2024
@lprimak
Merge pull request #1487 from lprimak/jaxrs-response-flipped
7f7743d 
[#1383] bugfix(jax-rs): unauthenticated vs. authorized HTTP response codes we…
lprimak added a commit to lprimak/shiro that referenced this issue May 22, 2024
@lprimak
bugfix(docs): fixed comments in UnauthenticatedExceptionExceptionMapp…
9db8fd1 
…er and UnauthorizedExceptionExceptionMapper to show correct return codes

relates to apache#1383
@steinarb steinarb mentioned this issue May 26, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
jakartaee Jakarta EE java Pull requests that update Java code
3 participants
@zenios @steinarb @lprimak