1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 package org.apache.shiro.web.jaxrs; 20 21 22 import org.apache.shiro.authz.AuthorizationException; 23 import org.apache.shiro.authz.UnauthorizedException; 24 25 import javax.ws.rs.core.Response; 26 import javax.ws.rs.core.Response.Status; 27 28 /** 29 * JAX-RS exception mapper used to map Shiro {@link AuthorizationExceptions} to HTTP status codes. 30 * {@link UnauthorizedException} will be mapped to 403, all others 401. 31 * @since 1.4 32 */ 33 public class ExceptionMapper implements javax.ws.rs.ext.ExceptionMapper<AuthorizationException> { 34 35 @Override 36 public Response toResponse(AuthorizationException exception) { 37 38 Status status; 39 40 if (exception instanceof UnauthorizedException) { 41 status = Status.FORBIDDEN; 42 } else { 43 status = Status.UNAUTHORIZED; 44 } 45 46 return Response.status(status).build(); 47 } 48 }