1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19 package org.apache.shiro.web.jaxrs;
20
21
22 import org.apache.shiro.authz.AuthorizationException;
23 import org.apache.shiro.authz.UnauthorizedException;
24
25 import javax.ws.rs.core.Response;
26 import javax.ws.rs.core.Response.Status;
27
28 /**
29 * JAX-RS exception mapper used to map Shiro {@link AuthorizationExceptions} to HTTP status codes.
30 * {@link UnauthorizedException} will be mapped to 403, all others 401.
31 * @since 1.4
32 */
33 public class ExceptionMapper implements javax.ws.rs.ext.ExceptionMapper<AuthorizationException> {
34
35 @Override
36 public Response toResponse(AuthorizationException exception) {
37
38 Status status;
39
40 if (exception instanceof UnauthorizedException) {
41 status = Status.FORBIDDEN;
42 } else {
43 status = Status.UNAUTHORIZED;
44 }
45
46 return Response.status(status).build();
47 }
48 }