AuthorizationExceptionMapper.java

/*
 * Copyright (C) 2013 Intel Corporation
 * All rights reserved.
 */
package com.intel.mtwilson.shiro;

//import com.intel.mtwilson.i18n.ErrorMessage;
//import com.intel.mtwilson.datatypes.ErrorCode;
//import com.intel.mtwilson.util.ErrorResponse;
//import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.ext.ExceptionMapper;
import javax.ws.rs.ext.Provider;
import org.apache.shiro.ShiroException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 *
 * @author jbuhacoff
 */
@Provider
//@Component
public class AuthorizationExceptionMapper implements ExceptionMapper<ShiroException> {
    private static Logger log = LoggerFactory.getLogger(AuthorizationExceptionMapper.class);
    
//    @Context private HttpServletRequest request;
    
    @Override
    public Response toResponse(ShiroException e) {
        log.debug("Shiro {}: {}", e.getClass().getName(), e.getMessage(), e);
//        ErrorMessage message = new ErrorMessage(ErrorCode.HTTP_UNAUTHORIZED); // we specifically do not provide any details to the client, to avoid accidentally aiding an attacker; all details are in the server log for the administrator
        
//        Response response = Response.status(Status.UNAUTHORIZED).entity(new ErrorResponse(message)).type(MediaType.APPLICATION_JSON_TYPE).build();
        Response response = Response.status(Status.UNAUTHORIZED).build();
        return response;
    }
    
}