Return HTTP 403 and 409 for IllegalArgumentException and IllegalStateException, respectively.

gk-brown · gk-brown · commit 99c38de185dd · 2019-09-08T07:56:21.000-04:00
diff --git a/README.md b/README.md
@@ -250,25 +250,8 @@ For example, a service might use the request to get the name of the current user
 
 The response object can also be used to produce a custom result. If a service method commits the response by writing to the output stream, the method's return value (if any) will be ignored by `WebService`. This allows a service to return content that cannot be easily represented as JSON, such as image data or other response formats such as XML.
 
-### Authorization
-Service requests can be authorized by overriding the following method:
-
-```java
-protected boolean isAuthorized(HttpServletRequest request, Method method) { ... }
-```
-
-The first argument contains the current request, and the second the service method to be invoked. If `isAuthorized()` returns `true` (the default), method execution will proceed. Otherwise, the method will not be invoked, and an HTTP 403 response will be returned.
-
 ### Exceptions
-If any exception is thrown by a service method, an HTTP 500 response will be returned. If the response has not yet been committed, the exception message will be returned as plain text in the response body. This allows a service to provide the caller with insight into the cause of the failure. For example:
-
-```java
-@RequestMethod("GET")
-@ResourcePath("error")
-public void generateError() throws Exception {
-    throw new Exception("This is an error message.");
-}
-```
+If an exception is thrown by a service method and the response has not yet been committed, the exception message (if any) will be returned as plain text in the response body. If the exception is an instance of `IllegalArgumentException`, an HTTP 403 response will be returned. For `IllegalStateException`, HTTP 409 will be returned. For any other exception type, HTTP 500 will be returned. 
 
 ### API Documentation
 API documentation can be viewed by appending "?api" to a service URL; for example:
diff --git a/httprpc-test/src/main/java/org/httprpc/test/TestService.java b/httprpc-test/src/main/java/org/httprpc/test/TestService.java
@@ -214,7 +214,7 @@ public void testDeprecated() {
     @RequestMethod("GET")
     @ResourcePath("unauthorized")
     public void testUnauthorized() {
-        // No-op
+        throw new IllegalArgumentException();
     }
 
     @RequestMethod("GET")
@@ -229,11 +229,4 @@ public int testTimeout(int value, int delay) throws InterruptedException {
 
         return value;
     }
-
-    @Override
-    protected boolean isAuthorized(HttpServletRequest request, Method method) {
-        String pathInfo = request.getPathInfo();
-
-        return (pathInfo == null || !pathInfo.endsWith("unauthorized"));
-    }
 }
diff --git a/httprpc/build.gradle b/httprpc/build.gradle
@@ -19,7 +19,7 @@ plugins {
 }
 
 group = 'org.httprpc'
-version = '6.3.5'
+version = '6.4'
 
 repositories {
     mavenCentral()
diff --git a/httprpc/src/main/java/org/httprpc/WebService.java b/httprpc/src/main/java/org/httprpc/WebService.java
@@ -302,11 +302,6 @@ protected void service(HttpServletRequest request, HttpServletResponse response)
             return;
         }
 
-        if (!isAuthorized(request, handler.method)) {
-            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
-            return;
-        }
-
         HashMap<String, String> keyMap = new HashMap<>();
 
         for (int i = 0, n = keyList.size(); i < n; i++) {
@@ -333,13 +328,28 @@ protected void service(HttpServletRequest request, HttpServletResponse response)
                 Throwable cause = exception.getCause();
 
                 if (cause != null) {
-                    response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-                    response.setContentType(String.format("text/plain;charset=%s", UTF_8));
+                    int status;
+                    if (cause instanceof IllegalArgumentException) {
+                        status = HttpServletResponse.SC_FORBIDDEN;
+                    } else if (cause instanceof IllegalStateException) {
+                        status = HttpServletResponse.SC_CONFLICT;
+                    } else {
+                        status = HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
+                    }
+
+                    response.setStatus(status);
 
-                    PrintWriter writer = response.getWriter();
+                    String message = cause.getMessage();
 
-                    writer.append(cause.getMessage());
-                    writer.flush();
+                    if (message != null) {
+                        response.setContentType(String.format("text/plain;charset=%s", UTF_8));
+
+                        PrintWriter writer = response.getWriter();
+
+                        writer.append(message);
+
+                        writer.flush();
+                    }
 
                     return;
                 } else {
@@ -570,23 +580,6 @@ protected String getKey(String name) {
         return keyMap.get().get(name);
     }
 
-    /**
-     * Determines if the current request is authorized.
-     *
-     * @param request
-     * The servlet request.
-     *
-     * @param method
-     * The method to be invoked.
-     *
-     * @return
-     * <tt>true</tt> if the method should be invoked; <tt>false</tt>,
-     * otherwise.
-     */
-    protected boolean isAuthorized(HttpServletRequest request, Method method) {
-        return true;
-    }
-
     /**
      * Encodes the result of a service operation.
      *

Original file line number	Diff line number	Diff line change
`@@ -214,7 +214,7 @@ public void testDeprecated() {`
`214`	`214`	`@RequestMethod("GET")`
`215`	`215`	`@ResourcePath("unauthorized")`
`216`	`216`	`public void testUnauthorized() {`
`217`		`- // No-op`
	`217`	`+ throw new IllegalArgumentException();`
`218`	`218`	`}`
`219`	`219`
`220`	`220`	`@RequestMethod("GET")`
`@@ -229,11 +229,4 @@ public int testTimeout(int value, int delay) throws InterruptedException {`
`229`	`229`
`230`	`230`	`return value;`
`231`	`231`	`}`
`232`		`-`
`233`		`- @Override`
`234`		`- protected boolean isAuthorized(HttpServletRequest request, Method method) {`
`235`		`- String pathInfo = request.getPathInfo();`
`236`		`-`
`237`		`- return (pathInfo == null \|\| !pathInfo.endsWith("unauthorized"));`
`238`		`- }`
`239`	`232`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ plugins {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`group = 'org.httprpc'`
`22`		`-version = '6.3.5'`
	`22`	`+version = '6.4'`
`23`	`23`
`24`	`24`	`repositories {`
`25`	`25`	`mavenCentral()`