Authorization Interceptor

Hi guys

I have the an Authorization Interceptor that only allows something to proceed if it it has the correct role.

This is implemented as follows:

public class AuthorizationInterceptor { @AroundInvoke public Object authenticate(InvocationContext context) throws Exception{ if (!SecurityUtils.getSubject().hasRole("admin")){ StringBuilder exBuilder = new StringBuilder(); exBuilder.append("User: \'"); exBuilder.append(SecurityUtils.getSubject().getPrincipal().toString()); exBuilder.append("\' is not authorized to use this resource"); throw new SecurityException(exBuilder.toString()); } return context.proceed(); } }

Here is a simple example of something that the interceptor will go around.

@Interceptors({AuthorizationInterceptor.class}) @Path("/message") @Stateless public class PersonalisedHelloResource { @GET @Produces(MediaType.TEXT_PLAIN) public String sayHello() { return "hello "+SecurityUtils.getSubject().getPrincipal().toString() +"!"; } }


This works correctly, however the Application Server returns a HTTP 500 exception.
How would I make the server return a HTTP 401 (Unauthorised) Exception instead of the 501?