quarkus: SecurityExceptions thrown in Panache Before/After Listeners result in Internal Server errors

Describe the bug

Throwing an io.quarkus.security.ForbiddenException in onBeforeAdd listener results in an Internal Server error.

Expected behavior

The endpoint should return 403 with the message provided to the ForbiddenException

Actual behavior

A 500 response is sent.

How to Reproduce?

No response

Output of `uname -a` or `ver`

No response

Output of `java -version`

No response

GraalVM version (if different from Java)

No response

Quarkus version or git rev

No response

Build tool (ie. output of `mvnw --version` or `gradlew --version`)

No response

Additional information

No response

About this issue

Original URL
State: open
Created a year ago
Comments: 18 (8 by maintainers)

Commits related to this issue

Bubble up WebApplicationExceptions in RestDataResourceMethodListener implementations - Fixes #35169 — committed to gastaldi/quarkus by gastaldi 9 months ago

Most upvoted comments

I usually do that by adding this to the application.properties:

quarkus.log.category."org.jboss.resteasy.resteasy_jaxrs.i18n".level=OFF

+1

gastaldi on Sep 21, 2023

Read more comments on GitHub

← quarkus: RunTimeMappingsConfigBuilder failures (native build/tests) with 2.16.4

quarkus: Selecting OIDC tenant via annotation is not working with RESTEasy Reactive →