9 Replies Latest reply on Oct 20, 2010 4:29 AM by Tina Ng

    Access denied (HTTP 403) to REASTEasy resource

    Donald Hook Newbie

      I used seamgen to create an application using Seam 2.2.0 running on JBoss 5.1.  I created a RESTEasy service but when I try to access it, I receive an HTTP 403 -  Access to the requested resource has been denied. 

      Looking at the restbay example, I have the jars properly deployed.  Not sure what config file needs to be updated to access the rest service.  The service is /seam/resource/rest/chart/2 - fairly straight forward.

      Any insight is appreciated.  Thanks

        • 1. Re: Access denied (HTTP 403) to REASTEasy resource
          Donald Hook Newbie

          I copied the PlainText example into my application and that works, so it looks as though it is related to something in how Seam is configured or lack thereof.  The RESTEasy service I created is a seam component.

          • 2. Re: Access denied (HTTP 403) to REASTEasy resource
            Magic Creative Novice

            I see your post is month and a half old. Did you find out why that happens? Exactly the same happens for me. Plain Text works, application/xml returns 403 Forbidden

            • 3. Re: Access denied (HTTP 403) to REASTEasy resource
              Rodrigo Uchoa Novice

              I'm have the exact same problem. Anyone can help?

              • 4. Re: Access denied (HTTP 403) to REASTEasy resource
                Ian Darwin Newbie

                I was also having this or a similar problem, although I switched from xml to text/plain and the problem still occurred. Turns out that XML is not the problem - I now have one that produces application/xml with no problem...

                I found that there appears to be a bug wherein injected Home/List components are null unless you put the unexpected (create=true)
                on the @In annotation; not sure why this is needed as the Home and List already exist.

                Incidentally I only found this by looking in the SERVER log file (e.g., the file /usr/local/jboss/server/default/log/server.log), not the standard output. So if any of you are still having this problem, a look in the server log file may be of interest as it often has more detail than the standard out.

                I've also noticed that Seam Components that are JaxRS resources do not appear to take part in hot deployment (ant explode does not reload them, ant restart does).

                • 5. Re: Access denied (HTTP 403) to REASTEasy resource
                  Jozef Hartinger Master

                  Could you file a JIRA issue and provide a testcase/simple app that shows the problem?

                  • 6. Re: Access denied (HTTP 403) to REASTEasy resource
                    Carey Foushee Newbie

                    I have the same problem when I try and execute a query with the entity manager.

                         private EntityManager entityManager;
                        public Response get(@PathParam("registrationCode") String registrationCode, 
                                  @QueryParam("key") String imei, ) {
                    // throws it when I exectute the query
                                   return true;
                              }catch(NoResultException ex){
                                   return false;

                    • 7. Re: Access denied (HTTP 403) to REASTEasy resource
                      Marcos Maia Newbie


                      I am developing my first seam application and it uses Seam Rest mostly accessed by devices. Android or IPhone applications. I have faced this situations 2 times, first one happened because of a seam injection I was trying on the rest service and when seam tried to construct the object do do the injection a required field was missing(null) and than in the client side(device) I received a 403 Forbidden, the second one I was trying to implement GSon (Google JSon parser) in the REST endpoint and it turned out that despite the fact I had added GSon libs to eclipse project I missed placing it to lib and adding it to deployed-jars-ear.list and a ClassNotFound was triggered at runtime in the REST endpoint which caused the client to also receive a 403 Forbidden, than so far what I have learned is.

                      1) As mentioned by Ian above in this thread about looking at the REAL server.log file is essential to find out what is the problem.

                      2) The error 403 Forbidden is standard returned by rest easy when you have some not expected errors happening at runtime in the REST service.

                      I would say the point 2 just mentioned is a bit confusing if you take a look at the HTTP return code specs ( http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html ) :

                      403 Forbidden

                      The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.

                      As per my understanding the error code returned should be 500, because it is specifically a internal server error. I believe this causes a lot of misunderstanding in this specific case for me as I spent plenty time in it, looking the client side code, wasted time.

                      Hope that help saving someone else time :)

                      I also believe this should be fixed, but I am not sure about where this should be done. Rest Easy?  JBoss Server?  Seam? who should deal with it?


                      • 8. Re: Access denied (HTTP 403) to REASTEasy resource
                        Nicholas DiPiazza Novice

                        THIS WAS THE CORRECT ANSWER FOR ME

                        This issue occurs when you try to use a variable that wasn't

                        set create equals true in the @In area for the field being used.

                        • 9. Re: Access denied (HTTP 403) to REASTEasy resource
                          Tina Ng Newbie

                          I also have the access denied HTTP 403 when I access the url who has my own defined request parameter and parameters generated by app. like cid, conversationPropagation as followed.


                          If I type myself only this


                          it works.

                          I tried to add create equals tru in all @In but it doesnt work for me.

                          Does anyone have idea?