Format exception message thrown by Spring security in filter chain

The setup: Resteasy + Spring Security on Tomcat. Data exchanged between client/server is in JSON format. Have exception mappers to return JSON formatted messages when the app throws any exception.

Goal: Always return properly formatted JSON error message from the server whenever something goes wrong.

What is happening: The Spring Security layer is invoked prior to a method foo() being invoked by the servlet container. If this layer fails (e.g. wrong user id), exception is thrown even before the servlet is invoked and hence the error is not properly formatted. Any idea how to get around this and return a JSON error in this case?

Thanks.

Portion of my web.xml if at all helpful:

<filter>
    <filter-name>securityPropagationFilter</filter-name>
    <filter-class>com.foo.bar.context.servlet.SecurityContextPropagationFilter</filter-class>
</filter>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.spring开发者_StackOverflow中文版framework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter>
    <filter-name>loggingFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>securityPropagationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>loggingFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<listener>
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>

<listener>
    <listener-class>
        org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap
    </listener-class>
</listener>

<servlet>
    <servlet-name>
        Resteasy
    </servlet-name>
    <servlet-class>
        org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher
    </servlet-class>
</servlet>

I got around this by adding the following to my web.xml

<error-page>
    <error-code>403</error-code>
    <location>403.json</location>
</error-page>

The flip side is, I will need one entry for every error code i need to handle. But I guess I'd have to do the same If I had to tweak the exception handlers in Spring too.

I would have to dig a bit deeper but you might be able to get this solved with an exception mapper either from RESTeasy or from within Spring.