There are a few different ways that I know of to do filtering in Jersey
(not part of the JAX-RS standard). The way you register your filter
implementations varies depending on how you're hosting Jersey (as a
regular servlet configured in web.xml, inside Guice Servlet, etc).

1. You can register implementations ContainerRequestFilter and
ContainerResponseFilter. This is suitable for filtering tasks that
aren't specific to an individual JAX-RS resource. You do not get access
to information about which specific AbstractResourceMethod is invoked.
This class of filter is useful for app-wide tasks like inspecting
authentication credentials.

2. ResourceFilterFactory is a mechanism by which filtering can be
customized for each resource method. Your implementation can create
Container[Request|Response]Filter instances (via ResourceFilter) that
are specific to each AbstractMethod. AbstractMethod (and its various
subclasses) provide easy access to the java.lang.Class of the resource,
etc. This is used by
com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory to
look for JSR-250 annotations on classes or methods and to permit or
allow requests as appropriate.

3. ResourceMethodDispatchAdapter lets you wrap
ResourceMethodDispatchProvider implementations. This gives you the
opportunity to wrap the actual invocation of the resource method the way
javax.servlet.Filter lets you. It's a little more awkward to use than
servlet filters out of the box, but I didn't have any trouble building
up a little infrastructure to allow easy registration of generic servlet
filter-style classes.

InstrumentedResourceMethodDispatchAdapter in
https://github.com/codahale/metrics/tree/master/metrics-jersey/src/main/java/com/yammer/metrics/jersey
uses this approach to get timing information.


Check out the implementations of those various interfaces that come
bundled with Jersey for more ideas on how to use them.

-Marshall

Aside from JAX-RS hooks, perhaps you should do this at "plain old
Servlet" level -- JAX-RS is hooked via Servlet API, and many of
cross-cutting concerns may be easier to tackle at that level.

-+ Tatu +-

Thank you Marshall and Tatu for your excellent responses! :-)

I had an additional idea last night, which seems to have the benefit of
being JAX-RS standard:

The constructor for a Resource is ordinarily invoked on a per-request
basis prior to any method that handles a request for it, yielding way
to hook in-bound filter logic at a coarser granularity than a method
(but finer than a urlPatterns specification).

When a Resource constructor is not invoked on a per-request basis, it
is because a method of another Resource is responsible for its
lifecycle, and the constructor for that Resource is invoked on a
per-request basis. Also, in this case the method itself which is
managing the lifecycle for the Resource is itself another hook for
filter logic (both in-bound and out-bound) at a granularity coarser
than a method but finer than a urlPatterns specification.

Any opinion on this approach?

I'm not sure my thanks in my earlier post made it to the list. I
really appreciate the thorough answer Marshall, and thanks Tatu for the
icing on the cake :-)