Discussion:
How to reject all POST/PUT/DELETE requests
Pengfei Di
2012-01-26 14:02:41 UTC
Permalink
Hello,

Is there any way to configure jersey to a read-only mode? That means
only GET requests are allowed, and all POST/PUT/DELETE requests will be
rejected.
Thanks for any hints.

Pengfei
Igor Skornyakov
2012-01-26 14:09:51 UTC
Permalink
For example you can use Guice interceptor.
Post by Pengfei Di
Hello,
Is there any way to configure jersey to a read-only mode? That means only
GET requests are allowed, and all POST/PUT/DELETE requests will be rejected.
Thanks for any hints.
Pengfei
John Yeary
2012-01-26 14:09:59 UTC
Permalink
That is very easy. Simply configure your methods with @GET and @Produces
annotations. Any method like PUT, DELETE, or POST will automatically return
a 405 - Method Not Allowed response.
____________________________

John Yeary
____________________________

<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary>
<http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary>
<https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary>
<http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________

"Far better it is to dare mighty things, to win glorious triumphs, even
though checkered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the gray twilight
that knows not victory nor defeat."
-- Theodore Roosevelt
Post by Pengfei Di
Hello,
Is there any way to configure jersey to a read-only mode? That means only
GET requests are allowed, and all POST/PUT/DELETE requests will be rejected.
Thanks for any hints.
Pengfei
Pengfei Di
2012-01-26 14:27:43 UTC
Permalink
Hi John,

Thanks for the reply.
Yes, your method might be the straightest way. However, this means that
I have to code it hardly on many places. If I want to again allow these
requests, I have to recoded all these places back.
Hmm, I hope there would be a simpler way.

Pengfei
@Produces annotations. Any method like PUT, DELETE, or POST will
automatically return a 405 - Method Not Allowed response.
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary>
<http://www.youtube.com/johnyeary> <http://www.linkedin.com/in/jyeary>
<https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary>
<http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious triumphs,
even though checkered by failure, than to take rank with those poor
spirits who neither enjoy much nor suffer much, because they live in
the gray twilight that knows not victory nor defeat."
-- Theodore Roosevelt
Hello,
Is there any way to configure jersey to a read-only mode? That
means only GET requests are allowed, and all POST/PUT/DELETE
requests will be rejected.
Thanks for any hints.
Pengfei
Igor Skornyakov
2012-01-26 14:34:52 UTC
Permalink
As I wrote before there is such method. Define Guice module like that

class ReadOnlyModule extends AbstractModule {
@Override
protected void configure() {
MethodInterceptor blocker = new ChangeBlocker();
bindInterceptor(Matchers.any(), Matchers.annotatedWith(POST.class),
blocker);
bindInterceptor(Matchers.any(), Matchers.annotatedWith(PUT.class),
blocker);
bindInterceptor(Matchers.any(),
Matchers.annotatedWith(DELETE.class), blocker);
}

}

Here ChangeBlocker just throws an appropriate Exception. That's it. You can
install ot not install this module based on configuration.
Post by Pengfei Di
**
Hi John,
Thanks for the reply.
Yes, your method might be the straightest way. However, this means that I
have to code it hardly on many places. If I want to again allow these
requests, I have to recoded all these places back.
Hmm, I hope there would be a simpler way.
Pengfei
annotations. Any method like PUT, DELETE, or POST will automatically return
a 405 - Method Not Allowed response.
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary> <http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary> <https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary> <http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious triumphs, even
though checkered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the gray twilight
that knows not victory nor defeat."
-- Theodore Roosevelt
Post by Pengfei Di
Hello,
Is there any way to configure jersey to a read-only mode? That means only
GET requests are allowed, and all POST/PUT/DELETE requests will be rejected.
Thanks for any hints.
Pengfei
John Yeary
2012-01-26 14:37:58 UTC
Permalink
I just saw Igor's method which looks like it may work, but requires Guice.
My suggestion does not require any external frameworks.

If you are familiar with Guice his suggestion may be the path you would
want to take.

John
____________________________

John Yeary
____________________________

<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary>
<http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary>
<https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary>
<http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________

"Far better it is to dare mighty things, to win glorious triumphs, even
though checkered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the gray twilight
that knows not victory nor defeat."
-- Theodore Roosevelt



On Thu, Jan 26, 2012 at 9:34 AM, Igor Skornyakov
Post by Igor Skornyakov
As I wrote before there is such method. Define Guice module like that
class ReadOnlyModule extends AbstractModule {
@Override
protected void configure() {
MethodInterceptor blocker = new ChangeBlocker();
bindInterceptor(Matchers.any(),
Matchers.annotatedWith(POST.class), blocker);
bindInterceptor(Matchers.any(), Matchers.annotatedWith(PUT.class),
blocker);
bindInterceptor(Matchers.any(),
Matchers.annotatedWith(DELETE.class), blocker);
}
}
Here ChangeBlocker just throws an appropriate Exception. That's it. You
can install ot not install this module based on configuration.
Post by Pengfei Di
**
Hi John,
Thanks for the reply.
Yes, your method might be the straightest way. However, this means that I
have to code it hardly on many places. If I want to again allow these
requests, I have to recoded all these places back.
Hmm, I hope there would be a simpler way.
Pengfei
annotations. Any method like PUT, DELETE, or POST will automatically return
a 405 - Method Not Allowed response.
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary> <http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary> <https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary> <http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious triumphs, even
though checkered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the gray twilight
that knows not victory nor defeat."
-- Theodore Roosevelt
Post by Pengfei Di
Hello,
Is there any way to configure jersey to a read-only mode? That means
only GET requests are allowed, and all POST/PUT/DELETE requests will be
rejected.
Thanks for any hints.
Pengfei
Igor Skornyakov
2012-01-26 14:48:21 UTC
Permalink
That's correct. Actually any AOP frameworks will work. In fact I think that
this is the most natural approach as the problem looks like a textbook
example of cross-cutting concern.
Regards,
Igor.
Post by John Yeary
I just saw Igor's method which looks like it may work, but requires Guice.
My suggestion does not require any external frameworks.
If you are familiar with Guice his suggestion may be the path you would
want to take.
John
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary> <http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary> <https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary> <http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious triumphs, even
though checkered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the gray twilight
that knows not victory nor defeat."
-- Theodore Roosevelt
On Thu, Jan 26, 2012 at 9:34 AM, Igor Skornyakov <
Post by Igor Skornyakov
As I wrote before there is such method. Define Guice module like that
class ReadOnlyModule extends AbstractModule {
@Override
protected void configure() {
MethodInterceptor blocker = new ChangeBlocker();
bindInterceptor(Matchers.any(),
Matchers.annotatedWith(POST.class), blocker);
bindInterceptor(Matchers.any(),
Matchers.annotatedWith(PUT.class), blocker);
bindInterceptor(Matchers.any(),
Matchers.annotatedWith(DELETE.class), blocker);
}
}
Here ChangeBlocker just throws an appropriate Exception. That's it. You
can install ot not install this module based on configuration.
Post by Pengfei Di
**
Hi John,
Thanks for the reply.
Yes, your method might be the straightest way. However, this means that
I have to code it hardly on many places. If I want to again allow these
requests, I have to recoded all these places back.
Hmm, I hope there would be a simpler way.
Pengfei
annotations. Any method like PUT, DELETE, or POST will automatically return
a 405 - Method Not Allowed response.
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary> <http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary> <https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary> <http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious triumphs, even
though checkered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the gray twilight
that knows not victory nor defeat."
-- Theodore Roosevelt
Post by Pengfei Di
Hello,
Is there any way to configure jersey to a read-only mode? That means
only GET requests are allowed, and all POST/PUT/DELETE requests will be
rejected.
Thanks for any hints.
Pengfei
Pengfei Di
2012-01-26 15:05:47 UTC
Permalink
Hi Igor, Hi John

thanks a lot for your advises.
I would have a look at Guice.

Pengfei
Post by Igor Skornyakov
That's correct. Actually any AOP frameworks will work. In fact I think
that this is the most natural approach as the problem looks like a
textbook example of cross-cutting concern.
Regards,
Igor.
I just saw Igor's method which looks like it may work, but
requires Guice. My suggestion does not require any external
frameworks.
If you are familiar with Guice his suggestion may be the path you
would want to take.
John
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary>
<http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary>
<https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary>
<http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious triumphs,
even though checkered by failure, than to take rank with those
poor spirits who neither enjoy much nor suffer much, because they
live in the gray twilight that knows not victory nor defeat."
-- Theodore Roosevelt
On Thu, Jan 26, 2012 at 9:34 AM, Igor Skornyakov
As I wrote before there is such method. Define Guice module like that
class ReadOnlyModule extends AbstractModule {
@Override
protected void configure() {
MethodInterceptor blocker = new ChangeBlocker();
bindInterceptor(Matchers.any(),
Matchers.annotatedWith(POST.class), blocker);
bindInterceptor(Matchers.any(),
Matchers.annotatedWith(PUT.class), blocker);
bindInterceptor(Matchers.any(),
Matchers.annotatedWith(DELETE.class), blocker);
}
}
Here ChangeBlocker just throws an appropriate Exception.
That's it. You can install ot not install this module based on
configuration.
On Thu, Jan 26, 2012 at 6:27 PM, Pengfei Di
Hi John,
Thanks for the reply.
Yes, your method might be the straightest way. However,
this means that I have to code it hardly on many places.
If I want to again allow these requests, I have to recoded
all these places back.
Hmm, I hope there would be a simpler way.
Pengfei
Post by John Yeary
That is very easy. Simply configure your methods with
@GET and @Produces annotations. Any method like PUT,
DELETE, or POST will automatically return a 405 - Method
Not Allowed response.
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/>
<https://twitter.com/jyeary>
<http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary>
<https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary>
<http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog> <http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious
triumphs, even though checkered by failure, than to take
rank with those poor spirits who neither enjoy much nor
suffer much, because they live in the gray twilight that
knows not victory nor defeat."
-- Theodore Roosevelt
On Thu, Jan 26, 2012 at 9:02 AM, Pengfei Di
Hello,
Is there any way to configure jersey to a read-only
mode? That means only GET requests are allowed, and
all POST/PUT/DELETE requests will be rejected.
Thanks for any hints.
Pengfei
Pavel Bucek
2012-01-26 15:29:19 UTC
Permalink
What about implementing ContainerRequestFilter and taking care of
unwanted request there?

Something like
public class MyContainerRequestFilter implements
ContainerRequestFilter {
@Override
public ContainerRequest filter(ContainerRequest request) {
if(!request.getMethod().equals("GET")) {
throw new
WebApplicationException(Response.status(405).build());
}

return request;
}
}

see
http://jersey.java.net/nonav/apidocs/1.11/jersey/com/sun/jersey/spi/container/ContainerRequestFilter.html

Pavel
Post by Pengfei Di
Hi Igor, Hi John
thanks a lot for your advises.
I would have a look at Guice.
Pengfei
Post by Igor Skornyakov
That's correct. Actually any AOP frameworks will work. In fact I
think that this is the most natural approach as the problem looks
like a textbook example of cross-cutting concern.
Regards,
Igor.
I just saw Igor's method which looks like it may work, but
requires Guice. My suggestion does not require any external
frameworks.
If you are familiar with Guice his suggestion may be the path you
would want to take.
John
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/>
<https://twitter.com/jyeary> <http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary>
<https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary>
<http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious
triumphs, even though checkered by failure, than to take rank
with those poor spirits who neither enjoy much nor suffer much,
because they live in the gray twilight that knows not victory nor
defeat."
-- Theodore Roosevelt
On Thu, Jan 26, 2012 at 9:34 AM, Igor Skornyakov
As I wrote before there is such method. Define Guice module like that
class ReadOnlyModule extends AbstractModule {
@Override
protected void configure() {
MethodInterceptor blocker = new ChangeBlocker();
bindInterceptor(Matchers.any(),
Matchers.annotatedWith(POST.class), blocker);
bindInterceptor(Matchers.any(),
Matchers.annotatedWith(PUT.class), blocker);
bindInterceptor(Matchers.any(),
Matchers.annotatedWith(DELETE.class), blocker);
}
}
Here ChangeBlocker just throws an appropriate Exception.
That's it. You can install ot not install this module based
on configuration.
On Thu, Jan 26, 2012 at 6:27 PM, Pengfei Di
Hi John,
Thanks for the reply.
Yes, your method might be the straightest way. However,
this means that I have to code it hardly on many places.
If I want to again allow these requests, I have to
recoded all these places back.
Hmm, I hope there would be a simpler way.
Pengfei
Post by John Yeary
That is very easy. Simply configure your methods with
@GET and @Produces annotations. Any method like PUT,
DELETE, or POST will automatically return a 405 - Method
Not Allowed response.
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/>
<https://twitter.com/jyeary>
<http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary>
<https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary>
<http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious
triumphs, even though checkered by failure, than to take
rank with those poor spirits who neither enjoy much nor
suffer much, because they live in the gray twilight that
knows not victory nor defeat."
-- Theodore Roosevelt
On Thu, Jan 26, 2012 at 9:02 AM, Pengfei Di
Hello,
Is there any way to configure jersey to a read-only
mode? That means only GET requests are allowed, and
all POST/PUT/DELETE requests will be rejected.
Thanks for any hints.
Pengfei
Pengfei Di
2012-01-27 08:53:58 UTC
Permalink
Since I don't have experience in Guice, I would say that the suggestion
from Paval is very good and easy to implement.
The implementation of a new ContainerRequestFilterwas a just several
minutes job.

Thank you for all the helps!

Pengfei



* *From*: Pavel Bucek <pavel.bucek-QHcLZuEGTsvQT0dZR+***@public.gmane.org>
* *To*: users-ywjJWXFEILO43ww/***@public.gmane.org
* *Subject*: [Jersey] Re: How to reject all POST/PUT/DELETE requests
* *Date*: Thu, 26 Jan 2012 16:29:19 +0100


What about implementing ContainerRequestFilter and taking care of
unwanted request there?

Something like
public class MyContainerRequestFilter implements
ContainerRequestFilter {
@Override
public ContainerRequest filter(ContainerRequest request) {
if(!request.getMethod().equals("GET")) {
throw new
WebApplicationException(Response.status(405).build());
}

return request;
}
}

see
http://jersey.java.net/nonav/apidocs/1.11/jersey/com/sun/jersey/spi/container/ContainerRequestFilter.html

Pavel
Post by Pengfei Di
Hi Igor, Hi John
thanks a lot for your advises.
I would have a look at Guice.
Pengfei
Post by Igor Skornyakov
That's correct. Actually any AOP frameworks will work. In fact I
think that this is the most natural approach as the problem looks
like a textbook example of cross-cutting concern.
Regards,
Igor.
I just saw Igor's method which looks like it may work, but
requires Guice. My suggestion does not require any external
frameworks.
If you are familiar with Guice his suggestion may be the path you
would want to take.
John
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/>
<https://twitter.com/jyeary> <http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary>
<https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary>
<http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious
triumphs, even though checkered by failure, than to take rank
with those poor spirits who neither enjoy much nor suffer much,
because they live in the gray twilight that knows not victory nor
defeat."
-- Theodore Roosevelt
On Thu, Jan 26, 2012 at 9:34 AM, Igor Skornyakov
As I wrote before there is such method. Define Guice module like that
class ReadOnlyModule extends AbstractModule {
@Override
protected void configure() {
MethodInterceptor blocker = new ChangeBlocker();
bindInterceptor(Matchers.any(),
Matchers.annotatedWith(POST.class), blocker);
bindInterceptor(Matchers.any(),
Matchers.annotatedWith(PUT.class), blocker);
bindInterceptor(Matchers.any(),
Matchers.annotatedWith(DELETE.class), blocker);
}
}
Here ChangeBlocker just throws an appropriate Exception.
That's it. You can install ot not install this module based
on configuration.
On Thu, Jan 26, 2012 at 6:27 PM, Pengfei Di
Hi John,
Thanks for the reply.
Yes, your method might be the straightest way. However,
this means that I have to code it hardly on many places.
If I want to again allow these requests, I have to
recoded all these places back.
Hmm, I hope there would be a simpler way.
Pengfei
Post by John Yeary
That is very easy. Simply configure your methods with
@GET and @Produces annotations. Any method like PUT,
DELETE, or POST will automatically return a 405 - Method
Not Allowed response.
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/>
<https://twitter.com/jyeary>
<http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary>
<https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary>
<http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious
triumphs, even though checkered by failure, than to take
rank with those poor spirits who neither enjoy much nor
suffer much, because they live in the gray twilight that
knows not victory nor defeat."
-- Theodore Roosevelt
On Thu, Jan 26, 2012 at 9:02 AM, Pengfei Di
Hello,
Is there any way to configure jersey to a read-only
mode? That means only GET requests are allowed, and
all POST/PUT/DELETE requests will be rejected.
Thanks for any hints.
Pengfei
--
Pengfei Di
Technology

match2blue software development GmbH
Leutragraben 1
07743 Jena

Tel: +49 3641 816 8092
Mobil: +49 1520 166 8691
Fax: +49 3641 573 3479
Email: pengfei.di-***@public.gmane.org
Web : www.match2blue.com
Blog : http://blog.match2blue.com
Registergericht: Amtsgericht Jena
Registernummer: HRB 503726
Geschäftsführerin: Stephanie Renda
John Yeary
2012-01-26 14:35:41 UTC
Permalink
I think you may have not understood, or I may not have understood your
requirement. Let me try to clarify.

If the class had 30 methods for example, ONLY the ones you annotate with
@GET are exposed. Everything else is internal and not exposed via JAX-RS.

Alternatively, you could put a filter on that controls the methods
explicitly, but I am not sure of the benefit there. I would advise against
it generally. Take a look in the com.sun.jersey.api.container.filter code
and look at PostReplaceFilter for ideas on how to implement it.

John
____________________________

John Yeary
____________________________

<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary>
<http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary>
<https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary>
<http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________

"Far better it is to dare mighty things, to win glorious triumphs, even
though checkered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the gray twilight
that knows not victory nor defeat."
-- Theodore Roosevelt
Post by Pengfei Di
**
Hi John,
Thanks for the reply.
Yes, your method might be the straightest way. However, this means that I
have to code it hardly on many places. If I want to again allow these
requests, I have to recoded all these places back.
Hmm, I hope there would be a simpler way.
Pengfei
annotations. Any method like PUT, DELETE, or POST will automatically return
a 405 - Method Not Allowed response.
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary> <http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary> <https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary> <http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious triumphs, even
though checkered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the gray twilight
that knows not victory nor defeat."
-- Theodore Roosevelt
Post by Pengfei Di
Hello,
Is there any way to configure jersey to a read-only mode? That means only
GET requests are allowed, and all POST/PUT/DELETE requests will be rejected.
Thanks for any hints.
Pengfei
Pengfei Di
2012-01-26 14:53:28 UTC
Permalink
Hi John,

I think I should put my requirement more clearly.
The same code would be used in different senarios. In some of them, the
read-only mode is required; and in the other senarios, the write
operations should be allowed.
Now, many of the methods are already annotated with @PUT @POST and
@DELETE. It would not be very good to remove these annotations.


Pengfei
Post by John Yeary
I think you may have not understood, or I may not have understood your
requirement. Let me try to clarify.
If the class had 30 methods for example, ONLY the ones you annotate
JAX-RS.
Alternatively, you could put a filter on that controls the methods
explicitly, but I am not sure of the benefit there. I would advise
against it generally. Take a look in the
com.sun.jersey.api.container.filter code and look at PostReplaceFilter
for ideas on how to implement it.
John
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary>
<http://www.youtube.com/johnyeary> <http://www.linkedin.com/in/jyeary>
<https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary>
<http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious triumphs,
even though checkered by failure, than to take rank with those poor
spirits who neither enjoy much nor suffer much, because they live in
the gray twilight that knows not victory nor defeat."
-- Theodore Roosevelt
Hi John,
Thanks for the reply.
Yes, your method might be the straightest way. However, this means
that I have to code it hardly on many places. If I want to again
allow these requests, I have to recoded all these places back.
Hmm, I hope there would be a simpler way.
Pengfei
@Produces annotations. Any method like PUT, DELETE, or POST will
automatically return a 405 - Method Not Allowed response.
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/>
<https://twitter.com/jyeary> <http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary>
<https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary>
<http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious
triumphs, even though checkered by failure, than to take rank
with those poor spirits who neither enjoy much nor suffer much,
because they live in the gray twilight that knows not victory nor
defeat."
-- Theodore Roosevelt
On Thu, Jan 26, 2012 at 9:02 AM, Pengfei Di
Hello,
Is there any way to configure jersey to a read-only mode?
That means only GET requests are allowed, and all
POST/PUT/DELETE requests will be rejected.
Thanks for any hints.
Pengfei
John Yeary
2012-01-26 14:59:11 UTC
Permalink
I started a reply to Igor which was based on an assumption about your
requirements. Now that they are more clear, I think a better approach would
be using an AOP framework like Igor suggested. It would give you finer
control than my coarse approach.

John
____________________________

John Yeary
____________________________

<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary>
<http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary>
<https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary>
<http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________

"Far better it is to dare mighty things, to win glorious triumphs, even
though checkered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the gray twilight
that knows not victory nor defeat."
-- Theodore Roosevelt
Post by Pengfei Di
**
Hi John,
I think I should put my requirement more clearly.
The same code would be used in different senarios. In some of them, the
read-only mode is required; and in the other senarios, the write operations
should be allowed.
@DELETE. It would not be very good to remove these annotations.
Pengfei
I think you may have not understood, or I may not have understood your
requirement. Let me try to clarify.
If the class had 30 methods for example, ONLY the ones you annotate with
@GET are exposed. Everything else is internal and not exposed via JAX-RS.
Alternatively, you could put a filter on that controls the methods
explicitly, but I am not sure of the benefit there. I would advise against
it generally. Take a look in the com.sun.jersey.api.container.filter code
and look at PostReplaceFilter for ideas on how to implement it.
John
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary> <http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary> <https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary> <http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious triumphs, even
though checkered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the gray twilight
that knows not victory nor defeat."
-- Theodore Roosevelt
Post by Pengfei Di
Hi John,
Thanks for the reply.
Yes, your method might be the straightest way. However, this means that I
have to code it hardly on many places. If I want to again allow these
requests, I have to recoded all these places back.
Hmm, I hope there would be a simpler way.
Pengfei
annotations. Any method like PUT, DELETE, or POST will automatically return
a 405 - Method Not Allowed response.
____________________________
John Yeary
____________________________
<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary> <http://www.youtube.com/johnyeary>
<http://www.linkedin.com/in/jyeary> <https://plus.google.com/112146428878473069965>
<http://www.facebook.com/jyeary> <http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
<http://netbeans.org/people/84414-jyeary>
____________________________
"Far better it is to dare mighty things, to win glorious triumphs, even
though checkered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the gray twilight
that knows not victory nor defeat."
-- Theodore Roosevelt
Post by Pengfei Di
Hello,
Is there any way to configure jersey to a read-only mode? That means
only GET requests are allowed, and all POST/PUT/DELETE requests will be
rejected.
Thanks for any hints.
Pengfei
Loading...