Discussion:
Access to method in a filter
Robert DiFalco
2014-04-29 18:51:06 UTC
Permalink
Is there a way to access the Resource method that will be called in a
ContainerRequestFilter? I have a scenario where I want Basic Authentication
on my REST API. This was a very simple filter to write. However, there are
some methods that I want to be unauthenticated.

My naive approach was to create an annotation @Unauthenticated that I could
either put on a Resource at the class or method level. Then in my filter I
could see if this annotation exists and if it does skip my Basic API
authentication.

Unfortunately, while I *can* figure out how to get the resource object in
the filter by calling 'requestCtx.getUriInfo().getMatchedResources()' I can
*NOT* figure out how to get the method that is going to be invoked.

So I can check for annotations at the class level but I cannot figure out
how to check for them at the method level. Any guidance would be greatly
appreciated!
Michal Gajdos
2014-04-29 19:32:08 UTC
Permalink
Hi Robert,

there are 3 possible choices for you:

1) (JAX-RS) inject ResourceInfo ([1]) into your (post-matching) request
filter
2) (Jersey specific) if you need more info cast UriInfo into
ExtendedUriInfo ([2]) and look for getMatchedResourceMethod() ([3])
3) (JAX-RS) bind the container request filter directly to a resource
method - it's opposite approach than yours, described here [4]

[1]
https://jersey.java.net/apidocs/latest/jersey/javax/ws/rs/container/ResourceInfo.html
[2]
https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ExtendedUriInfo.html
[3]
https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ExtendedUriInfo.html#getMatchedResourceMethod()
[4]
http://blog.dejavu.sk/2014/01/08/binding-jax-rs-providers-to-resource-methods/

HTH,
Michal
Post by Robert DiFalco
Is there a way to access the Resource method that will be called in a
ContainerRequestFilter? I have a scenario where I want Basic
Authentication on my REST API. This was a very simple filter to write.
However, there are some methods that I want to be unauthenticated.
could either put on a Resource at the class or method level. Then in
my filter I could see if this annotation exists and if it does skip my
Basic API authentication.
Unfortunately, while I *can* figure out how to get the resource object
in the filter by calling
'requestCtx.getUriInfo().getMatchedResources()' I can *NOT* figure out
how to get the method that is going to be invoked.
So I can check for annotations at the class level but I cannot figure
out how to check for them at the method level. Any guidance would be
greatly appreciated!
Robert DiFalco
2014-04-29 19:54:11 UTC
Permalink
Perfect. Thanks Michal.

Sent from my iPhone
Post by Michal Gajdos
Hi Robert,
1) (JAX-RS) inject ResourceInfo ([1]) into your (post-matching) request filter
2) (Jersey specific) if you need more info cast UriInfo into ExtendedUriInfo ([2]) and look for getMatchedResourceMethod() ([3])
3) (JAX-RS) bind the container request filter directly to a resource method - it's opposite approach than yours, described here [4]
[1] https://jersey.java.net/apidocs/latest/jersey/javax/ws/rs/container/ResourceInfo.html
[2] https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ExtendedUriInfo.html
[3] https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ExtendedUriInfo.html#getMatchedResourceMethod()
[4] http://blog.dejavu.sk/2014/01/08/binding-jax-rs-providers-to-resource-methods/
HTH,
Michal
Is there a way to access the Resource method that will be called in a ContainerRequestFilter? I have a scenario where I want Basic Authentication on my REST API. This was a very simple filter to write. However, there are some methods that I want to be unauthenticated.
Unfortunately, while I *can* figure out how to get the resource object in the filter by calling 'requestCtx.getUriInfo().getMatchedResources()' I can *NOT* figure out how to get the method that is going to be invoked.
So I can check for annotations at the class level but I cannot figure out how to check for them at the method level. Any guidance would be greatly appreciated!
Robert DiFalco
2014-04-29 22:45:33 UTC
Permalink
Any draw backs to conditionally adding the filter in a DynamicFeature?
Post by Michal Gajdos
Hi Robert,
1) (JAX-RS) inject ResourceInfo ([1]) into your (post-matching) request
filter
2) (Jersey specific) if you need more info cast UriInfo into
ExtendedUriInfo ([2]) and look for getMatchedResourceMethod() ([3])
3) (JAX-RS) bind the container request filter directly to a resource
method - it's opposite approach than yours, described here [4]
[1] https://jersey.java.net/apidocs/latest/jersey/javax/
ws/rs/container/ResourceInfo.html
[2] https://jersey.java.net/apidocs/latest/jersey/org/
glassfish/jersey/server/ExtendedUriInfo.html
[3] https://jersey.java.net/apidocs/latest/jersey/org/
glassfish/jersey/server/ExtendedUriInfo.html#getMatchedResourceMethod()
[4] http://blog.dejavu.sk/2014/01/08/binding-jax-rs-providers-
to-resource-methods/
HTH,
Michal
Post by Robert DiFalco
Is there a way to access the Resource method that will be called in a
ContainerRequestFilter? I have a scenario where I want Basic Authentication
on my REST API. This was a very simple filter to write. However, there are
some methods that I want to be unauthenticated.
could either put on a Resource at the class or method level. Then in my
filter I could see if this annotation exists and if it does skip my Basic
API authentication.
Unfortunately, while I *can* figure out how to get the resource object in
the filter by calling 'requestCtx.getUriInfo().getMatchedResources()' I
can *NOT* figure out how to get the method that is going to be invoked.
So I can check for annotations at the class level but I cannot figure out
how to check for them at the method level. Any guidance would be greatly
appreciated!
Michal Gajdos
2014-04-30 09:13:05 UTC
Permalink
Not really. For most of the cases dynamic features are configured at
deployment time. In some cases (subresource locators represented by
returned class or programmatically created resource) they are configured
during runtime (when processing a request) but the overhead of this is
minimal.

Michal
Post by Robert DiFalco
Any draw backs to conditionally adding the filter in a DynamicFeature?
On Tue, Apr 29, 2014 at 12:32 PM, Michal Gajdos
Hi Robert,
1) (JAX-RS) inject ResourceInfo ([1]) into your (post-matching)
request filter
2) (Jersey specific) if you need more info cast UriInfo into
ExtendedUriInfo ([2]) and look for getMatchedResourceMethod() ([3])
3) (JAX-RS) bind the container request filter directly to a
resource method - it's opposite approach than yours, described
here [4]
[1]
https://jersey.java.net/apidocs/latest/jersey/javax/ws/rs/container/ResourceInfo.html
[2]
https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ExtendedUriInfo.html
[3]
https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ExtendedUriInfo.html#getMatchedResourceMethod()
<https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ExtendedUriInfo.html#getMatchedResourceMethod%28%29>
[4]
http://blog.dejavu.sk/2014/01/08/binding-jax-rs-providers-to-resource-methods/
HTH,
Michal
Is there a way to access the Resource method that will be
called in a ContainerRequestFilter? I have a scenario where I
want Basic Authentication on my REST API. This was a very
simple filter to write. However, there are some methods that I
want to be unauthenticated.
that I could either put on a Resource at the class or method
level. Then in my filter I could see if this annotation exists
and if it does skip my Basic API authentication.
Unfortunately, while I *can* figure out how to get the
resource object in the filter by calling
'requestCtx.getUriInfo().getMatchedResources()' I can *NOT*
figure out how to get the method that is going to be invoked.
So I can check for annotations at the class level but I cannot
figure out how to check for them at the method level. Any
guidance would be greatly appreciated!
Robert DiFalco
2014-04-30 14:54:22 UTC
Permalink
Thanks Michal, that seems to work well. Wow, stepping through it with a
debugger I sure see a lot of WADL related stuff come through. I don't
suppose that is a configurable feature is it? I don't really use WADL, I
use Miredot for documentation.
Post by Michal Gajdos
Not really. For most of the cases dynamic features are configured at
deployment time. In some cases (subresource locators represented by
returned class or programmatically created resource) they are configured
during runtime (when processing a request) but the overhead of this is
minimal.
Michal
Any draw backs to conditionally adding the filter in a DynamicFeature?
Post by Michal Gajdos
Hi Robert,
1) (JAX-RS) inject ResourceInfo ([1]) into your (post-matching) request
filter
2) (Jersey specific) if you need more info cast UriInfo into
ExtendedUriInfo ([2]) and look for getMatchedResourceMethod() ([3])
3) (JAX-RS) bind the container request filter directly to a resource
method - it's opposite approach than yours, described here [4]
[1]
https://jersey.java.net/apidocs/latest/jersey/javax/ws/rs/container/ResourceInfo.html
[2]
https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ExtendedUriInfo.html
[3]
https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ExtendedUriInfo.html#getMatchedResourceMethod()
[4]
http://blog.dejavu.sk/2014/01/08/binding-jax-rs-providers-to-resource-methods/
HTH,
Michal
Post by Robert DiFalco
Is there a way to access the Resource method that will be called in a
ContainerRequestFilter? I have a scenario where I want Basic Authentication
on my REST API. This was a very simple filter to write. However, there are
some methods that I want to be unauthenticated.
could either put on a Resource at the class or method level. Then in my
filter I could see if this annotation exists and if it does skip my Basic
API authentication.
Unfortunately, while I *can* figure out how to get the resource object
in the filter by calling 'requestCtx.getUriInfo().getMatchedResources()' I
can *NOT* figure out how to get the method that is going to be invoked.
So I can check for annotations at the class level but I cannot figure
out how to check for them at the method level. Any guidance would be
greatly appreciated!
Michal Gajdos
2014-04-30 15:02:47 UTC
Permalink
You can turn off WADL generation via
ServerProperties.WADL_FEATURE_DISABLE ([1]) property.

[1]
https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ServerProperties.html#WADL_FEATURE_DISABLE

Michal
Post by Robert DiFalco
Thanks Michal, that seems to work well. Wow, stepping through it with
a debugger I sure see a lot of WADL related stuff come through. I
don't suppose that is a configurable feature is it? I don't really use
WADL, I use Miredot for documentation.
On Wed, Apr 30, 2014 at 2:13 AM, Michal Gajdos
Not really. For most of the cases dynamic features are configured
at deployment time. In some cases (subresource locators
represented by returned class or programmatically created
resource) they are configured during runtime (when processing a
request) but the overhead of this is minimal.
Michal
Post by Robert DiFalco
Any draw backs to conditionally adding the filter in a
DynamicFeature?
On Tue, Apr 29, 2014 at 12:32 PM, Michal Gajdos
Hi Robert,
1) (JAX-RS) inject ResourceInfo ([1]) into your
(post-matching) request filter
2) (Jersey specific) if you need more info cast UriInfo into
ExtendedUriInfo ([2]) and look for getMatchedResourceMethod() ([3])
3) (JAX-RS) bind the container request filter directly to a
resource method - it's opposite approach than yours,
described here [4]
[1]
https://jersey.java.net/apidocs/latest/jersey/javax/ws/rs/container/ResourceInfo.html
[2]
https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ExtendedUriInfo.html
[3]
https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ExtendedUriInfo.html#getMatchedResourceMethod()
<https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ExtendedUriInfo.html#getMatchedResourceMethod%28%29>
[4]
http://blog.dejavu.sk/2014/01/08/binding-jax-rs-providers-to-resource-methods/
HTH,
Michal
Is there a way to access the Resource method that will be
called in a ContainerRequestFilter? I have a scenario
where I want Basic Authentication on my REST API. This
was a very simple filter to write. However, there are
some methods that I want to be unauthenticated.
My naive approach was to create an annotation
@Unauthenticated that I could either put on a Resource at
the class or method level. Then in my filter I could see
if this annotation exists and if it does skip my Basic
API authentication.
Unfortunately, while I *can* figure out how to get the
resource object in the filter by calling
'requestCtx.getUriInfo().getMatchedResources()' I can
*NOT* figure out how to get the method that is going to
be invoked.
So I can check for annotations at the class level but I
cannot figure out how to check for them at the method
level. Any guidance would be greatly appreciated!
Robert DiFalco
2014-04-30 15:39:02 UTC
Permalink
Well, it's not a huge issue but I still seem to get all the WADL package
classes and methods being processed/registered. Pretty much every wadl
package class/method gets passed into my DynamicFeature.
Post by Michal Gajdos
You can turn off WADL generation via
ServerProperties.WADL_FEATURE_DISABLE ([1]) property.
[1]
https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ServerProperties.html#WADL_FEATURE_DISABLE
Michal
Thanks Michal, that seems to work well. Wow, stepping through it with a
debugger I sure see a lot of WADL related stuff come through. I don't
suppose that is a configurable feature is it? I don't really use WADL, I
use Miredot for documentation.
Post by Michal Gajdos
Not really. For most of the cases dynamic features are configured at
deployment time. In some cases (subresource locators represented by
returned class or programmatically created resource) they are configured
during runtime (when processing a request) but the overhead of this is
minimal.
Michal
Any draw backs to conditionally adding the filter in a DynamicFeature?
Post by Michal Gajdos
Hi Robert,
1) (JAX-RS) inject ResourceInfo ([1]) into your (post-matching) request
filter
2) (Jersey specific) if you need more info cast UriInfo into
ExtendedUriInfo ([2]) and look for getMatchedResourceMethod() ([3])
3) (JAX-RS) bind the container request filter directly to a resource
method - it's opposite approach than yours, described here [4]
[1]
https://jersey.java.net/apidocs/latest/jersey/javax/ws/rs/container/ResourceInfo.html
[2]
https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ExtendedUriInfo.html
[3]
https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/server/ExtendedUriInfo.html#getMatchedResourceMethod()
[4]
http://blog.dejavu.sk/2014/01/08/binding-jax-rs-providers-to-resource-methods/
HTH,
Michal
Post by Robert DiFalco
Is there a way to access the Resource method that will be called in a
ContainerRequestFilter? I have a scenario where I want Basic Authentication
on my REST API. This was a very simple filter to write. However, there are
some methods that I want to be unauthenticated.
could either put on a Resource at the class or method level. Then in my
filter I could see if this annotation exists and if it does skip my Basic
API authentication.
Unfortunately, while I *can* figure out how to get the resource object
in the filter by calling 'requestCtx.getUriInfo().getMatchedResources()' I
can *NOT* figure out how to get the method that is going to be invoked.
So I can check for annotations at the class level but I cannot figure
out how to check for them at the method level. Any guidance would be
greatly appreciated!
Loading...