Getting resource annotations in Jersey 1.18.1 requ

I'm implementing a user authorization module that will be applied on a resource method using a (new) annotation.
In order to do so, I created a Jersey (request) filter in which I need to get the annotation in order to allow / disallow the resource operation.

I'm using Dropwizard 0.7.1 with Jersey 1.18.1

The resource class:

@Path("/v1/users/registration")
@Produces(MediaType.APPLICATION_JSON)
@Api(value = "/users/registration")
public class UserRegistrationResource {
    @POST
    @AuthorizedFor(Realm.SOCIAL) // The custom annotation class
    public SessionModel register(
            @Valid
            @ApiParam(value = "New user to be registered", required = true)
            NewUser user) throws Exception {

        // Some logic
    ...
    }
}

The filter class:

@Provider
public class AuthorizationFilter implements ContainerRequestFilter {

    @Context
    AbstractMethod method;

    @Override
    public ContainerRequest filter(ContainerRequest request) {

    // At this point, the method parameter is null :(

    Realm realm = null;
        User user = Context.get(Session.class).getUser();
        for (Annotation annotation : method.getAnnotations()) {
            if (AuthorizedFor.class == annotation.annotationType()) {
                realm = ((AuthorizedFor) annotation).value();
            }
        }
        if (realm != null) {
            for (Realm userRealm : user.getRole().getAllowedRealms()) {
                if (userRealm.equals(realm)) {
                    return request;
                }
            }
        }
        throw new ApiException(ResponseCode.UNAUTHORIZED);
    }
}

The provider class:

@Provider
public class AbstractMethodProvider extends AbstractHttpContextInjectable<AbstractMethod> implements InjectableProvider<Context, Parameter> {

    @Override
    public Injectable<AbstractMethod> getInjectable(ComponentContext ic, Context context, Parameter parameter) {
        if (parameter.getParameterType() == AbstractMethod.class) {
            return this;
        }
        return null;
    }

    @Override
    public ComponentScope getScope() {
        return ComponentScope.PerRequest;
    }

    @Override
    public AbstractMethod getValue(HttpContext context) {
        return context.getUriInfo().getMatchedMethod();
    }
}

The filter and provider initalization code:

environment.jersey().getResourceConfig().getContainerRequestFilters().add(new AuthorizationFilter());
environment.jersey().register(new AbstractMethodProvider());

I've also tried to inject HttpContext in the filter. It wasn't null but getUriInfo().getMatchedMethod() was null.
Is there a better way to get resource method annotations in a Jersey request filter?

You can implement a ResourceFilterFactory to get the AbstractMethod.

public class AuthorizationFilterFactory implements ResourceFilterFactory {

    @Override
    public List<ResourceFilter> create(AbstractMethod abstractMethod) {
        return Arrays.asList(this.createAuthorizationFilter(abstractMethod));
    }

    private ResourceFilter createAuthorizationFilter(final AbstractMethod abstractMethod) {
        return new ResourceFilter() {
            @Override
            public ContainerRequestFilter getRequestFilter() {
                return new AuthorizationFilter(abstractMethod);
            }

            @Override
            public ContainerResponseFilter getResponseFilter() {
                return null;
            }
        };
    }
}

So, your AuthorizationFilter will look like:

@Provider
public class AuthorizationFilter implements ContainerRequestFilter {

    private final AbstractMethod method;

    public AuthorizationFilter(AbstractMethod method) {
        this.method = method;
    }

    @Override
    public ContainerRequest filter(ContainerRequest request) {
        Realm realm = null;
        User user = Context.get(Session.class).getUser();
        for (Annotation annotation : method.getAnnotations()) {
            if (AuthorizedFor.class == annotation.annotationType()) {
                realm = ((AuthorizedFor) annotation).value();
            }
        }
        if (realm != null) {
            for (Realm userRealm : user.getRole().getAllowedRealms()) {
                if (userRealm.equals(realm)) {
                    return request;
                }
            }
        }
        throw new ApiException(ResponseCode.UNAUTHORIZED);
    }
}

To register your factory:

environment.jersey().getResourceConfig().getResourceFilterFactories().add(new AuthorizationFilterFactory());

Getting resource annotations in Jersey 1.18.1 requ

问题:

回答1:

收藏的人(0)

Getting resource annotations in Jersey 1.18.1 requ

问题:

回答1:

收藏的人(0)

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮