Jax-rs 1.1 with a protective filter and dependency injection, how to do it?

Question

Jax-rs 1.1 with a protective filter and dependency injection, how to do it?

For example, I have the following JAX-RS 1.1 method that receives a JWT token , validates it, and then processes or rejects the request, for example:

@GET
public Response getBook(@HeaderParam("Authorization") String authorizationToken, @QueryParam("id") String bookId) {

    //if(authorizationToken is a valid JWT token)
    //      get User object which represented by this token
    //      get required book from database
    //      return 200 code with a book within response
    //else if(authorizationToken is invalid by whatever reason it's)
    //      return 401 code within a response
    //else if(database error)
    //      return 500 code within a response

}

As you can see in every jax-rs method, I need to use the same lines of code: check the token, convert it to an object User, return a 401 error if it is invalid.

, , User Exception, - . webfilter, , jax-rs 401, .

. Webfilter, JWT, User jax-rs :

@GET
public Response getBook(@RequestByUser User user, @QueryParam("id") String bookId) {

    //if(get required book from database was successfull)
    //      return 200 code with a book within response
    //else(database error)
    //      return 500 code within a response
}

, , , , . JAX-RS 1.1?

+4

java-ee servlets servlet-filters cdi jax-rs

Anatoly 30 '16 21:15

2

/ . Jersey.

public class AuthorizationRequestFilter implements ContainerRequestFilter {

    @Override
    public void filter(ContainerRequestContext requestContext)
                    throws IOException {

        final SecurityContext securityContext =
                    requestContext.getSecurityContext();
        if (securityContext == null ||
                    !securityContext.isUserInRole("privileged")) {

                requestContext.abortWith(Response
                    .status(Response.Status.UNAUTHORIZED)
                    .entity("User cannot access the resource.")
                    .build());
        }
    }
}

+1

user861594 04 . '16 6:29

stdunbar · Accepted Answer · 2016-05-31T21:26:08+0000

, , , - . , ThreadLocal , . , , .

, - - , .

, ? ThreadLocal , . , , .

, :

JWTFilter.java

@WebFilter(urlPatterns={"/*"}
public class JWTFilter implements Filter {
        public void doFilter(ServletRequest request,
                             ServletResponse response,
                             FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;

        String jwt = req.getHeader("Authorization");
        User user = getUserFromJWT(jwt);  // you'll have to code this
        if(user != null) {
            req.getSession().setAttribute("user", user);
            chain.doFilter(request, response);
        }
        else {
            HttpServletResponse resp = (HttpServletResponse)response;
            resp.sendError(HttpServletResponse.SC_FORBIDDEN);
        }
    }
}

YourService.java

@GET
public Response getBook(@QueryParam("id") String bookId,
                        @Context HttpServletRequest request) {
    User user = (User)request.getSession().getAttribute("user");    
}

"" - HttpServletRequest, , . - , JWT .

JAX-RS / Servlet .

Jax-rs 1.1 with a protective filter and dependency injection, how to do it?

More articles: