On Aug 28, 2012, at 2:51 PM, Bill Burke <bburke_at_redhat.com> wrote:
>
>
> On 8/24/2012 10:26 AM, Marek Potociar wrote:
>>>> What about the distinction between pre-post matching request filters? Do
>>>> we need that at all? Can we just have all "unbound" filters pre-matching
>>>> and all name-bound or dynamically-bound post-matching?
>>>
>>> I don't think we can do that (remove @PreMach). For example,
>>> something like @RolesAllowed is a name-bound filter and authorization
>>> should really come before as many filters as possible, don't you think?
>>
>> But isn't that something that may be completely resource-method
>> specific? IOW, doesn't it have to be done only after the resource method
>> has been matched?
>>
>
> I'll give you an example:
>
> We have a global server-side cache that is implemented as a set of filters. It "aborts" the request if there is a cache hit and returns the cached response. This *MUST* come after authorization. The cache is not name bound, but authorization is.
Can your caching solution be changed to be name or dynamically bound (and then e.g. applied to the whole JAX-RS application)? Is there a use case where your users would benefit from selective caching possible with name/dynamically bound caching solution?
Marek
>
> Bill
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com