You can inject the HttpServletRequest if you are running in a
ServletContainer. With that you can get at the current user with the
getUserPrincipal() method.
An alternative approach, which is rather more involved, would be to
write your own resource provider where you can perform custom
injection, see e.g. the Spring integration I describe at:
http://weblogs.java.net/blog/mhadley/archive/2007/09/integrating_jer.html
We do plan to directly address security issues like this but JSR 311
hasn't yet defined the injection types.
Marc.
On Nov 16, 2007, at 3:26 PM, Patrick Ruhkopf wrote:
> Hi there,
>
> I would like to inject the current user object to my resources. Is
> there a
> way to create customized annotations and injectables?
>
> I looked at the source code and noticed a comment in
> com.sun.ws.rest.impl.application.WebApplicationContext (line 127)
> saying
> "TODO defer to other injection providers".
>
> This sounds promising. Is this going to be implemented soon? If not,
> how
> would you implement security functionality? With plain old servlet
> filters?
>
> Regards
> Patrick
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: dev-help_at_jersey.dev.java.net
>
---
Marc Hadley <marc.hadley at sun.com>
CTO Office, Sun Microsystems.