On Sun, Mar 23, 2008 at 5:55 PM, Martin Grotzke
<martin.grotzke_at_javakaffee.de> wrote:
> Hi Lars,
>
> one thing I could think of is to implement your own component provider,
> that checks if the class to instantiate has your @Interceptors
> annotation or any method has e.g. your @Audit annotation. For these
> classes you could return a proxied instance (e.g. using cglib), so that
> you can intercept method invocations.
>
> This approach works for root resources and subresources that are created
> by jersey (you can return a class object from a resource method).
> For subresources that are instantiated directly within resource methods
> (e.g. return a new OrderResource for the current user) instead of using
> jersey / the component provider, there's still a final solution missing
> - AFAIK.
Hi Martin
Thanks for the suggestion, it does indeed seam to work, the problem
with nested resources is however quite annoying as I have heap of
those. It might be an idea for the JAX-RS spec people to consider
adding interceptor support similar to the one found in EJB i.e.
http://java.sun.com/javaee/5/docs/api/javax/interceptor/package-summary.html
and particularly:
http://java.sun.com/javaee/5/docs/api/javax/interceptor/InvocationContext.html
This could also fit neatly with the provider scheme as it would let me
intercept the parameters/result and do what ever kind of conversion I
deem necessary. Anyway until a better solution exists I will just
apply my security pragmatically inside each method.
--
Yours sincerely
Lars Tackmann