users@jersey.java.net

Authentication handling with annotations / proxying sub-resources

From: Martin Grotzke <martin.grotzke_at_javakaffee.de>
Date: Thu, 06 Mar 2008 18:11:29 +0100

Hi,

I want to add some authentication handling to our api and think about
possible solutions.

I would like to do this with annotations, e.g. some @Security
annotation, that might have attributes like "forceSSL",
"requireAppPermissions", "authMode" etc.

Then all resources would have to be proxied, so that the security
requirements can be checked/handled. And proxying resources of course
also means proxying subresources.

I see the following possible solutions for doing this:
1) use the IoC container to obtain some proxied instance; for
   subresources, population of properties (like the actual user or
   userId) would be done by the resource afterwards
2) use some custom (application specific) factory that knows about
   resources and is given all required properties for creation of some
   resource, and that then add proxying "manually"...
3) use the jersey ComponentProvider as described in Pauls posting ([1]),
   that can provide also integration of some IoC container.

I most like door 3), as it provides the best integration.
1) does not allow constuctor-based injection or bean validation (like
springs afterPropertiesSet). 2) is also somehow too much homegrow...

What do you think? Would it be an option to provide s.th. like solution
3), could I help somehow to achieve this?

Thanx && cheers,
Martin


[1] https://jersey.dev.java.net/servlets/ReadMsg?listName=users&msgNo=644