Hi all.
Just joined the list and I've read through some of the archives and
didn't find quite what I was looking for. Nearest thing seems to be
the Security Interceptors thread from late March.
In my app I have an authentication token coming in as a query param
for methods that need authentication. I can decode the authentication
token and create an object with information about the user. I would
like to be able to easily specify which methods need authentication,
and then have the token information made available to those methods.
I'm thinking that ideally I could have an annotation that works like:
@GET
@Path("verifyLogin")
@ProduceMime("text/plain")
@MyAuthAnnotation // indicates this method requires a valid session token
public String verifyLogin(@MyAuthQueryParam SessionToken token) { //
session token initialized from the value of the query param passed in
as argument
return token.getUsername() + " is logged in and has account ID: " +
token.getAccountId();
}
The important thing is to make it as simple as possible to require
authentication for a method, since this code will be used over and
over for many methods.
I have tried using the regular QueryParam syntax and making my
SessionToken constructor accept a String argument. In the constructor
I can verify that the token is valid and decode the user information.
This works well except when someone calls the method without including
the query parameter in the request at all. In this case, the
QueryParam-annotated argument to my method is null (and I don't want
to have to check for nulls in every method that requires
authentication).
Any ideas on how I can go about this?
Thanks,
Andrew