users@jersey.java.net

Re: [Jersey] QueryParam filter?

From: Martin Grotzke <martin.grotzke_at_freiheit.com>
Date: Tue, 06 May 2008 08:56:43 +0200

Hi Andrew,

are you using an IoC-container that provides AOP-features, like e.g.
spring? In this case you might use AOP functionality of spring an define
your pointcuts and advices accordingly. Your resource classes then must
be managed by the IoC-container, that AOP stuff is applied.

For spring (2.5) the introduction to their AOP integration is here [1].

Cheers,
Martin


[1] http://static.springframework.org/spring/docs/2.5.x/reference/aop.html


On Mon, 2008-05-05 at 15:37 -0700, Andrew Cole wrote:
> Hi all.
>
> Just joined the list and I've read through some of the archives and
> didn't find quite what I was looking for. Nearest thing seems to be
> the Security Interceptors thread from late March.
>
> In my app I have an authentication token coming in as a query param
> for methods that need authentication. I can decode the authentication
> token and create an object with information about the user. I would
> like to be able to easily specify which methods need authentication,
> and then have the token information made available to those methods.
> I'm thinking that ideally I could have an annotation that works like:
>
> @GET
> @Path("verifyLogin")
> @ProduceMime("text/plain")
> @MyAuthAnnotation // indicates this method requires a valid session token
> public String verifyLogin(@MyAuthQueryParam SessionToken token) { //
> session token initialized from the value of the query param passed in
> as argument
> return token.getUsername() + " is logged in and has account ID: " +
> token.getAccountId();
> }
>
> The important thing is to make it as simple as possible to require
> authentication for a method, since this code will be used over and
> over for many methods.
>
> I have tried using the regular QueryParam syntax and making my
> SessionToken constructor accept a String argument. In the constructor
> I can verify that the token is valid and decode the user information.
> This works well except when someone calls the method without including
> the query parameter in the request at all. In this case, the
> QueryParam-annotated argument to my method is null (and I don't want
> to have to check for nulls in every method that requires
> authentication).
>
> Any ideas on how I can go about this?
>
> Thanks,
> Andrew
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net