On Jun 20, 2008, at 1:04 AM, Grazi, Victor wrote:
> In our planned REST implementation, every method call will be
> receiving a session id in the authorization header.
> Therefore every method will start by calling the same boilerplate
> code to extract the associated session from Oracle, use that to
> extract user info and determine entitlements.
>
> (Or throw an exception if the session expired.)
>
> This seems like a pretty common use-case. Is there any way to
> handle that using annotations or through any other JSR-311 or Java
> standard construct?
>
> Some sort of AOP?
>
I dunno much about AOP but you can use AOP/Spring with Jersey and the
spring servlet.
This seems like more of an approach for filters. You can use a
servlet filter. But, i am planning to include filter support in
Jersey 0.9, which will make it easier to process things at a higher
level and implement cases like auth stuff without having to do this
in the application code.
There is perhaps an alternative way. If you are using the per-request
life-cycle and have resource classes that extend from a base resource
class then the constructor in the base resource class can perform the
checking. It is not necessarily the best way but it could make it
easier to adapt to a filter approach when ready.
Paul.