How can we access the request header data from the constructor?
On 6/20/08, Paul Sandoz <Paul.Sandoz_at_sun.com> wrote:
>
> On Jun 20, 2008, at 1:04 AM, Grazi, Victor wrote:
>
>> In our planned REST implementation, every method call will be
>> receiving a session id in the authorization header.
>> Therefore every method will start by calling the same boilerplate
>> code to extract the associated session from Oracle, use that to
>> extract user info and determine entitlements.
>>
>> (Or throw an exception if the session expired.)
>>
>> This seems like a pretty common use-case. Is there any way to
>> handle that using annotations or through any other JSR-311 or Java
>> standard construct?
>>
>> Some sort of AOP?
>>
>
> I dunno much about AOP but you can use AOP/Spring with Jersey and the
> spring servlet.
>
> This seems like more of an approach for filters. You can use a
> servlet filter. But, i am planning to include filter support in
> Jersey 0.9, which will make it easier to process things at a higher
> level and implement cases like auth stuff without having to do this
> in the application code.
>
> There is perhaps an alternative way. If you are using the per-request
> life-cycle and have resource classes that extend from a base resource
> class then the constructor in the base resource class can perform the
> checking. It is not necessarily the best way but it could make it
> easier to adapt to a filter approach when ready.
>
> Paul.
>