users@jersey.java.net

Re: [Jersey] Accessing Request Parameters in MessageBodyWriter?

From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
Date: Mon, 05 Oct 2009 14:52:06 +0200

On Oct 5, 2009, at 2:39 PM, Jan Algermissen wrote:

> Paul,
>
> thank you. A few questions though:
>
> On Oct 5, 2009, at 11:08 AM, Paul Sandoz wrote:
>
>> Hi Jan,
>>
>> You can inject UriInfo, and other JAX-RS artifacts (like
>> HttpHeades, Request etc):
>
> Yes, that is what I was thinking, but I missed the fact that I can
> make it an instance variable and still access the per-request data
> via hread local.
>
> However, is this good/intended design at all? IIRC I read that (at
> least for security information) going via thread local is not the
> best thing to do.
>

Why? in EE it is a fairly common to use such mechanisms, although i am
not aware of security issues.

Note that only javax.ws.rs.SecurityContext is related to obtaining
security related information (in terms of implementation for a web app
it wraps the functionality available on the HttpServletRequest)


> Would it be better to create a wrapper around the 'business object'
> returned from the resource method and to include the per-request
> data there and then write a MessageBodyWriter that maps the wrapper
> object instead of the business object?
>

You can do that too, but it may require more work to construct of that
business (model?) object.


> (Sorry for having so many questions - I do deeply regret that I was
> stuck in customer projects 2007/2008 and could not participate in
> the JSR311 effort as I planned.)
>

No problem. Maybe for JAX-RS 2.0 !

Paul.