Hi,
My application has a filter in which I check some security constraints
against the credentials associated with the requesting user. This works
properly for GET methods that I've implemented in my resources and
sub-resources.
I've haing a problem, though, with the HEAD support provided by Jersey.
Since I don't explicitly declare a @HEAD method in my resources, it's ending
up at ResourceHeaderWrapperMethod. The upshot is that my security filter is
not being called -- while a GET is rejected (I return a 403), a HEAD of the
same resource is permitted. I expected HEAD to work by invoking GET and
then discarding the body, but obviously things don't work this way.
The simple answer would be to add new @HEAD methods to all my resources (and
subresources) but I really don't want to do this. Is there a way to use a
filter or some other mechanism to handle this in a central place?
Thanks,
Jeff