Very nice feature, Paul,
However, it seems the security context isn't passed along from the original
request to the constructed request inside matchResource
(WebApplicationContext.java:createMatchResourceContext). One of my
subresource locator methods are annotated with @RolesAllowed, and I'm
getting a java.lang.UnsupportedOperation exception thrown when trying to
resolve an URI. The original user has the appropriate role, and the request
URI passes another subresource locator with the same @RolesAllowed
annotation.
Are there any other potential problems with copying the security context
along, or is this just an oversight?
On Wed, Jun 2, 2010 at 4:25 PM, Paul Sandoz <Paul.Sandoz_at_sun.com> wrote:
> Hi,
>
> I have fixed issue 436:
>
> https://jersey.dev.java.net/issues/show_bug.cgi?id=436
>
> So it is now possible to match a URI to a resource. See end of email for
> JavaDoc.
>
> There are some possible side-effects depending on how your application is
> constructed. Matching will share the scope of the HTTP request. Resources
> will be constructed if references are not already in scope. Sub-resource
> locator methods may be invoked.
>
> Paul.
>
> /**
> * The resource context provides access to instances of resource classes.
> * <p>
> * This interface can be injected using the {_at_link Context} annotation.
> * <p>
> * The resource context can be utilized when instances of managed resource
> * classes are to be returned by sub-resource locator methods. Such
> instances
> * will be injected and managed within the declared scope just like
> instances
> * of root resource classes.
> * <p>
> * The resource context can be utilized when matching of URIs are
> * required, for example when validating URIs sent in a request entity.
> * Note that application functionality may be affected as the matching
> * process will result in the construction or sharing of previously
> constructed
> * resource classes that are in scope of the HTTP request, and the
> invocation of
> * matching sub-resource locator methods. No resource methods wll be
> invoked.
> *
> * @author <a href="mailto:martin.grotzke_at_freiheit.com">Martin Grotzke</a>
> * @author Paul.Sandoz_at_Sun.Com
> */
> public interface ResourceContext {
>
> /**
> * Match a URI to URI information.
> * <p>
> * If the URI is relative then the base URI of the application will be
> * used to resolve the relative URI to an absolute URI.
> * If the URI is absolute then it must be relative to the base URI of
> the
> * application.
> *
> * @param u the URI.
> * @return the URI information, otherwise null if the URI cannot be
> matched.
> * @throws ContainerException if there is an error when matching.
> */
> ExtendedUriInfo matchUriInfo(URI u) throws ContainerException;
>
> /**
> * Match a URI to a resource instance.
> * <p>
> * If the URI is relative then the base URI of the application will be
> * used to resolve the relative URI to an absolute URI.
> * If the URI is absolute then it must be relative to the base URI of
> the
> * application.
> *
> * @param u the URI.
> * @return the resource instance, otherwise null if the URI cannot be
> * matched.
> * @throws ContainerException if there is an error when matching.
> */
> Object matchResource(URI u) throws ContainerException;
>
> /**
> * Match a URI to a resource instance.
> * <p>
> * If the URI is relative then the base URI of the application will be
> * used to resolve the relative URI to an absolute URI.
> * If the URI is absolute then it must be relative to the base URI of
> the
> * application.
> *
> * @param <T> the type of the resource.
> * @param u the URI.
> * @param c the resource class.
> * @return the resource instance, otherwise null if the URI cannot be
> * matched.
> * @throws ContainerException if there is an error when matching.
> * @throws ClassCastException if the resource instance cannot be cast to
> * <code>c</code>.
> */
> <T> T matchResource(URI u, Class<T> c) throws ContainerException,
> ClassCastException;
>
> /**
> * Provides an instance of the given resource class.
> *
> * @param <T> the type of the resource class
> * @param c the resource class
> * @return an instance if it could be resolved, otherwise null.
> * @throws com.sun.jersey.api.container.ContainerException if the
> resource
> * class cannot be found.
> */
> <T> T getResource(Class<T> c) throws ContainerException;
> }
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>
>