users@jersey.java.net

Re: [Jersey] Matching a URI to a resource

From: Daniel Larsson <daniel.j.larsson_at_gmail.com>
Date: Tue, 17 Aug 2010 18:04:11 +0200

Sorry for following up on myself, but I checked out the 1.3 tag from jersey
svn, and made the following change:

        ...
        final ContainerRequest _request = new ContainerRequest(app,
                HTTP_METHOD_MATCH_RESOURCE,
                base, u,
                new InBoundHeaders(), null);

        _request.setSecurityContext(request); // <--- CHANGE: Set original
request as security context

        final ContainerResponse _response = new ContainerResponse(app,
                _request, null);
        return new WebApplicationContext(app,
                _request,
                _response);
        ...

I can now translate the URI into a resource instance. No idea what kind of
nasty side effects this may cause though...

On Tue, Aug 17, 2010 at 4:37 PM, Daniel Larsson
<daniel.j.larsson_at_gmail.com>wrote:

> Very nice feature, Paul,
>
> However, it seems the security context isn't passed along from the original
> request to the constructed request inside matchResource
> (WebApplicationContext.java:createMatchResourceContext). One of my
> subresource locator methods are annotated with @RolesAllowed, and I'm
> getting a java.lang.UnsupportedOperation exception thrown when trying to
> resolve an URI. The original user has the appropriate role, and the request
> URI passes another subresource locator with the same @RolesAllowed
> annotation.
>
> Are there any other potential problems with copying the security context
> along, or is this just an oversight?
>
>
> On Wed, Jun 2, 2010 at 4:25 PM, Paul Sandoz <Paul.Sandoz_at_sun.com> wrote:
>
>> Hi,
>>
>> I have fixed issue 436:
>>
>> https://jersey.dev.java.net/issues/show_bug.cgi?id=436
>>
>> So it is now possible to match a URI to a resource. See end of email for
>> JavaDoc.
>>
>> There are some possible side-effects depending on how your application is
>> constructed. Matching will share the scope of the HTTP request. Resources
>> will be constructed if references are not already in scope. Sub-resource
>> locator methods may be invoked.
>>
>> Paul.
>>
>> /**
>> * The resource context provides access to instances of resource classes.
>> * <p>
>> * This interface can be injected using the {_at_link Context} annotation.
>> * <p>
>> * The resource context can be utilized when instances of managed resource
>> * classes are to be returned by sub-resource locator methods. Such
>> instances
>> * will be injected and managed within the declared scope just like
>> instances
>> * of root resource classes.
>> * <p>
>> * The resource context can be utilized when matching of URIs are
>> * required, for example when validating URIs sent in a request entity.
>> * Note that application functionality may be affected as the matching
>> * process will result in the construction or sharing of previously
>> constructed
>> * resource classes that are in scope of the HTTP request, and the
>> invocation of
>> * matching sub-resource locator methods. No resource methods wll be
>> invoked.
>> *
>> * @author <a href="mailto:martin.grotzke_at_freiheit.com">Martin
>> Grotzke</a>
>> * @author Paul.Sandoz_at_Sun.Com
>> */
>> public interface ResourceContext {
>>
>> /**
>> * Match a URI to URI information.
>> * <p>
>> * If the URI is relative then the base URI of the application will be
>> * used to resolve the relative URI to an absolute URI.
>> * If the URI is absolute then it must be relative to the base URI of
>> the
>> * application.
>> *
>> * @param u the URI.
>> * @return the URI information, otherwise null if the URI cannot be
>> matched.
>> * @throws ContainerException if there is an error when matching.
>> */
>> ExtendedUriInfo matchUriInfo(URI u) throws ContainerException;
>>
>> /**
>> * Match a URI to a resource instance.
>> * <p>
>> * If the URI is relative then the base URI of the application will be
>> * used to resolve the relative URI to an absolute URI.
>> * If the URI is absolute then it must be relative to the base URI of
>> the
>> * application.
>> *
>> * @param u the URI.
>> * @return the resource instance, otherwise null if the URI cannot be
>> * matched.
>> * @throws ContainerException if there is an error when matching.
>> */
>> Object matchResource(URI u) throws ContainerException;
>>
>> /**
>> * Match a URI to a resource instance.
>> * <p>
>> * If the URI is relative then the base URI of the application will be
>> * used to resolve the relative URI to an absolute URI.
>> * If the URI is absolute then it must be relative to the base URI of
>> the
>> * application.
>> *
>> * @param <T> the type of the resource.
>> * @param u the URI.
>> * @param c the resource class.
>> * @return the resource instance, otherwise null if the URI cannot be
>> * matched.
>> * @throws ContainerException if there is an error when matching.
>> * @throws ClassCastException if the resource instance cannot be cast
>> to
>> * <code>c</code>.
>> */
>> <T> T matchResource(URI u, Class<T> c) throws ContainerException,
>> ClassCastException;
>>
>> /**
>> * Provides an instance of the given resource class.
>> *
>> * @param <T> the type of the resource class
>> * @param c the resource class
>> * @return an instance if it could be resolved, otherwise null.
>> * @throws com.sun.jersey.api.container.ContainerException if the
>> resource
>> * class cannot be found.
>> */
>> <T> T getResource(Class<T> c) throws ContainerException;
>> }
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
>> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>>
>>
>