users@jersey.java.net

[Jersey] Re: Method Dispatcher

From: Ryan Stewart <rds6235_at_gmail.com>
Date: Sun, 12 Jun 2011 14:04:22 -0500

If you want method-based security, you probably want to be doing something
like dynamic proxying:
http://download.oracle.com/javase/6/docs/technotes/guides/reflection/proxy.html

Or just use Spring security, since it does everything for you. For example:
http://static.springsource.org/spring-security/site/docs/3.1.x/reference/ns-config.html#ns-method-security

Tying your security code into Jersey internals sounds like a Bad Idea.

On Fri, Jun 10, 2011 at 9:44 AM, Luis Javier de la Garza Trevino <
delagarza_at_gmail.com> wrote:

> So, I implement (and provide) a ContainRequestFilter, so this method:
>
> ContainerRequest filter(ContainerRequest request) {
> }
>
> Does the trick... The problem is that the filters have all been
> processed before the method gets actually invoked. This is OK, but
> still not what I need... Looking at Jersey's code reveals
> (AbstractResourceMethodDispatchProvider.java) that methods get invoked
> in the following way:
>
> public void _dispatch(Object resource, HttpContext context) throws
> IllegalAccessException, InvocationTargetException {
> final Object[] params = getParams(context);
> // this is where the method actually gets invoked
> invoker.invoke(method, resource, params);
> }
>
> final Object[] getParams(HttpContext context) {
> // pp is the InjectableValuesProvider
> return pp.getInjectableValues(context);
> }
>
> And this is hapenning AFTER the filters get invoked. So, by the time
> filters are dispatched, the values have not been injected... Could you
> provide me with extra pointers? Perhaps a snippet?
>
> Thanks!
>
>
> On Fri, Jun 10, 2011 at 4:31 PM, Santiago Pericas-Geertsen
> <Santiago.PericasGeertsen_at_oracle.com> wrote:
> >
> > On Jun 10, 2011, at 9:48 AM, Luis de la Garza wrote:
> >
> >> Before posting my question I acutally did a small example using
> >> ResourceDebuggingFilterFactory. I noticed that the filters get invoked
> >> before the parameters of the method get injected (be it a @QueryParam, a
> >> @Context, and so on). So at this point, I know which method will get
> >> executed and I also know the parameter types, but I do not know which
> values
> >> will be used to invoke the method...
> >
> > That's right, but if you use a ContainerRequestFilter you have access
> the ContainerRequest that has all you need in there, right?
> >
> > -- Santiago
> >
> >
>
>
>
> --
> Luis Javier de la Garza Treviņo
>