users@jersey.java.net

[Jersey] Re: How to reject all POST/PUT/DELETE requests

From: Pengfei Di <pengfei.di_at_match2blue.com>
Date: Fri, 27 Jan 2012 09:53:58 +0100

Since I don't have experience in Guice, I would say that the suggestion
from Paval is very good and easy to implement.
The implementation of a new ContainerRequestFilterwas a just several
minutes job.

Thank you for all the helps!

Pengfei



    * *From*: Pavel Bucek <pavel.bucek_at_oracle.com>
    * *To*: users_at_jersey.java.net
    * *Subject*: [Jersey] Re: How to reject all POST/PUT/DELETE requests
    * *Date*: Thu, 26 Jan 2012 16:29:19 +0100


What about implementing ContainerRequestFilter and taking care of
unwanted request there?

Something like
     public class MyContainerRequestFilter implements
ContainerRequestFilter {
         @Override
         public ContainerRequest filter(ContainerRequest request) {
             if(!request.getMethod().equals("GET")) {
                 throw new
WebApplicationException(Response.status(405).build());
             }

             return request;
         }
     }

see
http://jersey.java.net/nonav/apidocs/1.11/jersey/com/sun/jersey/spi/container/ContainerRequestFilter.html

Pavel

On 01/26/2012 04:05 PM, Pengfei Di wrote:
> Hi Igor, Hi John
>
> thanks a lot for your advises.
> I would have a look at Guice.
>
> Pengfei
>
> On 01/26/2012 03:48 PM, Igor Skornyakov wrote:
>> That's correct. Actually any AOP frameworks will work. In fact I
>> think that this is the most natural approach as the problem looks
>> like a textbook example of cross-cutting concern.
>> Regards,
>> Igor.
>>
>>
>> On Thu, Jan 26, 2012 at 6:37 PM, John Yeary <johnyeary_at_gmail.com
>> <mailto:johnyeary_at_gmail.com>> wrote:
>>
>> I just saw Igor's method which looks like it may work, but
>> requires Guice. My suggestion does not require any external
>> frameworks.
>>
>> If you are familiar with Guice his suggestion may be the path you
>> would want to take.
>>
>> John
>>
>> ____________________________
>>
>> John Yeary
>> ____________________________
>>
>> <http://javaevangelist.blogspot.com/>
>> <https://twitter.com/jyeary> <http://www.youtube.com/johnyeary>
>> <http://www.linkedin.com/in/jyeary>
>> <https://plus.google.com/112146428878473069965>
>> <http://www.facebook.com/jyeary>
>> <http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
>> <http://netbeans.org/people/84414-jyeary>
>> ____________________________
>>
>> "Far better it is to dare mighty things, to win glorious
>> triumphs, even though checkered by failure, than to take rank
>> with those poor spirits who neither enjoy much nor suffer much,
>> because they live in the gray twilight that knows not victory nor
>> defeat."
>> -- Theodore Roosevelt
>>
>>
>>
>> On Thu, Jan 26, 2012 at 9:34 AM, Igor Skornyakov
>> <igor.skornyakov_at_gmail.com <mailto:igor.skornyakov_at_gmail.com>> wrote:
>>
>> As I wrote before there is such method. Define Guice module
>> like that
>>
>> class ReadOnlyModule extends AbstractModule {
>> @Override
>> protected void configure() {
>> MethodInterceptor blocker = new ChangeBlocker();
>> bindInterceptor(Matchers.any(),
>> Matchers.annotatedWith(POST.class), blocker);
>> bindInterceptor(Matchers.any(),
>> Matchers.annotatedWith(PUT.class), blocker);
>> bindInterceptor(Matchers.any(),
>> Matchers.annotatedWith(DELETE.class), blocker);
>> }
>>
>> }
>>
>> Here ChangeBlocker just throws an appropriate Exception.
>> That's it. You can install ot not install this module based
>> on configuration.
>>
>>
>> On Thu, Jan 26, 2012 at 6:27 PM, Pengfei Di
>> <pengfei.di_at_match2blue.com
>> <mailto:pengfei.di_at_match2blue.com>> wrote:
>>
>> Hi John,
>>
>> Thanks for the reply.
>> Yes, your method might be the straightest way. However,
>> this means that I have to code it hardly on many places.
>> If I want to again allow these requests, I have to
>> recoded all these places back.
>> Hmm, I hope there would be a simpler way.
>>
>> Pengfei
>>
>>
>> On 01/26/2012 03:09 PM, John Yeary wrote:
>>> That is very easy. Simply configure your methods with
>>> @GET and @Produces annotations. Any method like PUT,
>>> DELETE, or POST will automatically return a 405 - Method
>>> Not Allowed response.
>>> ____________________________
>>>
>>> John Yeary
>>> ____________________________
>>>
>>> <http://javaevangelist.blogspot.com/>
>>> <https://twitter.com/jyeary>
>>> <http://www.youtube.com/johnyeary>
>>> <http://www.linkedin.com/in/jyeary>
>>> <https://plus.google.com/112146428878473069965>
>>> <http://www.facebook.com/jyeary>
>>> <http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
>>> <http://netbeans.org/people/84414-jyeary>
>>> ____________________________
>>>
>>> "Far better it is to dare mighty things, to win glorious
>>> triumphs, even though checkered by failure, than to take
>>> rank with those poor spirits who neither enjoy much nor
>>> suffer much, because they live in the gray twilight that
>>> knows not victory nor defeat."
>>> -- Theodore Roosevelt
>>>
>>>
>>>
>>> On Thu, Jan 26, 2012 at 9:02 AM, Pengfei Di
>>> <pengfei.di_at_match2blue.com
>>> <mailto:pengfei.di_at_match2blue.com>> wrote:
>>>
>>> Hello,
>>>
>>> Is there any way to configure jersey to a read-only
>>> mode? That means only GET requests are allowed, and
>>> all POST/PUT/DELETE requests will be rejected.
>>> Thanks for any hints.
>>>
>>> Pengfei
>>>
>>>
>>
>>
>>
>>
>>
> 


-- 
Pengfei Di
Technology
match2blue software development GmbH
Leutragraben 1
07743 Jena
Tel: +49 3641 816 8092
Mobil: +49 1520 166 8691
Fax: +49 3641 573 3479
Email: pengfei.di_at_match2blue.com
Web  : www.match2blue.com
Blog : http://blog.match2blue.com
Registergericht: Amtsgericht Jena
Registernummer: HRB 503726
Geschäftsführerin: Stephanie Renda
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.