users@jersey.java.net

[Jersey] Re: How to reject all POST/PUT/DELETE requests

From: Pengfei Di <pengfei.di_at_match2blue.com>
Date: Thu, 26 Jan 2012 15:53:28 +0100

Hi John,

I think I should put my requirement more clearly.
The same code would be used in different senarios. In some of them, the
read-only mode is required; and in the other senarios, the write
operations should be allowed.
Now, many of the methods are already annotated with @PUT @POST and
@DELETE. It would not be very good to remove these annotations.


Pengfei




On 01/26/2012 03:35 PM, John Yeary wrote:
> I think you may have not understood, or I may not have understood your
> requirement. Let me try to clarify.
>
> If the class had 30 methods for example, ONLY the ones you annotate
> with @GET are exposed. Everything else is internal and not exposed via
> JAX-RS.
>
> Alternatively, you could put a filter on that controls the methods
> explicitly, but I am not sure of the benefit there. I would advise
> against it generally. Take a look in the
> com.sun.jersey.api.container.filter code and look at PostReplaceFilter
> for ideas on how to implement it.
>
> John
> ____________________________
>
> John Yeary
> ____________________________
>
> <http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary>
> <http://www.youtube.com/johnyeary> <http://www.linkedin.com/in/jyeary>
> <https://plus.google.com/112146428878473069965>
> <http://www.facebook.com/jyeary>
> <http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
> <http://netbeans.org/people/84414-jyeary>
> ____________________________
>
> "Far better it is to dare mighty things, to win glorious triumphs,
> even though checkered by failure, than to take rank with those poor
> spirits who neither enjoy much nor suffer much, because they live in
> the gray twilight that knows not victory nor defeat."
> -- Theodore Roosevelt
>
>
>
> On Thu, Jan 26, 2012 at 9:27 AM, Pengfei Di <pengfei.di_at_match2blue.com
> <mailto:pengfei.di_at_match2blue.com>> wrote:
>
> Hi John,
>
> Thanks for the reply.
> Yes, your method might be the straightest way. However, this means
> that I have to code it hardly on many places. If I want to again
> allow these requests, I have to recoded all these places back.
> Hmm, I hope there would be a simpler way.
>
> Pengfei
>
> On 01/26/2012 03:09 PM, John Yeary wrote:
>> That is very easy. Simply configure your methods with @GET and
>> @Produces annotations. Any method like PUT, DELETE, or POST will
>> automatically return a 405 - Method Not Allowed response.
>> ____________________________
>>
>> John Yeary
>> ____________________________
>>
>> <http://javaevangelist.blogspot.com/>
>> <https://twitter.com/jyeary> <http://www.youtube.com/johnyeary>
>> <http://www.linkedin.com/in/jyeary>
>> <https://plus.google.com/112146428878473069965>
>> <http://www.facebook.com/jyeary>
>> <http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
>> <http://netbeans.org/people/84414-jyeary>
>> ____________________________
>>
>> "Far better it is to dare mighty things, to win glorious
>> triumphs, even though checkered by failure, than to take rank
>> with those poor spirits who neither enjoy much nor suffer much,
>> because they live in the gray twilight that knows not victory nor
>> defeat."
>> -- Theodore Roosevelt
>>
>>
>>
>> On Thu, Jan 26, 2012 at 9:02 AM, Pengfei Di
>> <pengfei.di_at_match2blue.com <mailto:pengfei.di_at_match2blue.com>> wrote:
>>
>> Hello,
>>
>> Is there any way to configure jersey to a read-only mode?
>> That means only GET requests are allowed, and all
>> POST/PUT/DELETE requests will be rejected.
>> Thanks for any hints.
>>
>> Pengfei
>>
>>
>
>
>