users@jersey.java.net

[Jersey] Re: How to reject all POST/PUT/DELETE requests

From: John Yeary <johnyeary_at_gmail.com>
Date: Thu, 26 Jan 2012 09:59:11 -0500

I started a reply to Igor which was based on an assumption about your
requirements. Now that they are more clear, I think a better approach would
be using an AOP framework like Igor suggested. It would give you finer
control than my coarse approach.

John
____________________________

John Yeary
____________________________

<http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary>
<http://www.youtube.com/johnyeary>
  <http://www.linkedin.com/in/jyeary>
<https://plus.google.com/112146428878473069965>
  <http://www.facebook.com/jyeary>
<http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
  <http://netbeans.org/people/84414-jyeary>
____________________________

"Far better it is to dare mighty things, to win glorious triumphs, even
though checkered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the gray twilight
that knows not victory nor defeat."
-- Theodore Roosevelt



On Thu, Jan 26, 2012 at 9:53 AM, Pengfei Di <pengfei.di_at_match2blue.com>wrote:

> **
> Hi John,
>
> I think I should put my requirement more clearly.
> The same code would be used in different senarios. In some of them, the
> read-only mode is required; and in the other senarios, the write operations
> should be allowed.
> Now, many of the methods are already annotated with @PUT @POST and
> @DELETE. It would not be very good to remove these annotations.
>
>
> Pengfei
>
>
>
>
> On 01/26/2012 03:35 PM, John Yeary wrote:
>
> I think you may have not understood, or I may not have understood your
> requirement. Let me try to clarify.
>
> If the class had 30 methods for example, ONLY the ones you annotate with
> @GET are exposed. Everything else is internal and not exposed via JAX-RS.
>
> Alternatively, you could put a filter on that controls the methods
> explicitly, but I am not sure of the benefit there. I would advise against
> it generally. Take a look in the com.sun.jersey.api.container.filter code
> and look at PostReplaceFilter for ideas on how to implement it.
>
> John
> ____________________________
>
> John Yeary
> ____________________________
>
> <http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary> <http://www.youtube.com/johnyeary>
> <http://www.linkedin.com/in/jyeary> <https://plus.google.com/112146428878473069965>
> <http://www.facebook.com/jyeary> <http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
> <http://netbeans.org/people/84414-jyeary>
> ____________________________
>
> "Far better it is to dare mighty things, to win glorious triumphs, even
> though checkered by failure, than to take rank with those poor spirits who
> neither enjoy much nor suffer much, because they live in the gray twilight
> that knows not victory nor defeat."
> -- Theodore Roosevelt
>
>
>
> On Thu, Jan 26, 2012 at 9:27 AM, Pengfei Di <pengfei.di_at_match2blue.com>wrote:
>
>> Hi John,
>>
>> Thanks for the reply.
>> Yes, your method might be the straightest way. However, this means that I
>> have to code it hardly on many places. If I want to again allow these
>> requests, I have to recoded all these places back.
>> Hmm, I hope there would be a simpler way.
>>
>> Pengfei
>>
>> On 01/26/2012 03:09 PM, John Yeary wrote:
>>
>> That is very easy. Simply configure your methods with @GET and @Produces
>> annotations. Any method like PUT, DELETE, or POST will automatically return
>> a 405 - Method Not Allowed response.
>> ____________________________
>>
>> John Yeary
>> ____________________________
>>
>> <http://javaevangelist.blogspot.com/> <https://twitter.com/jyeary> <http://www.youtube.com/johnyeary>
>> <http://www.linkedin.com/in/jyeary> <https://plus.google.com/112146428878473069965>
>> <http://www.facebook.com/jyeary> <http://feeds.feedburner.com/JavaEvangelistJohnYearysBlog>
>> <http://netbeans.org/people/84414-jyeary>
>> ____________________________
>>
>> "Far better it is to dare mighty things, to win glorious triumphs, even
>> though checkered by failure, than to take rank with those poor spirits who
>> neither enjoy much nor suffer much, because they live in the gray twilight
>> that knows not victory nor defeat."
>> -- Theodore Roosevelt
>>
>>
>>
>> On Thu, Jan 26, 2012 at 9:02 AM, Pengfei Di <pengfei.di_at_match2blue.com>wrote:
>>
>>> Hello,
>>>
>>> Is there any way to configure jersey to a read-only mode? That means
>>> only GET requests are allowed, and all POST/PUT/DELETE requests will be
>>> rejected.
>>> Thanks for any hints.
>>>
>>> Pengfei
>>>
>>>
>>
>>
>>
>
>
>