Hi,
I've been having an issue with using rest resources that inject values
using @Context while also being secured by spring-security using the
@PreAuthorize annotation. I found a stack overflow question that is the
exact problem I'm seeing:
http://stackoverflow.com/questions/21586070/spring-security-preauthorize-breaks-jersey-context-uriinfo-injection
However, the work-around given as the accepted answer isn't overly
practical for the application I work on. We have a lot of rest
resources and having to add @Context method params for the UriInfo,
ServletRequest and ServletResponse to every @GET and @POST method is a
lot more annoying than just having a common base class that has them
specified as member variables.
Has anyone else has come across this issue and know if there's any other
ways around it that would allow me to use the @Context annotation on
class members instead of having to add them as method parameters? I've
seen another suggested work-around of moving the @PreAuthorize
annotation out of the rest resources to the services layer (or some
other application layer), but that isn't really a practical solution for
us either.
Thanks,
Richard