In CXF RS, can I get the resource method in a request filter?

Question

I want to authorize calls made to my rest api differently depending on which method is being called. But the RequestHandler looks like this:

public interface RequestHandler {

    Response handleRequest(Message m, 
                           ClassResourceInfo resourceClass);

}

I can't figure out how to get the Method that will be called from that resourceClass. Is this possible?

The ResponseHandler seems to have a parameter that can do this named OperationResourceInfo:

public interface ResponseHandler {
    Response handleResponse(Message m,
                            OperationResourceInfo ori,
                            Response response);
}

But by that time, I will have already deleted something I had no permission to delete (as an example).

How do I figure out what method will be called in a request filter? FWIW, the reason I want the Method is because I want to search for a custom built annotation I will put on each method. If there is a better way to approach this, I'm open to the idea.

For completeness, here's the documentation on the topic: http://cxf.apache.org/docs/jax-rs-filters.html

score 1 · Answer 1 · answered Apr 15 '15 at 09:51

You can use Interceptors, rather than RequestHandler filters as the request handlers are deprecated and replaced in JAXRS 2.0 with ContainerRequestFilter and ContainerResponseFilter

For Example

Say I've RestService shown below

@Service
@Path("/Course")
public class KPRestService {

    private final Logger LOG = LoggerFactory.getLogger(KPRestService.class);

    @POST
    @Path("/create")
    @Consumes(MediaType.APPLICATION_JSON)
    public Response create(CourseType course){
        LOG.info("You have selected {}", course.getCName());
        return Response.ok().build();
    }

    @POST
    @Path("/get")
    @Produces(MediaType.APPLICATION_JSON)
    public CourseType get(@FormParam("cDate")Date date){

        final CourseType course = new CourseType();
        if(date.after(new Date())){
            course.setCName("E&C");
            course.setCDuration(4);
        }else{
            course.setCName("Mech");
            course.setCDuration(3);
        }

        return course;
    }

}

I prevent calling the get method using interceptor as shown below.

@Component
public class KPFilter extends AbstractPhaseInterceptor<Message> {

    private final static Logger LOG = LoggerFactory.getLogger(KPFilter.class);

    public KPFilter() {
        super(Phase.PRE_LOGICAL);

    }

    public void handleMessage(Message message) throws Fault {

        final Exchange exchange = message.getExchange();

        exchange.put(Message.REST_MESSAGE, Boolean.TRUE);
        OperationResourceInfo resourceInfo = exchange.get(OperationResourceInfo.class);
        LOG.info("Method name is {}", resourceInfo.getMethodToInvoke().getName());
        if (resourceInfo != null && resourceInfo.getMethodToInvoke().getName().equals("get")) {
            Response response = Response.status(Response.Status.FORBIDDEN).entity("You are not authorised")
                    .type(MediaType.TEXT_XML).build();
            exchange.put(Response.class, response);
        }

    }

}

Aside: The documentation doesn't say it's deprecated. Am I reading the wrong documentation? — Daniel Kaplan, Apr 15 '15 at 18:07
Yes, Please refer cxf 3.0 migration guide http://cxf.apache.org/docs/30-migration-guide.html — Karthik Prasad, Apr 15 '15 at 19:05

In CXF RS, can I get the resource method in a request filter?

1 Answers1