Get the target Java method of a request in JAX-RS for authorization with Picketlink

Question

I have a custom implementation of the Picketlink PathAuthorizer interface that checks if a URL is allowed for the user.

public class BssPathAuthorizer implements PathAuthorizer {

    @Inject
    Identity identity;

    @Override
    public boolean authorize(PathConfiguration pathConfiguration, 
                             HttpServletRequest request, 
                             HttpServletResponse response) {

        if (identity != null){

            LOG.log(Level.FINE, "Identity loggato: {0}", identity.isLoggedIn());
            String uri = request.getRequestURI();
            String contextpath = request.getContextPath();
            LOG.log(Level.FINE, "URI: {0}, context path: {1}", 
                new Object[]{uri, contextpath});

            Method m = findMethod(uri);
            ...
        }

After I get the method by findMethod(), I'll check some annotations and then return true if the user has permission.

Is there a simple way to retrieve the Java method from the requested URL (for example: .../user/edit)?
What is the class method that implement it (for example UserManager.edit())?

I use Wildfly 9.0.2.Final with RestEASY 3.0.10.Final – Daniele Licitra Apr 08 '16 at 10:48 — Daniele Licitra, Apr 08 '16 at 10:48
Let me know if my solution works for you. – cassiomolin Apr 09 '16 at 09:38 — cassiomolin, Apr 09 '16 at 09:38

cassiomolin · Answer 1 · 2016-04-10T13:08:38.620

The information you need from JAX-RS is available in the ResourceInfo interface.

See below how to make this information available in your Picketlink PathAuthorizer implementation.

Defining a class to store the data you need

Define a class annotated with @RequestScoped which will store the target class and method:

@RequestScoped
public class RequestTarget {

    private Class<?> targetClass;
    private Method targetMethod;

    // Default constructor, getters and setters ommited
}

Ensure you are using the @RequestScoped annotation from the javax.enterprise.context package.

Creating a request filter

Create a ContainerRequestFilter to populate the RequestTarget:

@Provider
@Priority(1)
public class RequestTargetPopulator implements ContainerRequestFilter {

    @Context
    private ResourceInfo resourceInfo;

    @Inject
    private RequestTarget target;

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        target.setTargetClass(resourceInfo.getResourceClass());
        target.setTargetMethod(resourceInfo.getResourceMethod());
    }
}

The @Priority annotation with the value 1 ensures this filter will be executed before other filters.

Performing the injection

And then you can finally perform the injection of the RequestTarget using @Inject:

public class CustomPathAuthorizer implements PathAuthorizer {

    @Inject
    private RequestTarget target;

    @Override
    public boolean authorize(PathConfiguration pathConfiguration, 
                             HttpServletRequest request, 
                             HttpServletResponse response) {

        Class<?> targetClass = target.getTargetClass();
        Method targetMethod = target.getTargetMethod();

        ...
    }
}

Get the target Java method of a request in JAX-RS for authorization with Picketlink

1 Answers1

Defining a class to store the data you need

Creating a request filter

Performing the injection