java - In CXF RS, can I get the resource method in a request filter? -
i want authorize calls made rest api differently depending on method being called. requesthandler
looks this:
public interface requesthandler { response handlerequest(message m, classresourceinfo resourceclass); }
i can't figure out how method
called resourceclass
. possible?
the responsehandler
seems have parameter can named operationresourceinfo
:
public interface responsehandler { response handleresponse(message m, operationresourceinfo ori, response response); }
but time, have deleted had no permission delete (as example).
how figure out method called in request filter? fwiw, reason want method
because want search custom built annotation put on each method. if there better way approach this, i'm open idea.
for completeness, here's documentation on topic: http://cxf.apache.org/docs/jax-rs-filters.html
you can use interceptors, rather requesthandler
filters request handlers deprecated , replaced in jaxrs 2.0 containerrequestfilter
, containerresponsefilter
for example
say i've restservice shown below
@service @path("/course") public class kprestservice { private final logger log = loggerfactory.getlogger(kprestservice.class); @post @path("/create") @consumes(mediatype.application_json) public response create(coursetype course){ log.info("you have selected {}", course.getcname()); return response.ok().build(); } @post @path("/get") @produces(mediatype.application_json) public coursetype get(@formparam("cdate")date date){ final coursetype course = new coursetype(); if(date.after(new date())){ course.setcname("e&c"); course.setcduration(4); }else{ course.setcname("mech"); course.setcduration(3); } return course; } }
i prevent calling method using interceptor shown below.
@component public class kpfilter extends abstractphaseinterceptor<message> { private final static logger log = loggerfactory.getlogger(kpfilter.class); public kpfilter() { super(phase.pre_logical); } public void handlemessage(message message) throws fault { final exchange exchange = message.getexchange(); exchange.put(message.rest_message, boolean.true); operationresourceinfo resourceinfo = exchange.get(operationresourceinfo.class); log.info("method name {}", resourceinfo.getmethodtoinvoke().getname()); if (resourceinfo != null && resourceinfo.getmethodtoinvoke().getname().equals("get")) { response response = response.status(response.status.forbidden).entity("you not authorised") .type(mediatype.text_xml).build(); exchange.put(response.class, response); } } }
Comments
Post a Comment