Authentication in multiple methods with JAX-RS/Jersey - How to keep it clean?

Question

I'm working on a web service written in Java using JAX-RS/Jersey and Spring.

The WS authenticates a user when he or she logs in and returns an access key which has a limited lifespan. Most of the available methods require a valid "access key + userId" combination.

For all of the available methods I am using @FormParam to retrieve POST parameters, and the response is in JSON. What I am trying to figure out is how to avoid having to type out

@FormParam("userId") final Integer userId,
@FormParam("accessKey") final String accessKey

and manually invoke my authentication method for each of the probably 20 methods I will have that require authentication. This is especially cumbersome because I will then also have to add code to handle e.g. expired access keys.

Is there another way to go about retrieving the two parameters above and performing authentication so I can keep my methods clean?

Answer 1

Since you're using Jersey, you can use servlet-filter-like APIs to DRY up your code. Check out:

• Equivalent of Servlet Filter for Jersey / JAX-RS / REST resources?
• How does one intercept a request during the Jersey lifecycle?
• ContainerRequestFilter