How can I set up an aop MethodInterceptor
to work with Jersey resources?
Here is what I've tried, following this documentation:
Step 1 - InterceptionService
public class MyInterceptionService implements InterceptionService
{
private final Provider<AuthFilter> authFilterProvider;
@Inject
public HK2MethodInterceptionService(Provider<AuthFilter> authFilterProvider)
{
this.authFilterProvider = authFilterProvider;
}
/**
* Match any class.
*/
@Override
public Filter getDescriptorFilter()
{
return BuilderHelper.allFilter();
}
/**
* Intercept all Jersey resource methods for security.
*/
@Override
@Nullable
public List<MethodInterceptor> getMethodInterceptors(final Method method)
{
// don't intercept methods with PermitAll
if (method.isAnnotationPresent(PermitAll.class))
{
return null;
}
return Collections.singletonList(new MethodInterceptor()
{
@Override
public Object invoke(MethodInvocation methodInvocation) throws Throwable
{
if (!authFilterProvider.get().isAllowed(method))
{
throw new ForbiddenException();
}
return methodInvocation.proceed();
}
});
}
/**
* No constructor interception.
*/
@Override
@Nullable
public List<ConstructorInterceptor> getConstructorInterceptors(Constructor<?> constructor)
{
return null;
}
}
Step 2 - Register the service
public class MyResourceConfig extends ResourceConfig
{
public MyResourceConfig()
{
packages("package.with.my.resources");
// UPDATE: answer is remove this line
register(MyInterceptionService.class);
register(new AbstractBinder()
{
@Override
protected void configure()
{
bind(AuthFilter.class).to(AuthFilter.class).in(Singleton.class);
// UPDATE: answer is add the following line
// bind(MyInterceptionService.class).to(InterceptionService.class).in(Singleton.class);
}
});
}
}
However this doesn't appear to work because none of my resource methods are being intercepted. Could this be because I use @ManagedAsync
with all of my resources? Any ideas?
Also, please do not suggest a ContainerRequestFilter
. See this question for why I can't use one to handle security.
I think that rather than calling register(MyInterceptionService.class) you might want to instead add into your configure() statement:
bind(MyInterceptionService.class).to(InterceptionService.class).in(Singleton.class)
I am not sure it will work as I have not tried it myself so your results may vary lol
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With