Server-side Listener in ServiceImpl classes that fires every time an RPC call is made

Question

I need to validate if a session is active every time a call from a service method is made using RPC mechanism. Is there a way I could do it once per RemoteServiceServlet subclass?, like using some Listener Interface that gets triggered once a method is called?

Answer 1

You should use a servlet filter that can validate your sesssion before it gets to your servlet.

Check the example here in the question. Unable to access session data in servlet filter on app engine dev server

Here's a more thorough example http://brendangraetz.wordpress.com/2010/06/17/use-servlet-filters-for-user-authentication/

You can add the servlet filter to as many services as you need by adding more filter-mapping stanzas.

<!-- Example servlet loaded into servlet container -->
<filter>
   <description>Requires user to log in as a member</description>
    <filter-name>SecurityFilter</filter-name>
    <filter-class>some.package.SecurityFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>SecurityFilter</filter-name>
    <url-pattern>/com.example.foo.Foo/myService</url-pattern>
</filter-mapping>


<servlet>
  <servlet-name>myServiceImpl</servlet-name>
  <servlet-class>
    com.example.foo.server.MyServiceImpl
  </servlet-class>
</servlet>
<servlet-mapping>
  <servlet-name>myServiceImpl</servlet-name>
  <url-pattern>/com.example.foo.Foo/myService</url-pattern>
</servlet-mapping>

Answer 2

For those using Guice, I like to use Guice method interception for that, so I have some custom annotation like:

@Override
@Authenticated
public void someRPCCall(...) {
}

so, I have several custom annotations that I use depending on the call:

@Override
@Authenticated
@Authorizated(accessRolRequired = AccessRol.Editor)
@Transactional
@LogThis
public Boolean someEditorMethod(...)

and intercept these calls to make several checks.