Using an interceptor with Tapestry Resteasy

StackOverflow https://stackoverflow.com/questions/23562514

Question

I have a resource class and I'd like to be able to check an authentication token before the resource method is called, thus avoiding having to pass the token directly into the Resource method.

I have added the following to web.xml: 

<context-param>
        <param-name>resteasy.providers</param-name>
       <param-value>com.michael.services.interceptors.AuthorisationInterceptorImpl</param-value>
</context-param>

My interceptor is implemented as follows:

@Provider
public class AuthorisationInterceptorImpl implements javax.ws.rs.container.ContainerRequestFilter {

    @Inject
    private ApiAuthenticationService apiAuthenticationService

    @Override
    public void filter(ContainerRequestContext requestContext) {

       //Code to verify token   

    }

}

The filter method is being called before the methods in my resource class; however, the apiAuthenticationService is not being injected and is null when I attempt to call its methods.
I'm using Tapestry 5.3.7, Tapestry-Resteasy 0.3.2 and Resteasy 2.3.4.Final. Can this be done ?

Was it helpful?

Solution

I don't think this will work, based on a quick glance at the tapestry-resteasy code.

The @Inject annotation is part of tapestry-ioc; if a class is not instantiated by Tapestry, the @Inject annotation is not honored.

Filters defined in web.xml are instantiated by the servlet container (Jetty, Tomcat, etc.) which do not have any special knowledge of Tapestry and Tapestry annotations.

I think you will be better off contributing a filter into Tapestry's HttpServletRequestHandler or RequestHandler pipelines (see their JavaDoc). I'm not sure how you can gain access to the ContainerRequestContext, however.

OTHER TIPS

With tapestry-resteasy you don't need to define the provider in the web.xml file.

If you want to use Tapestry's autobuild mechanism just move your provider to the .rest package together with your resources.

If don't want to use autodiscovery/autobuild just contribute it to javax.ws.rs.core.Application 

@Contribute(javax.ws.rs.core.Application.class)
    public static void configureRestProviders(Configuration<Object> singletons, AuthorisationInterceptor authorisationInterceptor)
    {
        singletons.add(authorisationInterceptor);
    }

Even though you can use rest providers for security is probably a good idea to take Howard's advice and implement your own filter in the tapestry pipeline.

BTW, you can also give tapestry-security a try :)

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top