How to get HTTP request headers in a CDI bean that have been entered into the JAX-RS web service?

Question

How to get HTTP request headers in a CDI bean that have been entered into the JAX-RS web service?

I have a web service:

@Path("/projects")
public class Projects {
    [...]

    @Inject
    CurrentRequest current;

    @GET
    @Produces(MediaType.APPLICATION_JSON)
    @Path("{id}")
    public Response getProject(@PathParam("id") String id) {
        if (current.isUserAuthenticated()) {
            [...do something...]
        } else {
            [...produce an error...]
        }
    }
}

And a CDI bean with an authentication method as follows:

@RequestScoped
public class CurrentRequest {

    public boolean isUserAuthenticated() {
        [...do some header checking...]
    }
}

My problem is that I can't grab hold of HTTP headers from the inside out for a lifetime CurrentRequest. I tried to enter HttpServletRequest, but not initialized. I tried to use @Contextthe same thing. Obviously, this FacesContext.getCurrentInstance()does not work either due to the lack of a FacesContext.

I see that this question basically asks the same thing, but has not received much attention.

My current approach is to use @Context HttpServletRequest requestinside Projectsand pass it as a parameter to current.isUserAuthenticated(request). But this is so wrong. Should a CDI bean know its own request?

What am I missing?

+4

java httprequest cdi jax-rs

Antares42 07 . '15 12:27

2

Cassio Mazzochi Molin · Answer 1 · 2015-10-07T13:12:57+0000

HTTP

HttpServletRequest JAX-RS, HTTP . HttpHeaders:

@Context
HttpHeaders httpHeaders;

HttpHeaders API, :

HTTP-, HttpHeaders API:

// Get the value of the Authorization header
String authorizationHeader = httpHeaders.getHeaderString(HttpHeaders.AUTHORIZATION);

/ , , REST -.

REST, JAX-RS - @NameBinding :

@NameBinding
@Retention(RUNTIME)
@Target({TYPE, METHOD})
public @interface Secured { }

@Secured , ContainerRequestFilter, .

ContainerRequestContext HTTP- ( . ContainerRequestContext API):

@Secured
@Provider
@Priority(Priorities.AUTHENTICATION)
public class SecurityFilter implements ContainerRequestFilter {

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        // Use the ContainerRequestContext to extract information from the HTTP request
        // Information such as the URI, headers and HTTP entity are available
    }
}

ContainerRequestFilter#filter() , /. ContainerRequestContext#abortWith() .

@Provider , JAX-RS .

, @Secured, . / , , .

@Path("/")
public class MyEndpoint {

    @GET
    @Path("{id}")
    @Produces("application/json")
    public Response myUnsecuredMethod(@PathParam("id") Long id) {
        // This method is not annotated with @Secured
        // The security filter won't be executed before invoking this method
        ...
    }

    @DELETE
    @Secured
    @Path("{id}")
    @Produces("application/json")
    public Response mySecuredMethod(@PathParam("id") Long id) {
        // This method is annotated with @Secured
        // The security filter will be executed before invoking this method
        ...
    }
}

mySecuredMethod(Long), @Secured.

, REST. , @Priority.

, Priorities ( ):

@Priority, USER .

, .

Cassio Mazzochi Molin · Answer 2 · 2015-10-13T10:26:28+0000

JAX-RS CDI JAX-RS:

Jersey Ext Cdi1x

<dependency>
    <groupId>org.glassfish.jersey.ext.cdi</groupId>
    <artifactId>jersey-cdi1x</artifactId>
    <version>2.22.1</version>
</dependency>

RESTEasy CDI

<dependency>
    <groupId>org.jboss.resteasy</groupId>
    <artifactId>resteasy-cdi</artifactId>
    <version>3.0.13.Final</version>
</dependency>

CDI Apache CXF

<dependency>
    <groupId>org.apache.cxf</groupId>
    <artifactId>cxf-integration-cdi</artifactId>
    <version>3.1.3</version>
</dependency>

How to get HTTP request headers in a CDI bean that have been entered into the JAX-RS web service?

HTTP

Jersey Ext Cdi1x

RESTEasy CDI

CDI Apache CXF

More articles: