Intercepting based on HTTP header in RESTeasy
I am developing REST services with two types.
- before login no session token will be passed to HTTP header.
- after login session token will be passed in each request.
I dont want to include @HeaderParam in each and every REST method. I want to intercept it first and based on that I want to check the validity of session. Please let me know
- how I can intercept based on headers in RESTEasy
- How to avoid intercepting few methods
Thanks.
Answer
I solved this problem using PreProcessInterceptor
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface Securable {
String header() default "session-token";
}
@Provider
@ServerInterceptor
public class ValidationInterceptor implements PreProcessInterceptor, AcceptedByMethod {
@Context
private HttpServletRequest servletRequest;
@Override
public boolean accept(Class clazz, Method method) {
return method.isAnnotationPresent(Securable.class);
}
@Override
public ServerResponse preProcess(HttpRequest httpRequest, ResourceMethod resourceMethod) throws Failure,
WebApplicationException {
Securable securable = resourceMethod.getMethod().getAnnotation(Securable.class);
String headerValue = servletRequest.getHeader(securable.header());
if (headerValue == null){
return (ServerResponse)Response.status(Status.BAD_REQUEST).entity("Invalid Session").build();
}else{
// Validatation logic goes here
}
return null;
}
}
The annotation @Securable will be used on REST service which needs to be validated.
@Securable
@PUT
public Response updateUser(User user)