I am writing a REST filter for one my rest api class. I want to do authorization in the rest filter and annotate all the REST services I need to apply authorization check on. Here's the Rest Resource Filter code:
@Scanned
@Component
public class AuthorizationFilter implements ResourceFilter {
private MyActibeObjectDao myActibeObjectDao;
@Inject
public AuthorizationFilter(MyActibeObjectDao myActibeObjectDao) {
this.myActibeObjectDao = myActibeObjectDao;
}
@Override
public ContainerRequestFilter getRequestFilter() {
return new ContainerRequestFilter() {
@Override
public ContainerRequest filter(ContainerRequest request) {
...
/* Fetch admin users from AO */
String[] admins = myActibeObjectDao.getAdminUsers();
/* If not in the admins then throw Exception */
throw new WebApplicationException(
Response.status(Response.Status.FORBIDDEN)
.entity("You are not authorized to this operation!")
.build());
}
};
}
...
}
Here's my REST class:
@GET
@AnonymousAllowed
@Produces(MediaType.APPLICATION_JSON)
@Path("/settings/{userId}")
@ResourceFilters(AuthorizationFilter.class)
public Response retrieveTableMetaData(@PathParam("userId") Integer userId) {
/* To Do: */
}
The problem is, I am getting null value in
myActibeObjectDao
Any pointer will be of great help in this regards.
Thank you!
Vikash
I had similar problem with injection and it started to work after adding "@Provider" to my filter class. Got inspired by this topic:
https://community.atlassian.com/t5/Answers-Developer-Questions/How-can-I-intercept-every-rest-request-to-check-security/qaq-p/467601
Especially the sample code here:
https://bitbucket.org/atlassian/atlassian-rest/src/cc7f6aa16c340e5c7860b6fd6d611395396f0313/atlassian-rest-common/src/main/java/com/atlassian/plugins/rest/common/security/jersey/AdminOnlyResourceFilter.java?at=master
It's been long time I worked on Atlassian plugin development. But seems this could be right answer now that I came back after a long time in this field :)
Thank you for your answer.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.