aurora-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Farner <>
Subject Review Request 64362: Update to guice 4.1.0, switch from jersey to resteasy
Date Wed, 06 Dec 2017 07:36:29 GMT

This is an automatically generated e-mail. To reply, visit:

Review request for Aurora, David McLaughlin, Jordan Ly, and Stephan Erb.

Repository: aurora


Upgrading guice was the original goal with this patch, which pulled along several other dependencies.
 Guice 3 [suffers from obscure errors]( when creating
binding error messages with java 8 and lambdas.  This has been a frequent source of frustration
since we first upgraded to java 8 mid-2015.

I've gone spelunking down this path numerous times, and frequently hit a wall with jersey.
 We needed to upgrade jersey-guice, to upgrade jersey, to upgrade guice.  jersey introduced
their own dependency injection (HK2) in jersey 2.0, which complicated matters.  There have
been some promising developments since (hk2-guice [bridge](,
2.26 [abstracted HK2](, and several [projects](
have emerged to solve the issue).  Unfortunately, each avenue failed with some combination
of not working well with our application design, or i just plain couldn't get it working.
 I began to look beyond jersey.

This left restlet and resteasy as the most common alternatives.  I balked early at restlet
due to their guice integration being [apparently](

Fortunately i achieved some early wins with resteasy!  Migrating was straightforward with
a small patch based on some examples.

However, i hit a hurdle with shiro-guice.  It [needed to be updated](
to work with guice 4, and there were some necessary API changes.  No big deal, just the `filterConfig()`
nesting you see in this patch.  This revealed a deeper issue with binding custom `Filter`s
with `ShiroWebModule`.  Previously, `ShiroWebModule` would effectively only `bind()` keys
[they define](,
allowing the API user to `bind()` custom keys.  The [patch](
to support guice 4 changed that, and `bind()` will be [called](
on these custom keys.  In our case, this caused a du
 plicate binding.

The simplest workaround to this was to avoid `bind()`ing the custom `afterAuthFilter` key,
and use the custom type as the key type (e.g. `Key.get(CountingFilter.class)` rather than

Lastly, `GuiceResteasyBootstrapServletContextListener` does not integrate with `GuiceServletContextListener`
in the way `GuiceFilter` [demands](,
which necessitated the passing of `ServletContext` you see in this patch.

I can't say i'm happy with the outcome here, but i am overall happier given that guice is

Computers are hard!


  build.gradle fd606a27bbe0f79a9358ddb74425437ddb42d71e 
  src/main/java/org/apache/aurora/scheduler/http/ 0f8528c3403b5f51f082aa54c16358f7568f439a

  src/main/java/org/apache/aurora/scheduler/http/api/ a19663acb20c66ec14e41473a72fa5035146a6cc

  src/main/java/org/apache/aurora/scheduler/http/api/security/ d81671c0bf3634bfce851937f4fc9135dd5f563f

  src/test/java/org/apache/aurora/scheduler/http/ a3f6941f6b335791455545e0745b03cf58899f95

  src/test/java/org/apache/aurora/scheduler/http/api/ e8ef6bd7f9b0c47c5f17da7a040ce1497922a807

  src/test/java/org/apache/aurora/scheduler/http/api/ 43fa315a9a25bf29f53d8fd986f198d3f9ef1a74

  src/test/java/org/apache/aurora/scheduler/http/api/security/ d3c7ac985bbcf734aace2cad50af970619ffb536




end-to-end tests are broken on master, will fix separately before landing this patch


Bill Farner

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message