cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stephen Todd (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CXF-2709) Provide Method Invocation Interceptor
Date Fri, 12 Mar 2010 21:29:27 GMT

    [ https://issues.apache.org/jira/browse/CXF-2709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12844691#action_12844691
] 

Stephen Todd commented on CXF-2709:
-----------------------------------

Andreas, thanks for your response. Unfortunately, this wont work since the interface for Invoker
is only:

public interface Invoker {
   Object invoke(Exchange exchange, Object o);
}

which doesn't provide you the Method that will actually be called, and in the case of JAX-RS,
it is only called once. JAXRSInvoker does, however, delegate to AbstractInvoker.invoke(Exchange,
Object, Method, List<Object>), which is called on each resource as it proceeds through
the resources.

So if I have:

@Path("")
class Resource {
    @Path("subresource")
    @PreAuthorize("hasRole('SUB_RESOURCE_ACCESS')")
    SubResource getSubResource() {...}
}

@Path("")
class SubResource {
     @GET
     @Path("foo")
     @PreAuthorize("hasRole('FOO_READ')")
     String getFoo() {...}
}

There is nowhere, in JAS-RS at least, for me to be able to capture either call to Resource.getSubResource()
and SubResource.getFoo() when a user accesses /subresource/foo. I can only capture that the
service is called without knowing exactly which method it is going to resolve to.

Even further, AbstractInvoker.invoke(Exchange, Object, Method, List<Object>) doesn't
necessarily have the full parameter list since the Exchange can get added later. The only
place where the entire Method is found with all its parameters is inside AbstractInvoker.performInvocation().


Maybe I'm the only one really using sub-resources jax-rs, but I think this would be pretty
helpful.

> Provide Method Invocation Interceptor
> -------------------------------------
>
>                 Key: CXF-2709
>                 URL: https://issues.apache.org/jira/browse/CXF-2709
>             Project: CXF
>          Issue Type: New Feature
>          Components: Configuration, Core, JAX-RS, JAX-WS Runtime
>    Affects Versions: 2.2.5
>         Environment: JAX-RS, JAX-WS
>            Reporter: Stephen Todd
>
> It would be helpful if there was some kind of MethodInvocationInterceptor (or alternatively
with In/Out variants) that could be applied against Invokers before they do the actual method
call for jax-rs and jax-ws. I'm thinking the place that the interceptor would be called is
in AbstractInvoker.performInvocation() around m.invoke().
> What this provides for is the ability to perform some action or filtering based on information
from the java.lang.Method, parameter and return  values before or after the invocation is
actually made.
> Two cases that I am looking at are to be able to check for annotations on a method and
do some processing for security, transaction management, and/or validation. Currently, the
only way to be able to perform logic on custom annotations is to create proxies around singleton
beans or something like aspectj. By allowing for these kind of interceptors, this would no
longer be necessary.
> These interceptors make it simple to do things such as check for spring-security @Pre/PostAuthorize
annotations and apply security constraints. Likewise, I'm also wanting to implement JSR-303
validation checking against method parameters like is done for spring @Controller classes.
This would keep cxf's jaxrs implementation on par with spring's rest framework. Adding @Transactional
logic would also be possible through this.
> In jax-rs, not having this creates difficulty providing this logic since using singletons
imposes the requirement that the resources be stateless. The java changes would be simple,
though it would also need some work done in spring configuration code as well.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message