I'm trying to access the javax.ws.rs.core.SecurityContext in my class programmatically and not using #Context annotations, is a way to do it?
e.g. Spring provide implementation like SecurityContextHolder.getContext() that get the object from the ThreadLocal; is there similar implementation available in CXF JAX-RS?
Related
I am looking at this class: https://shiro.apache.org/static/1.3.1/xref/org/apache/shiro/spring/security/interceptor/AopAllianceAnnotationsAuthorizingMethodInterceptor.html
It is registering all method interceptors that work with Shiro. Among them is this interceptor:
PermissionAnnotationMethodInterceptor .
I want to create my own custom interceptor and integrate it into the Shiro model.
My own interceptor would be replacing the existing PermissionAnnotationMethodInterceptor.
How do I do it in a clean programmatic Spring Boot way?
You should be able to replace the AuthorizationAttributeSourceAdvisor bean with your own implementation
Or implement your own annotations anyway you want and disable Shiro's annotation processing: shiro.annotations.enabled=false
I have to integrate spring rest docs in a legacy project were they use a bunch of custom annotation (such as for example the user roles).
Is there a way in spring rest docs to document this annotation?
Spring REST Docs works at the level of HTTP requests and responses. By design, it doesn't know anything about annotations or how those requests are handled and the responses created. This ensures that what you're documenting is at the same level as a client interacting with your service over HTTP.
If you want to include information about #PreAuthorize or an annotation that is similar to it, you will have to write something yourself to do that. If you want to fit into the REST Docs way of doing things, you could implement a custom Snippet that's configured with a class or method from which it extracts the annotation using reflection and generates some documentation from it.
I am using Groovy & Grails , and I wanted the difference between using nomal Grails controller as Rest Controller the using RestFulController class.And secondly I wanted to know which API implementation (Jersey or RestEasy) is Grails using at it's end.
I wanted the difference between using nomal Grails controller as Rest
Controller the using RestFulController class.
The difference would depend what you put in your normal Grails controller. If you put the same behavior in your normal controller as is provided by RestfulController, then of course there would be no functional difference. If you did not put the same behavior in your normal controller as is provided by RestfulController, then the details of what you put in your controller will dictate the differences between it and RestfulController.
RestfulController provides basic CRUD capability and a number of methods designed for extension to customize that behavior. See https://github.com/grails/grails-core/blob/v3.3.9/grails-plugin-rest/src/main/groovy/grails/rest/RestfulController.groovy.
And secondly I wanted to know which API implementation (Jersey or
RestEasy) is Grails using at it's end.
Grails is not using Jersey or RestEasy. Grails implements its own API.
I am working on creating a SOA project. I want to use Jersey to expose the services on rest. In my project the standard is to create a API project which has API interfaces and DTOs. The implementation project depends on the API project and all implementation is written in the implementation.
The idea behind this architecture is that, we could create two API projects one for REST and other for SOAP, annotate the interfaces with required annotations. As a result the implementation would be unaware about the method used to expose the service (I mean REST and SOAP).
But the problem in Jersey is unable to discover the annotations on the interface and keeps throwing following exception
com.sun.jersey.api.container.ContainerException: The ResourceConfig instance does not contain any root resource classes.
A similar question has already been asked - JAX-RS Jersey/Grizzly Define an interface resource - The answer says that it is possible using Spring-Jersey.
But I tried various configuration options for spring-jersey - including - http://jersey.java.net/nonav/apidocs/1.8/contribs/jersey-spring/com/sun/jersey/spi/spring/container/servlet/package-summary.html
But did not have any success.
Questions
The idea of trying to manage the different ways of exposing service thru interface, is it a feasible and good idea? How are experts in the industry doing?
How can I manage to use Jersey to understand the annotations done on Interface?
Is some other framework like RestEasy going to help?
I must admit that I'm new to Web services. When I create a Web service using CXF or Axis, even with custom beans being used to communicate information between the client and the service, the objects are automatically marshalled and unmarshalled for me (I mean CXF or Axis create all the necessary files and classes). So, even though I know JAXB is used by the stack to marshal, and unmarshal objects, but I don't directly need to work with JAXB.
Now, my question is whether I need to work with JAXB directly, as far as Web services are concerned, or that marshaling and unmarshalling will always be handled for me?
When creating a JAX-WS (SOAP) or JAX-RS (RESTful) Web Service, JAXB is used as the binding layer to convert objects to/from XML (and sometimes JSON). This marshalling/unmarshalling is triggered automatically for you. Where you interact with JAXB is by adding annotations to your domain model to control how the XML looks. Below are a couple of examples that you may find useful:
http://blog.bdoughan.com/2011/12/eclipselink-moxy-is-jaxb-provider-in.html (JAX-WS example)
http://blog.bdoughan.com/2010/08/creating-restful-web-service-part-35.html (JAX-RS example)