Enable ContainerRequestFilter without web.xml

0

I'm trying to enable basic authentication using Filter. I likes to enable that without using web.xml file. I tried the answer in the question

Use ContainerRequestFilter in Jersey without web.xml

But I can't get clear idea over that.
How to enable filter without web.xml file?

package com.example.filter;



import java.io.IOException;

import java.lang.reflect.Method;

import java.util.Base64;

import java.util.StringTokenizer;



import javax.annotation.security.PermitAll;

import javax.servlet.http.HttpServletRequest;

import javax.ws.rs.container.ContainerRequestContext;

import javax.ws.rs.container.ContainerRequestFilter;

import javax.ws.rs.container.ResourceInfo;

import javax.ws.rs.core.Context;

import javax.ws.rs.core.Response;



import com.example.ApiService;



public class AuthFilter implements ContainerRequestFilter {



    private HttpServletRequest request;

    @Context

    private ResourceInfo resourceInfo;

    private static final String AUTHORIZATION_PROPERTY = "Authorization";

    private static final String AUTHENTICATION_SCHEME = "Basic";

    private static final Response ACCESS_DENIED = Response.status(Response.Status.UNAUTHORIZED)

            .entity("You cannot access this resource").build();



    public boolean isAuthenticated(String authCredentials) {

        if (null == authCredentials)

            return false;



        final String encodedUserPassword = authCredentials.replaceFirst(AUTHENTICATION_SCHEME + " ", "");

        String usernameAndPassword = null;

        try {

            byte decodedBytes = Base64.getDecoder().decode(encodedUserPassword);

            usernameAndPassword = new String(decodedBytes, "UTF-8");

        } catch (IOException e) {

            e.printStackTrace();

        }

        final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");

        final String username = tokenizer.nextToken();

        if (request.getSession() != null) {

            String mobile_number = (String) request.getSession().getAttribute(ApiService.CONTACT_ID_KEY);

            if (mobile_number != username) {

                return true;

            }

        }

        return false;

    }



    @Override

    public void filter(ContainerRequestContext requestContext) throws IOException {

        Method method = resourceInfo.getResourceMethod();



        if (!method.isAnnotationPresent(PermitAll.class)) {





            // Fetch authorization header

            final String authorization = requestContext.getHeaderString(AUTHORIZATION_PROPERTY);



            // If no authorization information present; block access

            if (authorization == null || authorization.isEmpty()) {

                requestContext.abortWith(ACCESS_DENIED);

                return;

            }



            if(!isAuthenticated(authorization)) {

                requestContext.abortWith(ACCESS_DENIED);

                return;



            }

        }



    }



}

And this is my Application class

package com.example;



import java.util.HashMap;

import java.util.Map;



import javax.ws.rs.ApplicationPath;

import javax.ws.rs.core.Application;





@ApplicationPath("/rest")

public class ApiConfig extends Application {



    public Map<String, Object> getProperties() {

        Map<String, Object> properties = new HashMap<>();

        properties.put("jersey.config.server.provider.packages", "com.example");

        return properties;

    }

}

Thank you.

java jersey jax-rs tomcat8 requestfiltering

share|improve this question

asked Nov 21 '18 at 1:56

Chitraveer AkhilChitraveer Akhil

13210

add a comment | 

0

I'm trying to enable basic authentication using Filter. I likes to enable that without using web.xml file. I tried the answer in the question

Use ContainerRequestFilter in Jersey without web.xml

But I can't get clear idea over that.
How to enable filter without web.xml file?

package com.example.filter;



import java.io.IOException;

import java.lang.reflect.Method;

import java.util.Base64;

import java.util.StringTokenizer;



import javax.annotation.security.PermitAll;

import javax.servlet.http.HttpServletRequest;

import javax.ws.rs.container.ContainerRequestContext;

import javax.ws.rs.container.ContainerRequestFilter;

import javax.ws.rs.container.ResourceInfo;

import javax.ws.rs.core.Context;

import javax.ws.rs.core.Response;



import com.example.ApiService;



public class AuthFilter implements ContainerRequestFilter {



    private HttpServletRequest request;

    @Context

    private ResourceInfo resourceInfo;

    private static final String AUTHORIZATION_PROPERTY = "Authorization";

    private static final String AUTHENTICATION_SCHEME = "Basic";

    private static final Response ACCESS_DENIED = Response.status(Response.Status.UNAUTHORIZED)

            .entity("You cannot access this resource").build();



    public boolean isAuthenticated(String authCredentials) {

        if (null == authCredentials)

            return false;



        final String encodedUserPassword = authCredentials.replaceFirst(AUTHENTICATION_SCHEME + " ", "");

        String usernameAndPassword = null;

        try {

            byte decodedBytes = Base64.getDecoder().decode(encodedUserPassword);

            usernameAndPassword = new String(decodedBytes, "UTF-8");

        } catch (IOException e) {

            e.printStackTrace();

        }

        final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");

        final String username = tokenizer.nextToken();

        if (request.getSession() != null) {

            String mobile_number = (String) request.getSession().getAttribute(ApiService.CONTACT_ID_KEY);

            if (mobile_number != username) {

                return true;

            }

        }

        return false;

    }



    @Override

    public void filter(ContainerRequestContext requestContext) throws IOException {

        Method method = resourceInfo.getResourceMethod();



        if (!method.isAnnotationPresent(PermitAll.class)) {





            // Fetch authorization header

            final String authorization = requestContext.getHeaderString(AUTHORIZATION_PROPERTY);



            // If no authorization information present; block access

            if (authorization == null || authorization.isEmpty()) {

                requestContext.abortWith(ACCESS_DENIED);

                return;

            }



            if(!isAuthenticated(authorization)) {

                requestContext.abortWith(ACCESS_DENIED);

                return;



            }

        }



    }



}

And this is my Application class

package com.example;



import java.util.HashMap;

import java.util.Map;



import javax.ws.rs.ApplicationPath;

import javax.ws.rs.core.Application;





@ApplicationPath("/rest")

public class ApiConfig extends Application {



    public Map<String, Object> getProperties() {

        Map<String, Object> properties = new HashMap<>();

        properties.put("jersey.config.server.provider.packages", "com.example");

        return properties;

    }

}

Thank you.

java jersey jax-rs tomcat8 requestfiltering

share|improve this question

asked Nov 21 '18 at 1:56

Chitraveer AkhilChitraveer Akhil

13210

add a comment | 

0

0

0

I'm trying to enable basic authentication using Filter. I likes to enable that without using web.xml file. I tried the answer in the question

Use ContainerRequestFilter in Jersey without web.xml

But I can't get clear idea over that.
How to enable filter without web.xml file?

package com.example.filter;



import java.io.IOException;

import java.lang.reflect.Method;

import java.util.Base64;

import java.util.StringTokenizer;



import javax.annotation.security.PermitAll;

import javax.servlet.http.HttpServletRequest;

import javax.ws.rs.container.ContainerRequestContext;

import javax.ws.rs.container.ContainerRequestFilter;

import javax.ws.rs.container.ResourceInfo;

import javax.ws.rs.core.Context;

import javax.ws.rs.core.Response;



import com.example.ApiService;



public class AuthFilter implements ContainerRequestFilter {



    private HttpServletRequest request;

    @Context

    private ResourceInfo resourceInfo;

    private static final String AUTHORIZATION_PROPERTY = "Authorization";

    private static final String AUTHENTICATION_SCHEME = "Basic";

    private static final Response ACCESS_DENIED = Response.status(Response.Status.UNAUTHORIZED)

            .entity("You cannot access this resource").build();



    public boolean isAuthenticated(String authCredentials) {

        if (null == authCredentials)

            return false;



        final String encodedUserPassword = authCredentials.replaceFirst(AUTHENTICATION_SCHEME + " ", "");

        String usernameAndPassword = null;

        try {

            byte decodedBytes = Base64.getDecoder().decode(encodedUserPassword);

            usernameAndPassword = new String(decodedBytes, "UTF-8");

        } catch (IOException e) {

            e.printStackTrace();

        }

        final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");

        final String username = tokenizer.nextToken();

        if (request.getSession() != null) {

            String mobile_number = (String) request.getSession().getAttribute(ApiService.CONTACT_ID_KEY);

            if (mobile_number != username) {

                return true;

            }

        }

        return false;

    }



    @Override

    public void filter(ContainerRequestContext requestContext) throws IOException {

        Method method = resourceInfo.getResourceMethod();



        if (!method.isAnnotationPresent(PermitAll.class)) {





            // Fetch authorization header

            final String authorization = requestContext.getHeaderString(AUTHORIZATION_PROPERTY);



            // If no authorization information present; block access

            if (authorization == null || authorization.isEmpty()) {

                requestContext.abortWith(ACCESS_DENIED);

                return;

            }



            if(!isAuthenticated(authorization)) {

                requestContext.abortWith(ACCESS_DENIED);

                return;



            }

        }



    }



}

And this is my Application class

package com.example;



import java.util.HashMap;

import java.util.Map;



import javax.ws.rs.ApplicationPath;

import javax.ws.rs.core.Application;





@ApplicationPath("/rest")

public class ApiConfig extends Application {



    public Map<String, Object> getProperties() {

        Map<String, Object> properties = new HashMap<>();

        properties.put("jersey.config.server.provider.packages", "com.example");

        return properties;

    }

}

Thank you.

java jersey jax-rs tomcat8 requestfiltering

share|improve this question

asked Nov 21 '18 at 1:56

Chitraveer AkhilChitraveer Akhil

13210

I'm trying to enable basic authentication using Filter. I likes to enable that without using web.xml file. I tried the answer in the question

Use ContainerRequestFilter in Jersey without web.xml

But I can't get clear idea over that.
How to enable filter without web.xml file?

package com.example.filter;



import java.io.IOException;

import java.lang.reflect.Method;

import java.util.Base64;

import java.util.StringTokenizer;



import javax.annotation.security.PermitAll;

import javax.servlet.http.HttpServletRequest;

import javax.ws.rs.container.ContainerRequestContext;

import javax.ws.rs.container.ContainerRequestFilter;

import javax.ws.rs.container.ResourceInfo;

import javax.ws.rs.core.Context;

import javax.ws.rs.core.Response;



import com.example.ApiService;



public class AuthFilter implements ContainerRequestFilter {



    private HttpServletRequest request;

    @Context

    private ResourceInfo resourceInfo;

    private static final String AUTHORIZATION_PROPERTY = "Authorization";

    private static final String AUTHENTICATION_SCHEME = "Basic";

    private static final Response ACCESS_DENIED = Response.status(Response.Status.UNAUTHORIZED)

            .entity("You cannot access this resource").build();



    public boolean isAuthenticated(String authCredentials) {

        if (null == authCredentials)

            return false;



        final String encodedUserPassword = authCredentials.replaceFirst(AUTHENTICATION_SCHEME + " ", "");

        String usernameAndPassword = null;

        try {

            byte decodedBytes = Base64.getDecoder().decode(encodedUserPassword);

            usernameAndPassword = new String(decodedBytes, "UTF-8");

        } catch (IOException e) {

            e.printStackTrace();

        }

        final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");

        final String username = tokenizer.nextToken();

        if (request.getSession() != null) {

            String mobile_number = (String) request.getSession().getAttribute(ApiService.CONTACT_ID_KEY);

            if (mobile_number != username) {

                return true;

            }

        }

        return false;

    }



    @Override

    public void filter(ContainerRequestContext requestContext) throws IOException {

        Method method = resourceInfo.getResourceMethod();



        if (!method.isAnnotationPresent(PermitAll.class)) {





            // Fetch authorization header

            final String authorization = requestContext.getHeaderString(AUTHORIZATION_PROPERTY);



            // If no authorization information present; block access

            if (authorization == null || authorization.isEmpty()) {

                requestContext.abortWith(ACCESS_DENIED);

                return;

            }



            if(!isAuthenticated(authorization)) {

                requestContext.abortWith(ACCESS_DENIED);

                return;



            }

        }



    }



}

And this is my Application class

package com.example;



import java.util.HashMap;

import java.util.Map;



import javax.ws.rs.ApplicationPath;

import javax.ws.rs.core.Application;





@ApplicationPath("/rest")

public class ApiConfig extends Application {



    public Map<String, Object> getProperties() {

        Map<String, Object> properties = new HashMap<>();

        properties.put("jersey.config.server.provider.packages", "com.example");

        return properties;

    }

}

Thank you.

java jersey jax-rs tomcat8 requestfiltering

java jersey jax-rs tomcat8 requestfiltering

share|improve this question

asked Nov 21 '18 at 1:56

Chitraveer AkhilChitraveer Akhil

13210

share|improve this question

asked Nov 21 '18 at 1:56

Chitraveer AkhilChitraveer Akhil

13210

share|improve this question

share|improve this question

asked Nov 21 '18 at 1:56

Chitraveer AkhilChitraveer Akhil

13210

asked Nov 21 '18 at 1:56

Chitraveer AkhilChitraveer Akhil

13210

asked Nov 21 '18 at 1:56

Chitraveer AkhilChitraveer Akhil

13210

13210

add a comment | 

add a comment | 

1 Answer
1

active

oldest

votes

1

You need to annotate it with @Provider. The scanning picks up classes that are annotated with @Provider and @Path. You also need to add @Context for the HttpServletRequest if you want it injected (you only have it on the ResourceInfo).

share|improve this answer

answered Nov 21 '18 at 3:48

Paul SamsothaPaul Samsotha

150k20291477

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

Thanks for contributing an answer to Stack Overflow!

• Please be sure to answer the question. Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.


• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53404287%2fenable-containerrequestfilter-without-web-xml%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

active

oldest

votes

active

oldest

votes

1

You need to annotate it with @Provider. The scanning picks up classes that are annotated with @Provider and @Path. You also need to add @Context for the HttpServletRequest if you want it injected (you only have it on the ResourceInfo).

share|improve this answer

answered Nov 21 '18 at 3:48

Paul SamsothaPaul Samsotha

150k20291477

add a comment | 

1

You need to annotate it with @Provider. The scanning picks up classes that are annotated with @Provider and @Path. You also need to add @Context for the HttpServletRequest if you want it injected (you only have it on the ResourceInfo).

share|improve this answer

answered Nov 21 '18 at 3:48

Paul SamsothaPaul Samsotha

150k20291477

add a comment | 

1

1

1

You need to annotate it with @Provider. The scanning picks up classes that are annotated with @Provider and @Path. You also need to add @Context for the HttpServletRequest if you want it injected (you only have it on the ResourceInfo).

share|improve this answer

answered Nov 21 '18 at 3:48

Paul SamsothaPaul Samsotha

150k20291477

You need to annotate it with @Provider. The scanning picks up classes that are annotated with @Provider and @Path. You also need to add @Context for the HttpServletRequest if you want it injected (you only have it on the ResourceInfo).

share|improve this answer

answered Nov 21 '18 at 3:48

Paul SamsothaPaul Samsotha

150k20291477

share|improve this answer

share|improve this answer

answered Nov 21 '18 at 3:48

Paul SamsothaPaul Samsotha

150k20291477

answered Nov 21 '18 at 3:48

Paul SamsothaPaul Samsotha

150k20291477

answered Nov 21 '18 at 3:48

Paul SamsothaPaul Samsotha

150k20291477

150k20291477

add a comment | 

add a comment | 

Thanks for contributing an answer to Stack Overflow!

• Please be sure to answer the question. Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.


• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

• Please be sure to answer the question. Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.


• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53404287%2fenable-containerrequestfilter-without-web-xml%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

Name

Name

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

Name

Name

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

This page is only for reference, If you need detailed information, please check here