如何使用Jersey和Java EE 5检索ServletRequest

Question

I'm working on creating a security library that will be used by several RESTful clients. I'm using Java EE 5, Jersey 1.17 and Maven. The clients will use my library to call a third party app using a token. The third party app will then return all the information it has on that token, like expiration, scope and userId. My idea is to make a filter that will check if there is an Authorization header, and if that's so, it calls the third party app. If the third party app validates the token and returns the token's info, I need to return that information, stored in a TokenInformation object, back to the resources. In a previous post, someone said that I could do this:

public class MyFilter implements Filter{

    @Override
    public void doFilter(final ServletRequest request,
            final ServletResponse response,
            final FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;        
        String header = req.getHeader("Authorization");
        TokenInformation info = new TokenInformation();
        info = buildInfo(info);
        if (true) {
            request.setAttribute("auth", info);
            chain.doFilter(request, response);
        } else {
            handleError(response);
        }
    }
}

So, by sending the TokenInformation object to the request as an additional attribute, I would be able to retrieve it later in the resource classes. The thing is that I'm using Java EE 5, and I didn't realize that I couldn't use the @Context annotation to inject the ServletRequest object. How can I access the ServletRequest object again from a resource class, so that I can access the TokenInformation object in, for example, the DAO?

The way I'm using jersey is by doing this in my web.xml :

<servlet>
    <servlet-name>Security API</servlet-name>
    <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
    <init-param>
        <param-name>javax.ws.rs.Application</param-name>
        <param-value>com.ni.apps.engineering.securitylibrary.resources.SecurityResource</param-value>
    </init-param>
    <init-param>
        <param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
        <param-value>true</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Security API</servlet-name>
    <url-pattern>/1/*</url-pattern>
</servlet-mapping>

The SecurityResource class has this:

public class SecurityResource extends Application{

    public static final String SUPPORTED_REPRESENTATIONS = MediaType.APPLICATION_XML
            + "," + MediaType.APPLICATION_JSON;

    @Override
    public Set<Class<?>> getClasses() {
        HashSet<Class<?>> set = new HashSet<Class<?>>();
        set.add(Security.class);                
        return set;
    }

}

The Security class has this:

@Path("")
public class Security implements ISecurity{


    @Override
    public Response get(String upId) {
        String test = "";
        try{

            TokenInformation tI = (TokenInformation) HttpServletRequestWrapper.
            test = "test1";
        }catch(Exception e){
            System.out.println(e.getMessage());
        }
        return null;
    }

}

Answer 1

You don't have to access ServletRequest at Dao layer. In Servlet you can get ServletRequest object and you can pass the value to Dao layer. If you really want to access then pass ServletRequest object to Dao layer by reference.

<servlet-name>Security API</servlet-name>
<servlet-class>com.packagename.MyServlet</servlet-class>

public MyServlet extends com.sun.jersey.spi.container.servlet.ServletContainer{}

You can extend jersey servlet and you can initialize Servlet with Application Class by programatically.

In MyServlet you can reach the request object.

Servlet Information : https://jersey.java.net/apidocs/1.17/jersey/com/sun/jersey/spi/container/servlet/ServletContainer.html