Cannot bind a ContainerRequestFilter using Glassfish4 and JAX-RS

Question

I am having trouble attaching a ContainerRequstFilter to a very simple JAX-RS rest application inside Glassfish4.

I believe that I've followed the instructions from both the javadoc and various other tutorial sources, but I am now at a complete loss.

The entire source (very short) is below, with the expected functionality:

• (login) A user can log in at http://localhost/app/api/login/uname/password and the response is "You are logged in, uname"
• (verify) User visits http://localhost/app/api/login/verify/uname and the response is a 401 unauthorized.

The second bit is meant the be implemented as a filter. What actually happens is that the first bit (login) works, and the second bit (verify) completely ignores the filter (including nothing in the logs to indicate that the filter ran). That is, the output is just "Every thing is fine, uname", rather than a 401 error.

What I want to understand is the way to get the filter attached to the verify action. For reference

• I'm running glassfish 4.1 build 13
• I'm compiling and deploying using gradle, with the deployment action
  • assassin deploy --force --contextroot /app /path/to/app.war
• Glassfish reports that it's using Jersey 2.10.4

Here is the entirety of the source related to the application:

RestApp.java

package test.pack;

import java.util.HashSet;
import java.util.Set;

import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;

@ApplicationPath("/api")
public class RestApp extends Application
{
    @Override
    public Set<Class<?>> getClasses()
    {
        Set<Class<?>> classes = new HashSet<Class<?>>();
        classes.add(Login.class);
        return classes;
    }
}

Login.java

package test.pack;

import javax.ejb.Stateless;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;

@Stateless
@Path("login/")
@Produces("text/json")
public class Login
{
    @GET
    @Path("{username}/{password}")
    public Response login(@PathParam("username") String username, @PathParam("password") String password)
    {
        System.out.println("Logging in");
        return Response.ok("You are logged in, " + username).build();
    }

    @GET
    @Path("/verify/{username}")
    @Secured
    public Response verify(@PathParam("username") String username)
    {
        System.out.println("Verify");
        return Response.ok("Everything is fine, " + username).build();
    }

Secured.java

package test.pack;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

import javax.ws.rs.NameBinding;

@NameBinding
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
public @interface Secured 
{
}

LoggedInFilter.java

package test.pack;

import java.io.IOException;

import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.Response;

@Secured
public class LoggedInFilter implements ContainerRequestFilter
{
    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException 
    {
        System.out.println("request");
        requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
    }
}

Answer 1

Ugh. That's embarrassing.

The next tutorial I visited had the solution, which was to register the filter in the RestApp class.

RestApp.java

@ApplicationPath("/api")
public class RestApp extends Application
{
    @Override
    public Set<Class<?>> getClasses()
    {
        Set<Class<?>> classes = new HashSet<Class<?>>();
        classes.add(Login.class);
        return classes;
    }

    @Override
    public Set<Object> getSingletons()
    {
        Set<Object> singletons = new HashSet<Object>();
        singletons.add(new LoggedInFilter());
        return singletons;
    }
}

I'll leave the answer here rather than deleting the question, since it was only in one of 4 tutorials that I read, and so this might be at least a little interesting.