0

I have an interface and would like to open it as a REST API.

Interface:

string createToken(String username, String scopes);

REST web API:

@GET
@Path("/createToken")
@Override
public string createToken(@InjectParam String username, String scopes) {
  ...
}

As a simple Java API,, the interface itself makes sense - creating an access token by a specific (unique) user.

But, as an REST web API, I need a previous step to retrieve the username, based on some user data that is passed in the http header, like an SSO key.

How do I inject a value into the username - extracted from the HTTP header? Thanks.

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
AlikElzin-kilaka
  • 34,335
  • 35
  • 194
  • 277

2 Answers2

1

Created a Provider to inject the value into a custom annotation. See small working example here. See source inline below as well.

The example extracts the username from an sso token. It's a dummy extraction.

* I didn't use @InjectParam.

Invocation example:

curl -X POST -H "ssoToken: 1234" http://localhost:8080/JerseyCustomParamInjection-1.0-SNAPSHOT/oauth2/createAccessToken

Custom annotation:

@Target({ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
public @interface LoggedUser {
}

Provider to do the injection:

@Provider
public class LoggedUserProvider implements
        Injectable<String>,
        InjectableProvider<LoggedUser, Parameter> {

    @Context
    private HttpServletRequest request;

    public LoggedUserProvider() {
    }

    @Override
    public Injectable<String> getInjectable(ComponentContext cc, LoggedUser a, com.sun.jersey.api.model.Parameter c) {
        return this;
    }

    @Override
    public ComponentScope getScope() {
        return ComponentScope.PerRequest;
    }

    @Override
    public String getValue() {
        String sso = request.getHeader("ssoToken");
        if (sso == null) {
            throw new WebApplicationException(Response.Status.UNAUTHORIZED);
        }
        // Retreive username from soo
        String username = " <extracted username from sso="+sso+">";
        return username;
    }
}

Resource that defines the wants to inject the value:

@Path("/oauth2")
public class Resource {

    @POST
    @Path("/createAccessToken")
    public String createAccessToken(
            @LoggedUser String username
    ) {
        return username + " <created access token using the logged in injected username>";
    }
}

Servlet configuration (web.xml):

<web-app id="WebApp_ID" version="2.4"
         xmlns="http://java.sun.com/xml/ns/j2ee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    <display-name>Restful Web Application</display-name>
    <servlet>
        <servlet-name>jersey-serlvet</servlet-name>
        <servlet-class>
            com.sun.jersey.spi.container.servlet.ServletContainer
        </servlet-class>
        <init-param>
            <param-name>com.sun.jersey.config.property.packages</param-name>
            <param-value>info.fastpace.jerseycustomparaminjection</param-value>
        </init-param>
        <init-param>
            <param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
            <param-value>true</param-value>
        </init-param>
    </servlet>
    <servlet-mapping>
        <servlet-name>jersey-serlvet</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>
</web-app>
AlikElzin-kilaka
  • 34,335
  • 35
  • 194
  • 277
0

You should use HeaderParam. See this

@GET
@Path("/createToken")
@Override
public string createToken(@HeaderParam("username") String username, String scopes) {
  ...
}

If you have to extract username and have to inject it, you will have to implement a provider:

@Provider
public class UsernameProvider
      extends AbstractHttpContextInjectable<Locale>
      implements InjectableProvider<Context, Type> {

    @Override
    public Injectable<E> getInjectable(ComponentContext compCntxt, Context cntxt, Type typ) {
        if (typ.equals(String.class)) {
            return this;
        }
        return null;
    }

    @Override
    public ComponentScope getScope() {
        return ComponentScope.PerRequest;
    }

    @Override
    public String getValue(HttpContext httpCntxt) {
        final Request rqst = httpCntxt.getRequest();
        String username = null;
        //Extract 'username' from Headers 
        return username;
    }
}

Detailed explanation here

randominstanceOfLivingThing
  • 16,873
  • 13
  • 49
  • 72
  • The username is not passed. Nor in the header. Some other data is passed in the http header and a previous step is needed to convert that data to username. – AlikElzin-kilaka Apr 17 '16 at 15:20
  • If I'd like to use the second solution, does the interface need to be changed? How do I inject the correct value to the correct param? How to prevent mixing String username and scope? – AlikElzin-kilaka Apr 17 '16 at 15:52
  • The annotation is for username. It is not for method, scope is not in picture. The scope you have in method arguments is different than the scope in provider. – randominstanceOfLivingThing Apr 17 '16 at 15:55