ContainerRequestFilter is not executed in JAX-RS / RESTEasy application

Question

I am trying to create a filter for a REST API I have developed following these question Best practice for REST token-based authentication with JAX-RS and Jersey.

The problem is whatever of the methods I am invoking the filter doesnt appear to work.

These are my classes:

Secured.java

@NameBinding
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
public @interface Secured { 

}

AuthenticationFilter.java

@Secured
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter{

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        // Get the HTTP Authorization header from the request
        String authorizationHeader = 
            requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);

        // Check if the HTTP Authorization header is present and formatted correctly 
        if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
            throw new NotAuthorizedException("Authorization header must be provided");
        }

        // Extract the token from the HTTP Authorization header
        String token = authorizationHeader.substring("Bearer".length()).trim();

        try {

            // Validate the token
            validateToken(token);

        } catch (Exception e) {
            requestContext.abortWith(
                Response.status(Response.Status.UNAUTHORIZED).build());
        }
    }

    private void validateToken(String token) throws Exception {
        // Check if it was issued by the server and if it's not expired
        // Throw an Exception if the token is invalid
    }

}

RestService.java

@Path("/test")
public class RestService {

TestDAO testDAO;

    @GET
    @Secured
    @Path("/myservice")
    @Produces("application/json")
    public List<Test> getEverisTests() {
        testDAO=(TestDAO) SpringApplicationContext.getBean("testDAO");

        long start = System.currentTimeMillis();

        List<Test> ret =  testDAO.getTests();

        long end = System.currentTimeMillis();

        System.out.println("TIEMPO TOTAL: " + (end -start));

        return ret;

    }
}

RestApplication.java

public class RestApplication extends Application{
    private Set<Object> singletons = new HashSet<Object>();

    public RestApplication() {
        singletons.add(new RestService());
        singletons.add(new AuthenticationFilter());
    }

    @Override
    public Set<Object> getSingletons() {
        return singletons;
    }
}

I am missing something? Thanks in advance.

Answer 1

Your AuthenticationFilter may not be registered.

It's very likely you have an Application subclass somewhere in your application. Use it to register the filter:

@ApplicationPath("api")
public class ApiConfig extends Application {

    @Override
    public Set<Class<?>> getClasses() {
        HashSet<Class<?>> classes = new HashSet<>();
        classes.add(AuthenticationFilter.class);
        ...
        return classes;
    }
}

Answer 2

The solution was to update Jboss modules of resteasy following this page resteasy and selecting the version of resteasy that I was using.

Thanks for the answers by the way!

Answer 3

I can't yet comment so this goes into an answer:

I don't understand how the @Secured mechanism works. Did you try to remove all @Secured annotations? The filter should then be active for all endpoints.

If it still does not work most probably you will have to register it manually in your application.

If it does work afterwards you have at least a hint on where to look for the problem ...