1

I have an api that needs to implement security.

But the filter is not invoked. my call pass directly to the endpoint...

My Secure interface

@NameBinding
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE,ElementType.METHOD})
public @interface Seguro {}

My Filter

@Seguro
@Provider
@Priority(Priorities.AUTHENTICATION)
public class FiltroAutenticacao implements ContainerRequestFilter {

@Override
public void filter(ContainerRequestContext requestContext) throws IOException {

    String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);

    if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
        throw new NotAuthorizedException("Authorization header precisa ser provido");
    }

    String token = authorizationHeader.substring("Bearer".length()).trim();

    try {
        ...

    } catch (Exception e) {
        ...
    }

}

}

My method that needs to be authenticated.

@Seguro
@GET
@Path("/metodo-teste")
@Produces("application/json")
public Response medotoTeste(@QueryParam("codigo") String codigo){       

    ModeloTesteTO to = new ModeloTesteTO("codigo enviado foi " + codigo);       
    return Response.ok(to, MediaType.APPLICATION_JSON).build();
}

Do I need to implement anything else?

My web.xml

  <servlet>
  <servlet-name>Jersey REST Service</servlet-name>
  <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>

  <init-param>
  <param-name>com.sun.jersey.config.property.resourceConfigClass</param-name>
  <param-value>com.sun.jersey.api.core.PackagesResourceConfig</param-value>
  </init-param>

  <init-param>
  <param-name>com.sun.jersey.config.property.packages</param-name>
  <param-value>br.gov.es.dataci.aprender</param-value>
  </init-param>

  <init-param>
  <param-name>com.sun.jersey.spi.container.ContainerRequestFilters</param-name>
  <param-value>br.gov.es.dataci.aprender.seguranca.FiltroAutenticacao</param-value>
</init-param>

  <load-on-startup>1</load-on-startup>
  </servlet>

  <servlet-mapping>
  <servlet-name>Jersey REST Service</servlet-name>
  <url-pattern>/*</url-pattern>
  </servlet-mapping>

I am using Jersey 1.17 and glassfish 4

Gustavo de Freitas
  • 99
  • 2
  • 15
  • How are you registering the filter? – Paul Samsotha Jul 09 '18 at 21:47
  • I registered it in web.xml, but it's still not called – Gustavo de Freitas Jul 10 '18 at 11:37
  • You're using the wrong `ContainerRequestFilter.` The one you are using is for Jersey/JAX-RS 2. But you are using Jersey 1.x. These two are completely incompatible. You should remove any JAX-RS 2 jar, so you don't get confused as to what you can use. Or switch to using Jersey 2. And why are you using using Jersey 1.x with Glassfish 4? AFAIK, it uses Jersey 2 already. – Paul Samsotha Jul 10 '18 at 12:55
  • I don't have 'jersey 2 jar' in my project Paul, for some reason it does not deploy on glassfish 4. From what I read the package 'com.sun.jersey.spi.container' refers to jersey 1, wright? – Gustavo de Freitas Jul 10 '18 at 13:01
  • Then how are you compiling the filter if you don't have JAX-RS 2 (or Java EE 7) in your project? Yes you are right about the package, it is for Jersey 1.x. Glassfish 4 uses Java EE 7, which uses JAX-RS 2, which means Jersey 2.x. If you are using Glassfish 4, then you should be using Jersey 2.x. not 1.x – Paul Samsotha Jul 10 '18 at 13:04
  • I tried to use Jersey 2, but my application was not published by Glassfish 4. I put the Jersey 1 libraries in the lib folder of my project. when the glassfish does deploy shows me the version of jersey 1.17.1 – Gustavo de Freitas Jul 10 '18 at 13:21
  • Well here are your options. Keep trying to figure out how to get Jersey 2 working, or switch to using the Jersey 1.x filter. With the 1.x filter, you might not be able to implement the filter the same way. It is different from how the 2.x version works. – Paul Samsotha Jul 10 '18 at 13:29
  • Would you have any examples of setting up these filters using Jersey 1? – Gustavo de Freitas Jul 10 '18 at 13:32
  • https://stackoverflow.com/a/28067653/2587435 – Paul Samsotha Jul 10 '18 at 13:33

1 Answers1

0

I discovered the problem, following Paul's suggestion of trying to publish the application with Jersey 2 on the glassfish, I discovered incompatibility in glassfish version. Glassfish 4.0 does not support jersey 2, the 4.1.2 version yes. I migrated the server and solved the problem.

Gustavo de Freitas
  • 99
  • 2
  • 15