Reputation: 31
OSGi Felix: secure REST resources through annotations
I'm developing an OSGi-based Web application that exposes several REST resources. To do so, I exploited two packages of Amdatu project, namely org.amdatu.web.rest.jaxrs and org.amdatu.web.rest.wink.
The system works well, but now I have to solve some security issues. After login, my OSGi server provides the user with a JWT token, in which user's role is stored. This token is sent back to the server for each request in the Authorization header.
I'm able to trivially check both the validity of the token and the user's role at the beginning of the resource method, but I'd like to do so through annotations. By extending the javax.servlet.Filter interface, I implemented a filter class that is able to intercept all the http requests.
Unfortunately, from within this class I cannot know which annotations are set for the resource method (the HttpServletRequest object gives only the resource path information).
So, my question is: is there a way to check the resource method annotations from within the filter class in order to properly process the JWT?
I found several solutions based on Jersey, but it conflicts with the aforementioned Amdatu packages.. Thanks in advance.
Upvotes: 2
Views: 234
Answers (0)
Related Questions
- Should I use Singular or Plural name convention for REST resources?
- What are best practices for REST nested resources?
- Apache felix osgi unable to export package
- Is there a way to get a list of all jersey urls a user, based on their role and @RolesAllowed, has access to?
- How to implement a secure REST API with node.js
- OSGi: What are the differences between Apache Felix and Apache Karaf?
- How to inject osgi service with felix scr annotations
- Getting resource annotations in Jersey 1.18.1 request filter