I want to restrict some methods if they are being accessed in a non-secure manner. I'm creating a @Secure annotation that checks whether or not the request was sent over secure channels. However, I cannot create a method injectable that captures the HttpContext of the request.
@Documented
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD})
public @interface Secure {
}
public class SecureProvider<T> implements InjectableProvider<Secure, AbstractResourceMethod> {
@Override
public ComponentScope getScope() {
return ComponentScope.PerRequest;
}
@Override
public Injectable<?> getInjectable(ComponentContext componentContext,
Secure annotation,
AbstractResourceMethod method) {
return new SecureInjectable();
}
}
public class SecureInjectable<T> extends AbstractHttpContextInjectable<T> {
@Override
public T getValue(HttpContext context) {
// validation here
return null;
}
}
I'm using the Dropwizard framework, so initialization of the Providers should be as easy as:
environment.addProvider(new SessionRestrictedToProvider<>(new SessionAuthenticator(), "MySession"));
environment.addProvider(new SecureProvider<>());
environment.setSessionHandler(new SessionHandler());
Usage:
@Resource
@Path("/account")
public class AccountResource {
@GET
@Path("/test_secure")
@Secure
public Response isSecure() {
return Response.ok().build();
}
}
At this point I'm assuming that a HttpContext Injectable doesn't work on a method, but I'm at a loss as to what other options I could utilize to implement this annotation.
See Question&Answers more detail:os