How to make WADL requests to pass through Interceptor

[JMalkan <jm...@mail.com>]

Hi CXF Gurus,

I am a newbee. I have an interceptor that extends from
AbstractPhaseInterceptor. This has been configured in spring cxf bus as
follows:

<cxf:bus name="cxf-bus">
  <cxf:inInterceptors>'
    <ref bean="myAuthIntercept"/>
  </cxf:inInterceptors>
</cxf:bus>

The interceptors main job is to only allow authenticated user to access
service.
There are couple of exceptions.
1. A WADL request for the published services.
   Currently I have a hard coded list of URIs. Not a good solution. I would
like to know if there is a way either to avoid interceptor invocation on
WADL requests or access REST URIs dynamically?
2. A request made to login/logout operation call made to AuthService.
    Is there a way to make exception for this one service? I have many
services configured and would prefer not to configure each service with
in/out/fault interceptions.



Jiggy.
-- 
View this message in context: http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27595561.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: How to make WADL requests to pass through Interceptor

[JMalkan <jm...@mail.com>]

Thanks. I followed your suggestion now it works fine.


Sergey Beryozkin-2 wrote:
> 
> Hi
> 
> thanks for the clarification...Actually, I did not suggest to configure
> the interceptor to check for all the new services which 
> might be added but rather check for the URI targeted at the AuthService
> only....
> 
> I think one possible option is to add a custom jaxrs:property to all
> jaxrs:server endpoints such as "restful.endpoint"="true" and 
> then check for it like this :
> 
> if
> (MessageUtils.isTrue(message.getContextualProperty("restful.endpoint"))) {
> ...
> }
> 
> Perhaps it might help ?
> 
> cheers, Sergey
> 
> ----- Original Message ----- 
> From: "JMalkan" <jm...@mail.com>
> To: <us...@cxf.apache.org>
> Sent: Monday, February 15, 2010 11:38 PM
> Subject: RE: How to make WADL requests to pass through Interceptor
> 
> 
> 
> Hi,
> 
> I am working on a design put together by previous developer. So here is a
> bit of context.
> The main purpose of this interceptor is to only allow authorized user to
> execute services.
> 
> 1. User invokes AuthService's login operation to establish the session and
> receives token
> 2. User invokes AuthService's login operation to terminate the session
> above 2 operations should pass through
> 3.  User invokes any of the services - interceptor needs to call
> appropriate
> logic to validate user token.
> 4. WADL requests could pass through.
> 
> 
> With this see my comments inline.
> 
> 
> Jiggy.
> 
> 
> Sergey Beryozkin-2 wrote:
>>
>> Hi
>>
>> There's no CXF specific solution. Please see more comments inline
>>
>>
>> Hi Sergey,
>>
>> Again I greatly appreciate quick response.
>>
>> That is a potential solution. But still concerned about maintainability
>> as
>> new services gets configured or existing gets modified.
>>
>> Is there a way to tell CXF not to invoke interceptor for AuthService and
>> wadl requests?
>>
>>> S.B I'm not quite seeing why checking a Message.QUERY_STRING for a _wadl
>>> fragment does not fit as a general-enough solution ? Likewise, a custom
>>> AuthService is not something CXF is aware of...what is problematic in
>>> configuring an interceptor with the list of URI which have to be
>>> accepted
>>> and check them against say Message.REQUEST_URI ?
>>
>>> J.M This comes with maintenance cost - as we develop more services, we
>>> have to remember to add the service to configure interceptor as well. I
>>> would like relatively mistake free tight solution as you could imagine
>>> sensitivity around security of the system.
>>
>>
>> If answer to above question is "No" then
>> Is there a way to access rest configured URIs from the interceptor?
>>
>>> S.B : I can'r recall the code right now but you can get a list of all
>>> the
>>> endpoint addresses from a DestinationManager bus extension. However, it
>>> won't give a list of restful endpoints only...
>>
>>> J. M: May be this one will work.
>>
>>
>> I'm wondering, may be I'm not understanding your question ?
>> Cheers, Sergey
>>
>> Jiggy.
>>
>>
>> Sergey Beryozkin-2 wrote:
>>>
>>> Hi
>>>
>>> You can have uri values to be matched injected into your custom
>>> interceptor at configuration time if needed...
>>> Cheers, Sergey
>>>
>>> -----Original Message-----
>>> From: JMalkan [mailto:jmalkan@mail.com]
>>> Sent: 15 February 2010 20:32
>>> To: users@cxf.apache.org
>>> Subject: Re: How to make WADL requests to pass through Interceptor
>>>
>>>
>>> Hi Sergey,
>>>
>>> I appreciate quick response. I have been doing most of what you
>>> suggested.
>>> This is a coding solution requiring knowledge of expacted URIs.
>>>
>>> Is there a way to configure this?
>>>
>>>
>>>
>>> Jiggy.
>>>
>>>
>>> Sergey Beryozkin-2 wrote:
>>>>
>>>> Hi
>>>>
>>>> If you use a CXF interceptor then you can get a Message.QUERY_STRING
>>>> value
>>>> from a current Message and check if it contains a _wadl
>>>> part and if yes then let the request continue...
>>>>
>>>> Likewise given that you use JAXRS, you can get OperationResourceInfo
>>>> and
>>>> the actual method name from a current exchange :
>>>>
>>>> exchange.get(OperationResourceInfo.class).getMethodToInvoke().getName()
>>>> and you also can get the name of the resource class about to be invoked
>>>> upon :
>>>>
>>>> exchange.get(ClassResourceInfo.class).getServiceClass().getName()
>>>>
>>>> and if it's AuthService and it's login/logout then let the request to
>>>> continue
>>>>
>>>> Hope it helps, Sergey
>>>>
>>>> I am a newbee. I have an interceptor that extends from
>>>> AbstractPhaseInterceptor. This has been configured in spring cxf bus as
>>>> follows:
>>>>
>>>> <cxf:bus name="cxf-bus">
>>>>   <cxf:inInterceptors>'
>>>>     <ref bean="myAuthIntercept"/>
>>>>   </cxf:inInterceptors>
>>>> </cxf:bus>
>>>>
>>>> The interceptors main job is to only allow authenticated user to access
>>>> service.
>>>> There are couple of exceptions.
>>>> 1. A WADL request for the published services.
>>>>    Currently I have a hard coded list of URIs. Not a good solution. I
>>>> would
>>>> like to know if there is a way either to avoid interceptor invocation
>>>> on
>>>> WADL requests or access REST URIs dynamically?
>>>> 2. A request made to login/logout operation call made to AuthService.
>>>>     Is there a way to make exception for this one service? I have many
>>>> services configured and would prefer not to configure each service with
>>>> in/out/fault interceptions.
>>>>
>>>>
>>>>
>>>> Jiggy.
>>>> -- 
>>>> View this message in context:
>>>> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27595561.html
>>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>>
>>>>
>>>>
>>>
>>> -- 
>>> View this message in context:
>>> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599555.html
>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>
>>>
>>>
>>
>> -- 
>> View this message in context:
>> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599801.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>>
>>
> 
> -- 
> View this message in context:
> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27601801.html
> Sent from the cxf-user mailing list archive at Nabble.com.
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27614342.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: How to make WADL requests to pass through Interceptor

[Sergey Beryozkin <sb...@progress.com>]

Hi

thanks for the clarification...Actually, I did not suggest to configure the interceptor to check for all the new services which 
might be added but rather check for the URI targeted at the AuthService only....

I think one possible option is to add a custom jaxrs:property to all jaxrs:server endpoints such as "restful.endpoint"="true" and 
then check for it like this :

if (MessageUtils.isTrue(message.getContextualProperty("restful.endpoint"))) {
...
}

Perhaps it might help ?

cheers, Sergey

----- Original Message ----- 
From: "JMalkan" <jm...@mail.com>
To: <us...@cxf.apache.org>
Sent: Monday, February 15, 2010 11:38 PM
Subject: RE: How to make WADL requests to pass through Interceptor



Hi,

I am working on a design put together by previous developer. So here is a
bit of context.
The main purpose of this interceptor is to only allow authorized user to
execute services.

1. User invokes AuthService's login operation to establish the session and
receives token
2. User invokes AuthService's login operation to terminate the session
above 2 operations should pass through
3.  User invokes any of the services - interceptor needs to call appropriate
logic to validate user token.
4. WADL requests could pass through.


With this see my comments inline.


Jiggy.


Sergey Beryozkin-2 wrote:
>
> Hi
>
> There's no CXF specific solution. Please see more comments inline
>
>
> Hi Sergey,
>
> Again I greatly appreciate quick response.
>
> That is a potential solution. But still concerned about maintainability as
> new services gets configured or existing gets modified.
>
> Is there a way to tell CXF not to invoke interceptor for AuthService and
> wadl requests?
>
>> S.B I'm not quite seeing why checking a Message.QUERY_STRING for a _wadl
>> fragment does not fit as a general-enough solution ? Likewise, a custom
>> AuthService is not something CXF is aware of...what is problematic in
>> configuring an interceptor with the list of URI which have to be accepted
>> and check them against say Message.REQUEST_URI ?
>
>> J.M This comes with maintenance cost - as we develop more services, we
>> have to remember to add the service to configure interceptor as well. I
>> would like relatively mistake free tight solution as you could imagine
>> sensitivity around security of the system.
>
>
> If answer to above question is "No" then
> Is there a way to access rest configured URIs from the interceptor?
>
>> S.B : I can'r recall the code right now but you can get a list of all the
>> endpoint addresses from a DestinationManager bus extension. However, it
>> won't give a list of restful endpoints only...
>
>> J. M: May be this one will work.
>
>
> I'm wondering, may be I'm not understanding your question ?
> Cheers, Sergey
>
> Jiggy.
>
>
> Sergey Beryozkin-2 wrote:
>>
>> Hi
>>
>> You can have uri values to be matched injected into your custom
>> interceptor at configuration time if needed...
>> Cheers, Sergey
>>
>> -----Original Message-----
>> From: JMalkan [mailto:jmalkan@mail.com]
>> Sent: 15 February 2010 20:32
>> To: users@cxf.apache.org
>> Subject: Re: How to make WADL requests to pass through Interceptor
>>
>>
>> Hi Sergey,
>>
>> I appreciate quick response. I have been doing most of what you
>> suggested.
>> This is a coding solution requiring knowledge of expacted URIs.
>>
>> Is there a way to configure this?
>>
>>
>>
>> Jiggy.
>>
>>
>> Sergey Beryozkin-2 wrote:
>>>
>>> Hi
>>>
>>> If you use a CXF interceptor then you can get a Message.QUERY_STRING
>>> value
>>> from a current Message and check if it contains a _wadl
>>> part and if yes then let the request continue...
>>>
>>> Likewise given that you use JAXRS, you can get OperationResourceInfo and
>>> the actual method name from a current exchange :
>>>
>>> exchange.get(OperationResourceInfo.class).getMethodToInvoke().getName()
>>> and you also can get the name of the resource class about to be invoked
>>> upon :
>>>
>>> exchange.get(ClassResourceInfo.class).getServiceClass().getName()
>>>
>>> and if it's AuthService and it's login/logout then let the request to
>>> continue
>>>
>>> Hope it helps, Sergey
>>>
>>> I am a newbee. I have an interceptor that extends from
>>> AbstractPhaseInterceptor. This has been configured in spring cxf bus as
>>> follows:
>>>
>>> <cxf:bus name="cxf-bus">
>>>   <cxf:inInterceptors>'
>>>     <ref bean="myAuthIntercept"/>
>>>   </cxf:inInterceptors>
>>> </cxf:bus>
>>>
>>> The interceptors main job is to only allow authenticated user to access
>>> service.
>>> There are couple of exceptions.
>>> 1. A WADL request for the published services.
>>>    Currently I have a hard coded list of URIs. Not a good solution. I
>>> would
>>> like to know if there is a way either to avoid interceptor invocation on
>>> WADL requests or access REST URIs dynamically?
>>> 2. A request made to login/logout operation call made to AuthService.
>>>     Is there a way to make exception for this one service? I have many
>>> services configured and would prefer not to configure each service with
>>> in/out/fault interceptions.
>>>
>>>
>>>
>>> Jiggy.
>>> -- 
>>> View this message in context:
>>> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27595561.html
>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>
>>>
>>>
>>
>> -- 
>> View this message in context:
>> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599555.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>>
>>
>
> -- 
> View this message in context:
> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599801.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
>

-- 
View this message in context: http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27601801.html
Sent from the cxf-user mailing list archive at Nabble.com.

RE: How to make WADL requests to pass through Interceptor

[JMalkan <jm...@mail.com>]

Hi,

I am working on a design put together by previous developer. So here is a
bit of context.
The main purpose of this interceptor is to only allow authorized user to
execute services.

1. User invokes AuthService's login operation to establish the session and
receives token
2. User invokes AuthService's login operation to terminate the session
above 2 operations should pass through
3.  User invokes any of the services - interceptor needs to call appropriate
logic to validate user token.
4. WADL requests could pass through.


With this see my comments inline.


Jiggy.


Sergey Beryozkin-2 wrote:
> 
> Hi
> 
> There's no CXF specific solution. Please see more comments inline
> 
> 
> Hi Sergey,
> 
> Again I greatly appreciate quick response.
> 
> That is a potential solution. But still concerned about maintainability as
> new services gets configured or existing gets modified.
> 
> Is there a way to tell CXF not to invoke interceptor for AuthService and
> wadl requests?
> 
>> S.B I'm not quite seeing why checking a Message.QUERY_STRING for a _wadl
>> fragment does not fit as a general-enough solution ? Likewise, a custom
>> AuthService is not something CXF is aware of...what is problematic in
>> configuring an interceptor with the list of URI which have to be accepted
>> and check them against say Message.REQUEST_URI ?
> 
>> J.M This comes with maintenance cost - as we develop more services, we
>> have to remember to add the service to configure interceptor as well. I
>> would like relatively mistake free tight solution as you could imagine
>> sensitivity around security of the system.
> 
> 
> If answer to above question is "No" then
> Is there a way to access rest configured URIs from the interceptor?
> 
>> S.B : I can'r recall the code right now but you can get a list of all the
>> endpoint addresses from a DestinationManager bus extension. However, it
>> won't give a list of restful endpoints only...
> 
>> J. M: May be this one will work.
> 
> 
> I'm wondering, may be I'm not understanding your question ? 
> Cheers, Sergey 
> 
> Jiggy.
> 
> 
> Sergey Beryozkin-2 wrote:
>> 
>> Hi
>> 
>> You can have uri values to be matched injected into your custom
>> interceptor at configuration time if needed...
>> Cheers, Sergey
>> 
>> -----Original Message-----
>> From: JMalkan [mailto:jmalkan@mail.com] 
>> Sent: 15 February 2010 20:32
>> To: users@cxf.apache.org
>> Subject: Re: How to make WADL requests to pass through Interceptor
>> 
>> 
>> Hi Sergey,
>> 
>> I appreciate quick response. I have been doing most of what you
>> suggested.
>> This is a coding solution requiring knowledge of expacted URIs.
>> 
>> Is there a way to configure this?
>> 
>> 
>> 
>> Jiggy.
>> 
>> 
>> Sergey Beryozkin-2 wrote:
>>> 
>>> Hi
>>> 
>>> If you use a CXF interceptor then you can get a Message.QUERY_STRING
>>> value
>>> from a current Message and check if it contains a _wadl 
>>> part and if yes then let the request continue...
>>> 
>>> Likewise given that you use JAXRS, you can get OperationResourceInfo and
>>> the actual method name from a current exchange :
>>> 
>>> exchange.get(OperationResourceInfo.class).getMethodToInvoke().getName()
>>> and you also can get the name of the resource class about to be invoked
>>> upon :
>>> 
>>> exchange.get(ClassResourceInfo.class).getServiceClass().getName()
>>> 
>>> and if it's AuthService and it's login/logout then let the request to
>>> continue
>>> 
>>> Hope it helps, Sergey
>>> 
>>> I am a newbee. I have an interceptor that extends from
>>> AbstractPhaseInterceptor. This has been configured in spring cxf bus as
>>> follows:
>>> 
>>> <cxf:bus name="cxf-bus">
>>>   <cxf:inInterceptors>'
>>>     <ref bean="myAuthIntercept"/>
>>>   </cxf:inInterceptors>
>>> </cxf:bus>
>>> 
>>> The interceptors main job is to only allow authenticated user to access
>>> service.
>>> There are couple of exceptions.
>>> 1. A WADL request for the published services.
>>>    Currently I have a hard coded list of URIs. Not a good solution. I
>>> would
>>> like to know if there is a way either to avoid interceptor invocation on
>>> WADL requests or access REST URIs dynamically?
>>> 2. A request made to login/logout operation call made to AuthService.
>>>     Is there a way to make exception for this one service? I have many
>>> services configured and would prefer not to configure each service with
>>> in/out/fault interceptions.
>>> 
>>> 
>>> 
>>> Jiggy.
>>> -- 
>>> View this message in context:
>>> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27595561.html
>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>> 
>>> 
>>> 
>> 
>> -- 
>> View this message in context:
>> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599555.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>> 
>> 
>> 
> 
> -- 
> View this message in context:
> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599801.html
> Sent from the cxf-user mailing list archive at Nabble.com.
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27601801.html
Sent from the cxf-user mailing list archive at Nabble.com.

RE: How to make WADL requests to pass through Interceptor

[Sergey Beryozkin <sb...@progress.com>]

Hi

There's no CXF specific solution. Please see more comments inline


Hi Sergey,

Again I greatly appreciate quick response.

That is a potential solution. But still concerned about maintainability as
new services gets configured or existing gets modified.

Is there a way to tell CXF not to invoke interceptor for AuthService and
wadl requests?

> S.B I'm not quite seeing why checking a Message.QUERY_STRING for a _wadl fragment does not fit as a general-enough solution ? Likewise, a custom AuthService is not something CXF is aware of...what is problematic in configuring an interceptor with the list of URI which have to be accepted and check them against say Message.REQUEST_URI ?

If answer to above question is "No" then
Is there a way to access rest configured URIs from the interceptor?

> S.B : I can'r recall the code right now but you can get a list of all the endpoint addresses from a DestinationManager bus extension. However, it won't give a list of restful endpoints only...

I'm wondering, may be I'm not understanding your question ? 
Cheers, Sergey 

Jiggy.


Sergey Beryozkin-2 wrote:
> 
> Hi
> 
> You can have uri values to be matched injected into your custom
> interceptor at configuration time if needed...
> Cheers, Sergey
> 
> -----Original Message-----
> From: JMalkan [mailto:jmalkan@mail.com] 
> Sent: 15 February 2010 20:32
> To: users@cxf.apache.org
> Subject: Re: How to make WADL requests to pass through Interceptor
> 
> 
> Hi Sergey,
> 
> I appreciate quick response. I have been doing most of what you suggested.
> This is a coding solution requiring knowledge of expacted URIs.
> 
> Is there a way to configure this?
> 
> 
> 
> Jiggy.
> 
> 
> Sergey Beryozkin-2 wrote:
>> 
>> Hi
>> 
>> If you use a CXF interceptor then you can get a Message.QUERY_STRING
>> value
>> from a current Message and check if it contains a _wadl 
>> part and if yes then let the request continue...
>> 
>> Likewise given that you use JAXRS, you can get OperationResourceInfo and
>> the actual method name from a current exchange :
>> 
>> exchange.get(OperationResourceInfo.class).getMethodToInvoke().getName()
>> and you also can get the name of the resource class about to be invoked
>> upon :
>> 
>> exchange.get(ClassResourceInfo.class).getServiceClass().getName()
>> 
>> and if it's AuthService and it's login/logout then let the request to
>> continue
>> 
>> Hope it helps, Sergey
>> 
>> I am a newbee. I have an interceptor that extends from
>> AbstractPhaseInterceptor. This has been configured in spring cxf bus as
>> follows:
>> 
>> <cxf:bus name="cxf-bus">
>>   <cxf:inInterceptors>'
>>     <ref bean="myAuthIntercept"/>
>>   </cxf:inInterceptors>
>> </cxf:bus>
>> 
>> The interceptors main job is to only allow authenticated user to access
>> service.
>> There are couple of exceptions.
>> 1. A WADL request for the published services.
>>    Currently I have a hard coded list of URIs. Not a good solution. I
>> would
>> like to know if there is a way either to avoid interceptor invocation on
>> WADL requests or access REST URIs dynamically?
>> 2. A request made to login/logout operation call made to AuthService.
>>     Is there a way to make exception for this one service? I have many
>> services configured and would prefer not to configure each service with
>> in/out/fault interceptions.
>> 
>> 
>> 
>> Jiggy.
>> -- 
>> View this message in context:
>> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27595561.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>> 
>> 
>> 
> 
> -- 
> View this message in context:
> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599555.html
> Sent from the cxf-user mailing list archive at Nabble.com.
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599801.html
Sent from the cxf-user mailing list archive at Nabble.com.

RE: How to make WADL requests to pass through Interceptor

[JMalkan <jm...@mail.com>]

Hi Sergey,

Again I greatly appreciate quick response.

That is a potential solution. But still concerned about maintainability as
new services gets configured or existing gets modified.

Is there a way to tell CXF not to invoke interceptor for AuthService and
wadl requests?
If answer to above question is "No" then
Is there a way to access rest configured URIs from the interceptor?


Jiggy.


Sergey Beryozkin-2 wrote:
> 
> Hi
> 
> You can have uri values to be matched injected into your custom
> interceptor at configuration time if needed...
> Cheers, Sergey
> 
> -----Original Message-----
> From: JMalkan [mailto:jmalkan@mail.com] 
> Sent: 15 February 2010 20:32
> To: users@cxf.apache.org
> Subject: Re: How to make WADL requests to pass through Interceptor
> 
> 
> Hi Sergey,
> 
> I appreciate quick response. I have been doing most of what you suggested.
> This is a coding solution requiring knowledge of expacted URIs.
> 
> Is there a way to configure this?
> 
> 
> 
> Jiggy.
> 
> 
> Sergey Beryozkin-2 wrote:
>> 
>> Hi
>> 
>> If you use a CXF interceptor then you can get a Message.QUERY_STRING
>> value
>> from a current Message and check if it contains a _wadl 
>> part and if yes then let the request continue...
>> 
>> Likewise given that you use JAXRS, you can get OperationResourceInfo and
>> the actual method name from a current exchange :
>> 
>> exchange.get(OperationResourceInfo.class).getMethodToInvoke().getName()
>> and you also can get the name of the resource class about to be invoked
>> upon :
>> 
>> exchange.get(ClassResourceInfo.class).getServiceClass().getName()
>> 
>> and if it's AuthService and it's login/logout then let the request to
>> continue
>> 
>> Hope it helps, Sergey
>> 
>> I am a newbee. I have an interceptor that extends from
>> AbstractPhaseInterceptor. This has been configured in spring cxf bus as
>> follows:
>> 
>> <cxf:bus name="cxf-bus">
>>   <cxf:inInterceptors>'
>>     <ref bean="myAuthIntercept"/>
>>   </cxf:inInterceptors>
>> </cxf:bus>
>> 
>> The interceptors main job is to only allow authenticated user to access
>> service.
>> There are couple of exceptions.
>> 1. A WADL request for the published services.
>>    Currently I have a hard coded list of URIs. Not a good solution. I
>> would
>> like to know if there is a way either to avoid interceptor invocation on
>> WADL requests or access REST URIs dynamically?
>> 2. A request made to login/logout operation call made to AuthService.
>>     Is there a way to make exception for this one service? I have many
>> services configured and would prefer not to configure each service with
>> in/out/fault interceptions.
>> 
>> 
>> 
>> Jiggy.
>> -- 
>> View this message in context:
>> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27595561.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>> 
>> 
>> 
> 
> -- 
> View this message in context:
> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599555.html
> Sent from the cxf-user mailing list archive at Nabble.com.
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599801.html
Sent from the cxf-user mailing list archive at Nabble.com.

RE: How to make WADL requests to pass through Interceptor

[Sergey Beryozkin <sb...@progress.com>]

Hi

You can have uri values to be matched injected into your custom interceptor at configuration time if needed...
Cheers, Sergey

-----Original Message-----
From: JMalkan [mailto:jmalkan@mail.com] 
Sent: 15 February 2010 20:32
To: users@cxf.apache.org
Subject: Re: How to make WADL requests to pass through Interceptor


Hi Sergey,

I appreciate quick response. I have been doing most of what you suggested.
This is a coding solution requiring knowledge of expacted URIs.

Is there a way to configure this?



Jiggy.


Sergey Beryozkin-2 wrote:
> 
> Hi
> 
> If you use a CXF interceptor then you can get a Message.QUERY_STRING value
> from a current Message and check if it contains a _wadl 
> part and if yes then let the request continue...
> 
> Likewise given that you use JAXRS, you can get OperationResourceInfo and
> the actual method name from a current exchange :
> 
> exchange.get(OperationResourceInfo.class).getMethodToInvoke().getName()
> and you also can get the name of the resource class about to be invoked
> upon :
> 
> exchange.get(ClassResourceInfo.class).getServiceClass().getName()
> 
> and if it's AuthService and it's login/logout then let the request to
> continue
> 
> Hope it helps, Sergey
> 
> I am a newbee. I have an interceptor that extends from
> AbstractPhaseInterceptor. This has been configured in spring cxf bus as
> follows:
> 
> <cxf:bus name="cxf-bus">
>   <cxf:inInterceptors>'
>     <ref bean="myAuthIntercept"/>
>   </cxf:inInterceptors>
> </cxf:bus>
> 
> The interceptors main job is to only allow authenticated user to access
> service.
> There are couple of exceptions.
> 1. A WADL request for the published services.
>    Currently I have a hard coded list of URIs. Not a good solution. I
> would
> like to know if there is a way either to avoid interceptor invocation on
> WADL requests or access REST URIs dynamically?
> 2. A request made to login/logout operation call made to AuthService.
>     Is there a way to make exception for this one service? I have many
> services configured and would prefer not to configure each service with
> in/out/fault interceptions.
> 
> 
> 
> Jiggy.
> -- 
> View this message in context:
> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27595561.html
> Sent from the cxf-user mailing list archive at Nabble.com.
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599555.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: How to make WADL requests to pass through Interceptor

[JMalkan <jm...@mail.com>]

Hi Sergey,

I appreciate quick response. I have been doing most of what you suggested.
This is a coding solution requiring knowledge of expacted URIs.

Is there a way to configure this?



Jiggy.


Sergey Beryozkin-2 wrote:
> 
> Hi
> 
> If you use a CXF interceptor then you can get a Message.QUERY_STRING value
> from a current Message and check if it contains a _wadl 
> part and if yes then let the request continue...
> 
> Likewise given that you use JAXRS, you can get OperationResourceInfo and
> the actual method name from a current exchange :
> 
> exchange.get(OperationResourceInfo.class).getMethodToInvoke().getName()
> and you also can get the name of the resource class about to be invoked
> upon :
> 
> exchange.get(ClassResourceInfo.class).getServiceClass().getName()
> 
> and if it's AuthService and it's login/logout then let the request to
> continue
> 
> Hope it helps, Sergey
> 
> I am a newbee. I have an interceptor that extends from
> AbstractPhaseInterceptor. This has been configured in spring cxf bus as
> follows:
> 
> <cxf:bus name="cxf-bus">
>   <cxf:inInterceptors>'
>     <ref bean="myAuthIntercept"/>
>   </cxf:inInterceptors>
> </cxf:bus>
> 
> The interceptors main job is to only allow authenticated user to access
> service.
> There are couple of exceptions.
> 1. A WADL request for the published services.
>    Currently I have a hard coded list of URIs. Not a good solution. I
> would
> like to know if there is a way either to avoid interceptor invocation on
> WADL requests or access REST URIs dynamically?
> 2. A request made to login/logout operation call made to AuthService.
>     Is there a way to make exception for this one service? I have many
> services configured and would prefer not to configure each service with
> in/out/fault interceptions.
> 
> 
> 
> Jiggy.
> -- 
> View this message in context:
> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27595561.html
> Sent from the cxf-user mailing list archive at Nabble.com.
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599555.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: How to make WADL requests to pass through Interceptor

[Sergey Beryozkin <sb...@progress.com>]

Hi

If you use a CXF interceptor then you can get a Message.QUERY_STRING value from a current Message and check if it contains a _wadl 
part and if yes then let the request continue...

Likewise given that you use JAXRS, you can get OperationResourceInfo and the actual method name from a current exchange :

exchange.get(OperationResourceInfo.class).getMethodToInvoke().getName()
and you also can get the name of the resource class about to be invoked upon :

exchange.get(ClassResourceInfo.class).getServiceClass().getName()

and if it's AuthService and it's login/logout then let the request to continue

Hope it helps, Sergey

I am a newbee. I have an interceptor that extends from
AbstractPhaseInterceptor. This has been configured in spring cxf bus as
follows:

<cxf:bus name="cxf-bus">
  <cxf:inInterceptors>'
    <ref bean="myAuthIntercept"/>
  </cxf:inInterceptors>
</cxf:bus>

The interceptors main job is to only allow authenticated user to access
service.
There are couple of exceptions.
1. A WADL request for the published services.
   Currently I have a hard coded list of URIs. Not a good solution. I would
like to know if there is a way either to avoid interceptor invocation on
WADL requests or access REST URIs dynamically?
2. A request made to login/logout operation call made to AuthService.
    Is there a way to make exception for this one service? I have many
services configured and would prefer not to configure each service with
in/out/fault interceptions.



Jiggy.
-- 
View this message in context: http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27595561.html
Sent from the cxf-user mailing list archive at Nabble.com.