davidkarlsen commented on a change in pull request #533: Drop @PreMatching - no need for it URL: https://github.com/apache/cxf/pull/533#discussion_r272134759
########## File path: rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/filters/VerifySignatureFilter.java ########## @@ -23,14 +23,12 @@ import javax.ws.rs.Priorities; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerRequestFilter; -import javax.ws.rs.container.PreMatching; import javax.ws.rs.ext.Provider; /** * RS CXF container Filter which extracts signature data from the context and sends it to the message verifier */ @Provider -@PreMatching Review comment: Hm - that's actually where I need it in order to do: ``` +@Provider +@Priority(Priorities.AUTHENTICATION) +public class DynamicVerifySignatureFilter implements ResourceInfoAware, ContainerRequestFilter { + private final Logger logger = LoggerFactory.getLogger(DynamicVerifySignatureFilter.class); + private final ContainerRequestFilter delegate; + private ResourceInfo resourceInfo; + + public DynamicVerifySignatureFilter(ContainerRequestFilter delegate) { + this.delegate = delegate; + } + + @Override + public void filter(ContainerRequestContext requestContext) throws IOException { + if (isIgnored()) { + logger.warn( + "Resource: class: {} method: {} is exempted for signature-check", + resourceInfo.getResourceClass(), + resourceInfo.getResourceMethod().getName()); + } else { + this.delegate.filter(requestContext); + } + } + + private boolean isIgnored() { + return null + != AnnotationUtils.findAnnotation( + getResourceInfo().getResourceMethod(), IgnoreSigning.class) + || null + != AnnotationUtils.findAnnotation( + getResourceInfo().getResourceClass(), IgnoreSigning.class); + } + + @Override + public void setResourceInfo(ResourceInfo resourceInfo) { + this.resourceInfo = resourceInfo; + } + + private ResourceInfo getResourceInfo() { + return new ResourceInfoImpl(PhaseInterceptorChain.getCurrentMessage()); + } ``` or else the resourceInfo can't be resolved at this stage. I can however keep on wrapping it in a delegate filter as shown to defer the decision until the matcher has found the target resource - but it adds cruft. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services