[GitHub] [cxf] davidkarlsen commented on a change in pull request #533: Drop @PreMatching - no need for it

[GitBox]

davidkarlsen commented on a change in pull request #533: Drop @PreMatching - no 
need for it
URL: https://github.com/apache/cxf/pull/533#discussion_r272134759
 
 

 ##########
 File path: 
rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/filters/VerifySignatureFilter.java
 ##########
 @@ -23,14 +23,12 @@
 import javax.ws.rs.Priorities;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
-import javax.ws.rs.container.PreMatching;
 import javax.ws.rs.ext.Provider;
 
 /**
  * RS CXF container Filter which extracts signature data from the context and 
sends it to the message verifier
  */
 @Provider
-@PreMatching
 
 Review comment:
   Hm - that's actually where I need it in order to do:
   
   ```
   +@Provider
   +@Priority(Priorities.AUTHENTICATION)
   +public class DynamicVerifySignatureFilter implements ResourceInfoAware, 
ContainerRequestFilter {
   +  private final Logger logger = 
LoggerFactory.getLogger(DynamicVerifySignatureFilter.class);
   +  private final ContainerRequestFilter delegate;
   +  private ResourceInfo resourceInfo;
   +
   +  public DynamicVerifySignatureFilter(ContainerRequestFilter delegate) {
   +    this.delegate = delegate;
   +  }
   +
   +  @Override
   +  public void filter(ContainerRequestContext requestContext) throws 
IOException {
   +    if (isIgnored()) {
   +      logger.warn(
   +          "Resource: class: {} method: {} is exempted for signature-check",
   +          resourceInfo.getResourceClass(),
   +          resourceInfo.getResourceMethod().getName());
   +    } else {
   +      this.delegate.filter(requestContext);
   +    }
   +  }
   +
   +  private boolean isIgnored() {
   +    return null
   +            != AnnotationUtils.findAnnotation(
   +                getResourceInfo().getResourceMethod(), IgnoreSigning.class)
   +        || null
   +            != AnnotationUtils.findAnnotation(
   +                getResourceInfo().getResourceClass(), IgnoreSigning.class);
   +  }
   +
   +  @Override
   +  public void setResourceInfo(ResourceInfo resourceInfo) {
   +    this.resourceInfo = resourceInfo;
   +  }
   +
   +  private ResourceInfo getResourceInfo() {
   +    return new ResourceInfoImpl(PhaseInterceptorChain.getCurrentMessage());
   +  }
   ```
   
   or else the resourceInfo can't be resolved at this stage.
   I can however keep on wrapping it in a delegate filter as shown to defer the 
decision until the matcher has found the target resource - but it adds cruft.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services