davidkarlsen commented on a change in pull request #533: Drop @PreMatching - no need for it URL: https://github.com/apache/cxf/pull/533#discussion_r272136186
########## File path: rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/filters/VerifySignatureFilter.java ########## @@ -23,14 +23,12 @@ import javax.ws.rs.Priorities; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerRequestFilter; -import javax.ws.rs.container.PreMatching; import javax.ws.rs.ext.Provider; /** * RS CXF container Filter which extracts signature data from the context and sends it to the message verifier */ @Provider -@PreMatching Review comment: What is the reason for having it in @PreMatching as https://docs.jboss.org/resteasy/docs/3.0.21.Final/userguide/html/Interceptors.html seems to suggest that the use-case for PreMatching is mainly for altering the request (which might influence the matcher): `Pre-matching ContainerRequestFilters are designated with the @PreMatching annotation and will execute before the JAX-RS resource method is matched with the incoming HTTP request. Pre-matching filters often are used to modify request attributes to change how it matches to a specific resource method (i.e. strip .xml and add an Accept header). ContainerRequestFilters can abort the request by calling ContainerRequestContext.abortWith(Response). A filter might want to abort if it implements a custom authentication protocol.` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
