Hi
On 28/11/14 12:34, Peter De Winter wrote:
Hello all,
I have more of high level question regarding CXF and JAX-RS in which I would
appreciate and help on understanding the topics.
Since we are working on security it is really important I get a conceptual
grasp on the following concepts.
When combining the documentation provided by CXF and the JAX-RS spec I have
identified following structures:
- Providers
- Interceptors
- Filters
I'm not bringing servlet filters and such in scope though.
My understanding, to this point, is interceptors form the basic worker logic
within the bus. The filters (also known as handlers) are actually being handled
by a specific interceptor which implements the JAX-RS spec, the
JAXRSInInterceptor and JAXRSOutInterceptor.
But next to this there also are providers defined in the spec and that is the one I have issues
with finding where they are "found" and "executed".
Is there a location where I would be able to see these providers actually being
"called"?
CXF uses its own native inbound and outbound interceptors to manage the
server and client invocation chains.
For example, as you pointed out, CXF JAXRSInInterceptor and
JAXRSOutInterceptor do most of the server-side JAX-RS runtime
processing. This can be refactored in the future to have the
implementation 'spread out' across multiple CXF interceptors with each
of the interceptor doing various fine grained pieces of activity tio
make the implementation less 'monolotic' , as CXF JAX-WS does now.
As far as JAX-RS 2.0 is concerned it introduces its own standard JAX-RS
filter and interceptor API - this is not related to CXF interceptors.
For example, CXF JAXSOutInterceptor would run registered JAX-RS
ContainerResponseFilter and WriterInterceptor instances as part of its
execution, JAXRSInInterceptor would do the same for JAX-RS
ContainerRequestFilter and ReaderInterceptor instances.
In the JAX-RS world, JAX-RS filters, interceptors and message body
readers/writers can all be qualified as providers.
There is also one provider that I don't get OAuthRequestFilter. Is it a
provider or filter?
I guess the name is not very intuitive. It's a JAX-RS 2.0
ContainerRequestFilter provider :-)
HTH, Sergey
Thank you for any clarification.
Peter De Winter
