Hey i am new to micronaut , and wanted to implement some filters like ContainerRequestFilter and ContainerResponseFilter that are present in JAX-RS.
I know that HttpServerFilter is used a lot in micronaut and like other filters it can intercept http calls , but i am looking to find a way to implement filters that specific in either : incoming HttpRequest or outgoing request !
Thanks a lot for
I have made a filter but i am not sure how to specify the filter to either looks only incoming request of outgoing request like ContainerRequestFilter and ContainerResponseFilter.
For outgoing you could use the HTTP Client Filter
https://guides.micronaut.io/latest/micronaut-http-client-maven-java.html#http-client-filter
and for incoming i guess the HTTP Server Filter should do
https://docs.micronaut.io/latest/api/io/micronaut/http/filter/HttpServerFilter.html
https://guides.micronaut.io/latest/micronaut-multitenancy-propagation-gradle-groovy.html#http-filter-cookie-redirect its groovy but i think that shows how to use them.
Related
I use Quarkus 1.6.1.Final version with GraphQL implementation using SmallRye GraphQL. My aim is to define logic to check user permissions on every request (Query + Mutation) made to /graphql endpoint. So, I am trying to find something like jax-rs ContainerRequestFilter but for GraphQL. Do you have any ideas on how to do it? I've tried to define ContainerRequestFilter but it catches only RestEasy requests but not GraphQL ones.
I was looking into this myself. It seems like GraphQL directly registers a Vert.X routing call [1] rather than using Undertow(servlets) or RestEASY(jaxrs). This is so it can do stuff like partial results more easily from what I can tell.
You're going to want to look at intercepting Vert.X requests using the RouteFilter annotation. I've included the link below, but it works a lot like the ContainerRequestFilter from jax-rs. I've copied the sample code from the Quarkus help guide [2] to provide a quick example:
package org.acme.reactive.routes;
import io.vertx.ext.web.RoutingContext;
public class MyFilters {
#RouteFilter(100)
void myFilter(RoutingContext rc) {
// Put your logic here
// continue the filtering of the request
rc.next();
}
}
1: https://github.com/quarkusio/quarkus/blob/master/extensions/smallrye-graphql/runtime/src/main/java/io/quarkus/smallrye/graphql/runtime/SmallRyeGraphQLRecorder.java
2: https://quarkus.io/guides/reactive-routes#intercepting-http-requests
Basic Spring Security is great as it comes with WebSecurity (preventing malformed URLs) along with setting up authentication and authorization.
As part of authenticating my web request, the digest of the request body needs to be verified against the digest value passed in the http header. Setting up the Spring Security filter, forces my auth filter to process a firewalled request. The firewalled request doesn't seem to expose the request body to the filter.
What is the correct way to set up the Spring Security filter so that I can inspect the request body?
Thanks!
In Spring Security there are many filter classes built in for to be extended and used for specific purposes. As in my experience most of (or all of them) have methods with overloads which have access to,
HttpServletRequest request, HttpServletResponse response
as method arguments, so that those can be used inside the method.
When the filter class is met with any request, these variables are then populated with related data thus the code inside the methods output as expected.
How can I log all requests in Spring MVC, even the resource not founds ones?
I guess interceptors can not log resource not found requests. What do you suggest?
Have you tried using implementation of javax.servlet.Filter?
Filter in contrary to Spring's interceptor is part of a Java's standard and is executed by the servlet container for each incoming HTTP request..
Spring MVC use exactly one servlet and that is DispatcherServlet which, as the name suggest, disptach received request to correct controller which process the request futher.
Spring even provide few concrete implementations of Filter that can log incoming request for you such as: CommonsRequestLoggingFilter or ServletContextRequestLoggingFilter.
You can choose one of the above implementations or implement Filter interface by yourself - whatever you decide, by using Filter you should be able to log every single request received by your servlet container.
I was trying to understand the use of InterceptingAsyncClientHttpRequestFactory. When run test with MockRestServiceServer I saw requestFactory is decorated with this ResquestFactory. Is there any other use of this requestFactory? Basically I want to know the idea behind InterceptingAsyncClientHttpRequestFactory. As I couldn't find any examples to use it.
Below code doesn't work.
AsyncClientHttpRequestFactory clientHttpRequestFactory = new HttpComponentsAsyncClientHttpRequestFactory(
httpAsyncClient);
List<AsyncClientHttpRequestInterceptor> interceptors = new ArrayList<>(1);
interceptors.add(asyncRestReqResInterceptor());
AsyncClientHttpRequestFactory interceptorFactory = new InterceptingAsyncClientHttpRequestFactory(
clientHttpRequestFactory, interceptors);
AsyncRestTemplate asyncRestTemplate = new AsyncRestTemplate(interceptorFactory);
Please let me know the correct implementation.
The general idea behind request factory is that you can customize how HttpAccessor implementations, like RestTemplate, makes requests. If you don't specify anything you get non-pooled HttpURLConnection, but spring offers factories for Appache HttpClient and other 3rd part libraries.
InterceptingAsyncClientHttpRequestFactory is a decorator, which allows you to plug-in Interceptors that modify the request befor it is sent. One such Interceptor is the BasicAuthorizationInterceptor which adds the Authorization header to every request. If you have stuff you need to do to every request you can create your own ClientHttpRequestInterceptor.
I am currently working on a RESTeasy based RESTful service. I have a filter class which serves as a server request filter as well as a server response filter (i.e. it implements ContainerRequestFilter and ContainerResponseFilter interfaces).
At the beginning of the request, I use the filter to put an object into ThreadLocal. This object is used by the resources throughout the request. At the end of the request, before sending out the response, the filter removes the object from ThreadLocal.
My question is that is there a guarantee that the the request filter, the resource and the response filter will all execute in the same thread? Is there a possibility that after the request filter puts the object into ThreadLocal, a different thread will execute the request (and thus not have access to the object)?
I was sure that this was the case but then I saw this http://jersey.576304.n2.nabble.com/Does-filter-method-of-ContainerRequestFilter-run-in-resource-method-thread-td7582648.html (official Jersey forum) and now I have doubts.
javax.ws.rs.container.ContainerRequestContext.setProperty(...)
and
javax.ws.rs.container.ContainerRequestContext.getProperty(...)
are probably the right approach. The javadoc states:
In a Servlet container, the properties are synchronized with the ServletRequest and expose all the attributes available in the ServletRequest. Any modifications of the properties are also reflected in the set of properties of the associated ServletRequest.