JavaEE - Cannot get rid of session - session

I built web application using JavaEE, JSF and one Servlet.
I use security via Glassfish and web.xml . When I'm logged in I can do whatever I'm allowed to but as soon as I log out the problem happens.
Exactly I logout, I'm redirected to the homepage, in the other (unsecured) pages is the session no longer visible, but as soon as I get into the secured page - here it is named secured.xhtml - I get my session back and I can see my info and do whatever I was allowed to do before once again.
Imo the problem starts at user data constraint in web.xml and
transport guarantee set to CONFIDENTIAL. If I don't set it my informations are not visible on the other pages, but the logout is still not working, if it is set it just shows it on all pages as said before.
This is my web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app
id="WebApp_ID" version="3.1"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<display-name>IssueTrack</display-name>
<!-- Change to "Production" when you are ready to deploy -->
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<!-- Welcome page -->
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
<!-- JSF mapping -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Map these files with JSF -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>issuetrack-realm</realm-name>
</login-config>
<security-role>
<role-name>User</role-name>
</security-role>
<security-role>
<role-name>Admin</role-name>
</security-role>
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/index.xhtml</location>
</error-page>
<session-config>
<tracking-mode>COOKIE</tracking-mode>
<cookie-config>
<secure>true</secure>
<http-only>true</http-only>
</cookie-config>
<session-timeout>5</session-timeout>
</session-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secured pages</web-resource-name>
<description/>
<url-pattern>secured.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
LogoutServlet which (should) logout logged user.
public class LogoutServlet extends HttpServlet {
#Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// Destroys the session for this user.
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
request.logout();
}
response.sendRedirect("/");
}
}
EDIT
context.xml looks like this
<?xml version="1.0" encoding="UTF-8"?>
<Context antiJARLocking="true" path="/" />
glassfish-web.xml looks like
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC
"-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN"
"http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="/">
<context-root>/</context-root>
<security-role-mapping>
<role-name>Admin</role-name>
<principal-name>Admin</principal-name>
<group-name>Admin</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>User</role-name>
<principal-name>User</principal-name>
<group-name>User</group-name>
</security-role-mapping>
</glassfish-web-app>
My Beans all look like this..
#Named
#RequestScoped
public class IssueBean extends BasicBean {
private long id;
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
#Inject
private IssueService gServ;
private Issue issue = new Issue();
public List<Issue> getIssues() {
try {
return gServ.viewAll();
} catch (ValidationException ex) {
showException(ex);
return null;
}
}
public Issue getIssueById() {
if (id < 1) {
navigate("/issues.xhtml");
}
try {
issue = gServ.view(id);
} catch (ValidationException ex) {
showException(ex);
}
if (issue == null || issue.getPriority()== null) {
navigate("/issues.xhtml");
}
return issue;
}
public Issue getIssue() {
return issue;
}
public void setIssue(Issue issue) {
this.issue = issue;
}
public String saveIssue() {
try {
gServ.add(issue);
return "/issues.xhtml?faces-redirect=true";
} catch (ValidationException ex) {
showException(ex);
return "";
}
}
public String updateIssue() {
try {
gServ.edit(issue);
return "/issues.xhtml?faces-redirect=true";
} catch (ValidationException ex) {
showException(ex);
return "";
}
}
public void init() {
if (id < 1) {
navigate("/issues.xhtml");
}
try {
issue = gServ.view(id);
} catch (ValidationException ex) {
showException(ex);
}
if (issue == null || issue.getPriority()== null) {
navigate("/issues.xhtml");
}
}
}
Where Basic Bean looks like this
public class BasicBean {
protected void navigate(String where) {
ConfigurableNavigationHandler nav
= (ConfigurableNavigationHandler) FacesContext.getCurrentInstance().getApplication().getNavigationHandler();
nav.performNavigation(where);
}
protected void showException(Exception ex){
FacesContext.getCurrentInstance().addMessage(null, new FacesMessage("Validation Error - " + ex.getMessage(), ex.toString()));
}
}

I guess this is happening because you are using BASIC auth method in your application which doesn't require cookies, session identifier and login pages, rather uses standard HTTP headers. This means once user is authenticated, each request contains login info, so user is automatically logged in next time he access the site.
So one way to deal with it is to implement Form-Based Authentication. Or if you wish to stick with BASIC - use suggestions given in this thread.
For more info on authentication mechanisms see Java EE tutorial.

I think you are able to use the previous secured pages because the session is being cached by your browser. Include the following as part of the logout so that the response is not cached. This should also work on all browsers.
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);

Related

JSP linking with Java Servlet BackEnd Code

I am trying to link my Jsp page with my servlet but I'm getting this error :
javax.servlet.ServletException: Servlet.init() for servlet ImageServlet threw exception
java.lang.IllegalStateException: No WebApplicationContext found: no ContextLoaderListener registered`
Below is my Servlet code :
package servlet;
#Component("ImageServlet")
public class ImageServlet implements HttpRequestHandler {
#Autowired
imageDA imageda = new imageDA();
ResultSet rs = null;
byte[] thumb ;// get the thumb from the user entity
#Override
public void handleRequest(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
int generatedDocId = Integer.parseInt(request.getParameter("generatedDocId"));
try{
rs = imageda.getAllImage(generatedDocId);
if(rs.next()){
thumb = rs.getBytes("IMAGE");
}
}catch(SQLException ex){
ex.getMessage();
}
String name = "images";
response.setContentType("image/jpeg");
response.setContentLength(thumb.length);
response.setHeader("Content-Disposition", "inline; filename=\"" + name+ "\"");
BufferedInputStream input = null;
BufferedOutputStream output = null;
try {
input = new BufferedInputStream(new ByteArrayInputStream(thumb));
output = new BufferedOutputStream(response.getOutputStream());
byte[] buffer = new byte[8192];
int length;
while ((length = input.read(buffer)) > 0) {
output.write(buffer, 0, length);
}
} catch (IOException e) {
System.out.println("There are errors in reading/writing image stream "
+ e.getMessage());
} finally {
if (output != null) {
try {
output.close();
} catch (IOException ignore) {
}
}
if (input != null) {
try {
input.close();
} catch (IOException ignore) {
}
}
}
}
}
and this is my XML code linking to my viewData.jsp JSP page :
<servlet>
<servlet-name>ImageServlet</servlet-name>
<servlet-class>org.springframework.web.context.support.HttpRequestHandlerServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ImageServlet</servlet-name>
<url-pattern>/viewData.jsp</url-pattern>
</servlet-mapping>
</web-app>
Edited, here is my full version of XML codes. I use most of them for my Request.getPart(), tried to configure XML for spring but it doesn't work.Thanks for helping
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<servlet>
<servlet-name>UploadFile</servlet-name>
<jsp-file>/projectAddData.jsp</jsp-file>
<multipart-config>
<max-file-size>20848820</max-file-size>
<max-request-size>418018841</max-request-size>
<file-size-threshold>1048576</file-size-threshold>
</multipart-config>
</servlet>
<servlet-mapping>
<servlet-name>UploadFile</servlet-name>
<url-pattern>/projectAddData.jsp</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>UploadFile1</servlet-name>
<jsp-file>/addClaim.jsp</jsp-file>
<multipart-config>
<max-file-size>20848820</max-file-size>
<max-request-size>418018841</max-request-size>
<file-size-threshold>1048576</file-size-threshold>
</multipart-config>
</servlet>
<servlet>
<servlet-name>UploadServlet1</servlet-name>
<servlet-class>UploadServlet1</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>UploadFile1</servlet-name>
<url-pattern>/addClaim.jsp</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>UploadFile2</servlet-name>
<jsp-file>/addInvoice.jsp</jsp-file>
<multipart-config>
<max-file-size>20848820</max-file-size>
<max-request-size>418018841</max-request-size>
<file-size-threshold>1048576</file-size-threshold>
</multipart-config>
</servlet>
<servlet>
<servlet-name>UploadServlet2</servlet-name>
<servlet-class>UploadServlet2</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>UploadFile2</servlet-name>
<url-pattern>/addInvoice.jsp</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>imageServlet</servlet-name>
<servlet-class>org.springframework.web.context.support.HttpRequestHandlerServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>imageServlet</servlet-name>
<url-pattern>/viewData.jsp</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<!-- The path to your main spring xml file, for example: /WEB-INF/spring-config.xml -->
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
</web-app>
The exception is telling you that although you intend to use spring, the ApplicationContext can't be loaded due to the absence of a required listener configuration. Spring needs to know the path to your main bean config file, and the missing listener is what it uses to find that information.
Add this to your web.xml (as a child of the root <web-app> element, and your web app will start (or at least make it past the error you're getting now).
<context-param>
<param-name>contextConfigLocation</param-name>
<!-- The path to your main spring xml file, for example: /WEB-INF/spring-config.xml -->
<param-value>/WEB-INF/spring-config.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>

Jersey SQLException Mapper not Called

This is my SqlExceptionMapper
#Provider
public class SqlExceptionMapper implements ExceptionMapper<SQLException> {
#Override
public Response toResponse(SQLException e){
return ResponseBuilder.error(Response.Status.UNAUTHORIZED.getStatusCode(), "success", null, e.getMessage());
}
}
Here I am throwing exception in catch block of my function
public void myfunction()throws SQLException {
try {
// some code that throws an sql exception
} catch (SQLException e) {
final Logger logger = Logger.getLogger(Image.class);
logger.error("This is error", e);
throw new SQLException();
}
}
This is my web.xml
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
<display-name>Archetype Created Web Application -image Rest API's</display-name>
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.image.controller;com.image.exceptionmapper</param-value>
<param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
</web-app>
I have debugged my code and my catch block is throwing SQLException, the only problem is it is not mapping to the mapper which I have created.
I think I did some thing wrong with the naming.
I renamed my class from sqlExceptionMapper to SQLExceptionMapper and recompiled it.It is working for me.
Thanks

CORS Response Filter not invoked Resteasy / JAX-RS 2.0

I am trying to implement a CORS response filer to allow cross-domain reference from my JavaScript front-end. I am using Wildfly 10.0.final which comes with Resteasy that is JAX-RS 2.0 compliment if I understand correctly.
EDIT: added #Provider to the CorsResponseFilter, and as a singleton to the RestServiceConfig.
What do I need to do to get my CorsResponseFilter invoked?
PS. Read these posts, but they didn't help solving the problem.
ContainerRequestFilter ContainerResponseFilter dosent get called
ResourceConfig and Application
CorsResponseFilter.java
#Provider
public class CorsResponseFilter implements ContainerResponseFilter {
#Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
MultivaluedMap<String, Object> headers = responseContext.getHeaders();
headers.add("Access-Control-Allow-Origin", "*");
//headers.add("Access-Control-Allow-Origin", "http://podcastpedia.org"); //allows CORS requests only coming from podcastpedia.org
headers.add("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
headers.add("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, X-Codingpedia");
headers.add("Access-Control-Max-Age", "1209600");
}
}
RestServiceConfig.java
public class RestServiceConfig extends Application {
private final Set<Object> singletons = new HashSet<>();
public RestServiceConfig() {
singletons.add(new CorsResponseFilter());
singletons.add(new ApplicationService());
singletons.add(new TweetObsService());
}
#Override
public Set<Object> getSingletons() {
return singletons;
}
}
web.xml
...
<listener>
<listener-class>
org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap
</listener-class>
</listener>
<servlet>
<servlet-name>resteasy-servlet</servlet-name>
<servlet-class>
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher
</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>org.mycorp.myapp.service.RestServiceConfig</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
<param-value>org.clearbyte.obs.service.CorsResponseFilter</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>resteasy-servlet</servlet-name>
<url-pattern>/service/*</url-pattern>
</servlet-mapping>
<context-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
<param-value>/service</param-value>
</context-param>
...
Wildfly log console
13:56:01,672 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] RESTEASY002225: Deploying javax.ws.rs.core.Application: class org.clearbyte.obs.service.RestServiceConfig
13:56:01,672 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] RESTEASY002200: Adding class resource org.clearbyte.obs.service.TweetObsService from Application class org.clearbyte.obs.service.RestServiceConfig
13:56:01,672 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] RESTEASY002200: Adding class resource org.clearbyte.obs.service.ApplicationService from Application class org.clearbyte.obs.service.RestServiceConfig
So I've started over from scratch with a new project to eliminate error sources. Thanks for the input on using #Provider and adding OPTIONS. Plus I removed all configuration REST from the web.xml.
#Provider is essential for the Filter to work
ServiceCorsFilter.java
#Provider
public class ServiceCorsFilter implements ContainerResponseFilter {
#Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
responseContext.getHeaders().putSingle("Access-Control-Allow-Origin", "*");
responseContext.getHeaders().putSingle("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, DELETE");
responseContext.getHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type");
}
}
#ApplicationPath makes web.xml configuration obsolete
ServiceConfig.java
#ApplicationPath("service")
public class ServiceConfig extends Application {
private Set<Object> singletons = new HashSet<>();
public ServiceConfig() {
singletons.add(new UserServiceV1());
singletons.add(new ServiceCorsFilter());
}
#Override
public Set<Object> getSingletons() {
return singletons;
}
}
This is what is left in the web.xml
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<display-name>MyApp</display-name>
<!-- No REST related config due the the #Provider and inheritance of Application-->
</web-app>
I would try declaring it like a standard filter, not a param of the servlet dispatcher:
<filter>
<filter-name>CorsHeadersFilter</filter-name>
<filter-class>org.clearbyte.obs.service.CorsResponseFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsHeadersFilter</filter-name>
<url-pattern>/service/*</url-pattern>
</filter-mapping>
Some browsers (namely: Chrome) send an OPTION request before issuing their request.
Since you explicitly specify 'GET' 'PUT' 'POST' 'DELETE', the 'OPTION' call does not get the headers information :)
Adding OPTION to your list should solve the issue

Cannot perform correctly spring-mvc mapping

I'm developing spring-mvc web-application and I faced some mapping problems:
My web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>Spring MVC Application</display-name>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<welcome-file-list>
<welcome-file>pages/index.jsp</welcome-file>
</welcome-file-list>
</web-app>
My controller:
#Controller
public class MainController {
#Autowired
UserService userService;
#Autowired
PhotosService photosService;
#RequestMapping(method=RequestMethod.GET)
public String loadIndex(Model model)
{
model.addAttribute("firstName", "WWWALTER");
return "index";
}
#RequestMapping(value = "/upload", method = RequestMethod.POST)
public String save( #ModelAttribute("document") PhotosEntity photosEntity,
#RequestParam("file") MultipartFile file) {
Blob blob = null;
try {
blob = new SerialBlob(file.getBytes());
} catch (SQLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
// PhotosEntity photosEntity = new PhotosEntity();
photosEntity.setContent(blob);
photosEntity.setFilename(file.getOriginalFilename());
photosService.saveFile(photosEntity);
return "index";
}
Also I have a application name in tomcat 7 -"c2". So should I map with "c2/" prefix?
Can you please help me create correct mapping?
I want to add an attribute in first method and retrieve it in jsp page:
#RequestMapping(method=RequestMethod.GET)
public String loadIndex(Model model)
{
model.addAttribute("firstName", "WWWALTER");
return "index";
}
- but this method isn't invoked.
You can retrieve the attribute like this: ${firstName} from your jsp-page.
Also try changing #RequestMapping(method=RequestMethod.GET) to #RequestMapping(value = "/", method=RequestMethod.GET)
It sounds so stupid. But I just forgot to put
<mvc:annotation-driven />
in servlet context file. Sorry!

How can I cache a GET response for 5 hours?

WHAT I WANT
I'm working on a maven-jetty-plugin that uses jersey to map resources. How can I cache the version number for 5 hours so that I don't have to GET it every time the page loads?
MY CODE
Here is the html code that will contain the version number once it is loaded:
...
<footer>
<hr/>
VERSION: <span id="version-container">...Loading...</span>
</footer>
Here is the web.xml with the servlet mapping to 'localhost:8080/rest/':
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<servlet>
<servlet-name>Jersey Web Application</servlet-name>
<servlet-class>
com.sun.jersey.spi.container.servlet.ServletContainer
</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.resources</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Jersey Web Application</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
</web-app>
Here is the java code to handle a GET at 'localhost:8080/rest/version':
/* ... package & imports omitted ... */
#Path("/")
public class RootResource {
#GET
#Path("/version")
#Produces(MediaType.APPLICATION_JSON)
public String versionAsJson(){
return String.format("{ \"version\": \"%s\"}", "v.01");
}
}
Here is the javascript code to load the version after the page loads (using jQuery):
$(document).ready(function() {
$.get("http://localhost:8080/rest/version",
function(response){
$("#version-container").html(response.version);
},
"json"
).error(function(){
$("#version-container").html("[FAILED TO GET VERSION]");
});
}
The Guava library has very nice cache support:
#Path("/")
public class Service {
protected LoadingCache<String, String> cache = CacheBuilder.newBuilder()
.expireAfterWrite(5L, TimeUnit.HOURS).maximumSize(1L)
.build(new CacheLoader<String, String>() {
#Override
public String load(String key) throws Exception {
return String.format("{ \"version\": \"%s\"}", "v.01");
}
});
#GET
#Path("/version")
#Produces(MediaType.APPLICATION_JSON)
public String run() throws ExecutionException {
return cache.get("version");
}
}

Resources