Home/ Questions/Q 8458611
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T13:07:36+00:00

I am developing REST services with two types. before login no session token will

  • 0

I am developing REST services with two types.

  • before login no session token will be passed to HTTP header.
  • after login session token will be passed in each request.

I dont want to include @HeaderParam in each and every REST method. I want to intercept it first and based on that I want to check the validity of session. Please let me know

  1. how I can intercept based on headers in RESTEasy
  2. How to avoid intercepting few methods

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I solved this problem using PreProcessInterceptor

    @Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface Securable {
  String header() default "session-token";
}

@Provider
@ServerInterceptor
public class ValidationInterceptor implements PreProcessInterceptor, AcceptedByMethod {

  @Context
  private HttpServletRequest servletRequest;

  @Override
  public boolean accept(Class clazz, Method method) {
    return method.isAnnotationPresent(Securable.class);
  }

  @Override
  public ServerResponse preProcess(HttpRequest httpRequest, ResourceMethod resourceMethod) throws Failure,
      WebApplicationException {

    Securable securable =  resourceMethod.getMethod().getAnnotation(Securable.class);
    String headerValue = servletRequest.getHeader(securable.header());

    if (headerValue == null){
      return (ServerResponse)Response.status(Status.BAD_REQUEST).entity("Invalid Session").build();
    }else{
      // Validatation logic goes here
    }

    return null;
  }
}

    The annotation @Securable will be used on REST service which needs to be validated.

    @Securable
@PUT
public Response updateUser(User user)
    • 0