Alden Alden - 1 year ago 188
Java Question

Jersey Async ContainerRequestFilter

I have a Jersey REST API and am using a

to handle authorization. I'm also using
on all endpoints so that my API can serve thousands of concurrent requests.

My authorization filter hits a remote service, but when the filter is run, Jersey hasn't yet added the current thread to it's internal
, so I'm completely losing the async benefits.

Can I tell Jersey that I want this
to be asynchronous?

public class AuthorizationFilter implements ContainerRequestFilter
private AuthorizationService authSvc;

public void filter(ContainerRequestContext requestContext) throws IOException
String authToken = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);

AuthorizationResponse authResponse = authSvc.authorize(authToken);

if (!authResponse.isAuthorized())

And here's an example resource:

public class StuffResource
public void getById(@PathParam("id") long id, @Suspended final AsyncResponse ar)
Stuff s;



UPDATE Just heard back from the Jersey guys, and this is not possible as of 2.7. Only the resource method itself is invoked asynchronously, not filters. Any suggestions for proceeding still welcome.

Answer Source

This is not built in to Jersey as of 2.7.

@ManagedAsync is useless if you have any filters or interceptors that do any serious work (like hit a remote authorization service). They may add the ability to run filters asynchronously in the future, but for now you're on your own.

UPDATE - there are other ways...

After a long and perilous journey, I have found a very hacky solution that I'm using in the short term. Here is a rundown of what I tried and why it failed/worked.

Guice AOP - failed

I use Guice for DI (getting Guice injection to work with Jersey is a feat in itself!), so I figured I could use Guice AOP to get around the issue. Though Guice injection works, it is impossible to get Guice to create resource classes with Jersey 2, so Guice AOP cannot work with resource class methods. If you are trying desperately to get Guice to create resource classes with Jersey 2, don't waste your time because it will not work. This is a well-known problem.


HK2 just recently released an AOP feature, see this question for details on how to get it working.

Monitoring - also worked

This is not for the faint of heart, and it is completely discouraged in the Jersey docs. You can register and ApplicationEventListener and override onRequest to return a RequestEventListener that listens for RESOURCE_METHOD_START and calls an authentication/authorization service. This event is triggered from the @ManagedAsync thread, which is the whole goal here. One caveat, the abortWith method is a no-op, so this won't work quite like a normal ContainerRequestFilter. Instead, you can throw an exception if auth fails instead, and register an ExceptionMapper to handle your exception. If someone is bold enough to give this a try, let me know and I'll post code.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download