Alden Alden - 1 month ago 19
Java Question

Jersey Async ContainerRequestFilter

I have a Jersey REST API and am using a

ContainerRequestFilter
to handle authorization. I'm also using
@ManagedAsync
on all endpoints so that my API can serve thousands of concurrent requests.

My authorization filter hits a remote service, but when the filter is run, Jersey hasn't yet added the current thread to it's internal
ExecutorService
, so I'm completely losing the async benefits.

Can I tell Jersey that I want this
ContainerRequestFilter
to be asynchronous?

@Priority(Priorities.AUTHORIZATION)
public class AuthorizationFilter implements ContainerRequestFilter
{
@Inject
private AuthorizationService authSvc;

@Override
public void filter(ContainerRequestContext requestContext) throws IOException
{
String authToken = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);

// HITS A REMOTE SERVER
AuthorizationResponse authResponse = authSvc.authorize(authToken);

if (!authResponse.isAuthorized())
{
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
.entity("unauthorized!")
.build());
}
}
}


And here's an example resource:

@Path("/stuff")
@Produces(MediaType.APPLICATION_JSON)
public class StuffResource
{
@GET
@Path("/{id}")
@ManagedAsync
public void getById(@PathParam("id") long id, @Suspended final AsyncResponse ar)
{
Stuff s;

// HIT THE DATABASE FOR STUFF

ar.resume(s);
}
}


UPDATE Just heard back from the Jersey guys, and this is not possible as of 2.7. Only the resource method itself is invoked asynchronously, not filters. Any suggestions for proceeding still welcome.

Answer

This is not built in to Jersey as of 2.7.

@ManagedAsync is useless if you have any filters or interceptors that do any serious work (like hit a remote authorization service). They may add the ability to run filters asynchronously in the future, but for now you're on your own.

UPDATE - there are other ways...

After a long and perilous journey, I have found a very hacky solution that I'm using in the short term. Here is a rundown of what I tried and why it failed/worked.

Guice AOP - failed

I use Guice for DI (getting Guice injection to work with Jersey is a feat in itself!), so I figured I could use Guice AOP to get around the issue. Though Guice injection works, it is impossible to get Guice to create resource classes with Jersey 2, so Guice AOP cannot work with resource class methods. If you are trying desperately to get Guice to create resource classes with Jersey 2, don't waste your time because it will not work. This is a well-known problem.

HK2 AOP - RECOMMENDED SOLUTION

HK2 just recently released an AOP feature, see this question for details on how to get it working.

Monitoring - also worked

This is not for the faint of heart, and it is completely discouraged in the Jersey docs. You can register and ApplicationEventListener and override onRequest to return a RequestEventListener that listens for RESOURCE_METHOD_START and calls an authentication/authorization service. This event is triggered from the @ManagedAsync thread, which is the whole goal here. One caveat, the abortWith method is a no-op, so this won't work quite like a normal ContainerRequestFilter. Instead, you can throw an exception if auth fails instead, and register an ExceptionMapper to handle your exception. If someone is bold enough to give this a try, let me know and I'll post code.

Comments