Waldheinz Waldheinz - 23 days ago 7
HTTP Question

Where to hook up authentication in Grizzly?

I'm using a Grizzly

HttpServer
which has two
HttpHandler
instances registered:


  • under
    /api/*
    there is an Jersey REST - style application offering the API of the product, and

  • under
    /*
    there is an
    StaticHttpHandler
    which serves static HTML / JavaScript content (which, among other things, talks to the API under
    /api/



For authentication I'm currently securing only the API using a Jersey
ContainerRequestFilter
implementing HTTP Basic Auth, which looks quite similar to what is presented in another SO question.

But as requirements changed, now I'd like to require authentication for all requests hitting the server. So I'd like to move the authentication one level up, from Jersey to Grizzly. Unfortunately, I'm completely lost figuring out where I can hook up a "request filter" (or whatever it is called) in Grizzly. Can someone point me to the relevant API to accomplish this?

Answer

The easiest solution would leverage the Grizzly embedded Servlet support.

This of course would mean you'd need to do a little work to migrate your current HttpHandler logic over to Servlets - but that really shouldn't be too difficult as the HttpHandler API is very similar.

I'll give some high level points on doing this.

HttpServer server = HttpServlet.createSimpleServer(<docroot>, <host>, <port>);
// use "" for <context path> if you want the context path to be /
WebappContext ctx = new WebappContext(<logical name>, <context path>);

// do some Jersey initialization here

// Register the Servlets that were converted from HttpHandlers
ServletRegistration s1 = ctx.addServlet(<servlet name>, <Servlet instance or class name>);
s1.addMapping(<url pattern for s1>);
// Repeat for other Servlets ...

// Now for the authentication Filter ...
FilterRegistration reg = ctx.addFilter(<filter name>, <filter instance or class name>);
// Apply this filter to all requests
reg.addMapping(null, "/*");

// do any other additional initialization work ...

// "Deploy" ctx to the server.
ctx.deploy(server);

// start the server and test ...

NOTE: The dynamic registration of Servlets and Filters is based off the Servlet 3.0 API, so if you want information on how to deal with Servlet listeners, init parameters, etc., I would recommend reviewing the Servlet 3.0 javadocs.

NOTE2: The Grizzly Servlet implementation is not 100% compatible with the Servlet specification. It doesn't support standard Servlet annotations, or deployment of traditional Servlet web application archive deployment.

Lastly, there are examples of using the embedded Servlet API here