amitection amitection - 1 year ago 133
Java Question

Manipulate InputStream of ContainerRequestFilter

I have a encrypted string being sent by a client. I am trying to intercept the string using ContainerRequestFilter then decrypt it and set the InputStream again so that it can be used by Jackson to map to a POJO.


My Resource

public class AuthResource {

public Response testResource(@Auth AuthUser auth, Person person) {

System.out.println("Recieved Resource:: "+ new Gson().toJson(person));

return null;

public class Person {

private String name;
private int age;

public Person() {};

public Person(String name, int age) { = name;
this.age = age;
public String getName() {
return name;
public void setName(String name) { = name;
public int getAge() {
return age;
public void setAge(int age) {
this.age = age;

My Filter

public class MyFilter implements ContainerRequestFilter {

public void filter(ContainerRequestContext requestContext) throws IOException {

InputStream inputStream = requestContext.getEntityStream();

StringWriter writer = new StringWriter();
IOUtils.copy(inputStream, writer, "UTF-8");
String theString = writer.toString();

String decryptedMessage = "";
try {
decryptedMessage = JwtToken.decryptPayload(theString);
System.err.println("Decrypted Message: "+decryptedMessage);
} catch (Exception e) {

InputStream stream = new ByteArrayInputStream(decryptedMessage.getBytes(StandardCharsets.UTF_8));


I understand that once the InputStream is utilized it cannot be used again. But using requestContext.setEntityStream(stream); I am trying to set the InputStream again to be utilized by Jackson.

Inspite of that I am still unable to get the person object in my resource. The decryption is working fine as I have tested it using a debugger.

I get the following error: 415: Unsupported Media Type

Edit 1: I am using Adavanced Rest Client to hit the url



authorization: Basic ZXlKaGRYUm9iM0pwZW1GMGFXOXVJam9pWVcxcGRDSXNJbUZzWnlJNklraFRNalUySW4wLmUzMC5MLUtmOUxQNjFSQ21Bektob2lTR0V4bEJ3RXRUMXhrR3A3bUpIZmFSeV9FOnBhc3M=

Raw Payload:


The payload is encrypted simply using JWT:

Jwts.builder().setPayload(new Gson().toJson(new Person("Amit",22))).signWith(SignatureAlgorithm.HS256, key).compact();

Answer Source

Your request payload is not a JSON. It's a JWT token which contains a JSON encoded as Base64. It's a piece of text. Hence, the Content-Type of the request should be text/plain instead of application/json:

POST /api/auth HTTP/1.1
Content-Type: text/plain


Your filter modifies the payload of the request: the filter gets the JWT token from the request payload, gets the token payload, decodes the token payload into a JSON string and sets JSON string to the request payload.

After the executing of the filter, the request contains a JSON string and not just a piece of text. Hence, the Content-Type of the request should be modified to application/json. It could be achieved with the following lines:

requestContext.getHeaders().add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON);

To ensure the filter will be executed before the resource matching, annotate your filter with @PreMatching.

And don't forget to annotate your resource method with @Consumes(MediaType.APPLICATION_JSON).

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download