Java Reference
In-Depth Information
The
authorized()
method is
synchronized
, as this filter may be concurrently accessed and
we need to do this policy check atomically. It first checks to see if a day has elapsed. If so, it
resets the
today
variable and clears the
count
map.
UserMethodKey key
=
new
new
UserMethodKey
(
user
,
info
.
getResourceMethod
());
Integer counter
=
count
.
get
(
user
);
iif
(
counter
==
null
null
)
{
counter
=
0
;
}
The
authorized()
method then checks to see if the current user and method are already be-
ing tracked and counted.
AllowedPerDay allowed
=
info
.
getResourceMethod
().
getAnnotation
(
AllowedPerDay
.
class
);
iif
(
allowed
.
value
() >
counter
)
{
count
.
put
(
user
,
counter
+
1
);
return
return true
true
;
}
return
return false
false
;
}
}
The method then extracts the
AllowedPerDay
annotation from the current JAX-RS method
that is being invoked. This annotation will contain the number of times per day that a user is
allowed to invoke the current JAX-RS method. If this value is greater than the current count
for that user for that method, then we update the counter and return true. Otherwise, the
policy check has failed and we return false.
We then apply this functionality to a JAX-RS resource method by using the
@AllowedPer-
Day
annotation:
src/main/java/com/restfully/shop/services/CustomerResource.java
@PUT
@Path
(
"{id}"
)
@Consumes
(
"application/xml"
)
@OTPAuthenticated
@AllowedPerDay
(
1
)
public
public
void
void
updateCustomer
(
@PathParam
(
"id"
)
int
int
id
,
Customer update
)
{
...
}