Provide a replacement for injecting HttpServletRequest

[gsmet]

When using RESTEasy without Undertow, we can't inject HttpServletRequest so we need a replacement for it (and all the other servlet related injections).

A good example of that is the REST JSON quickstart: https://github.com/quarkusio/quarkus-quickstarts/blob/master/rest-json/src/main/java/org/acme/rest/json/LoggingFilter.java .

I think we need something for 0.24.0 as adding Undertow in the quickstart won't really help the case of RESTEasy without Undertow as it's our basic example of a REST service.

/cc @patriot1burke @stuartwdouglas

[FroMage]

I can do that @gsmet . You want an implementation of HttpServletRequest or a new interface with the useful methods?

[FroMage]

That interface is huge (https://javaee.github.io/javaee-spec/javadocs/javax/servlet/http/HttpServletRequest.html), so I'd suggest a new interface for the few missing useful methods.

[stuartwdouglas]

Can't you just inject org.jboss.resteasy.spi.HttpRequest ?

[stuartwdouglas]

Actually never mind, for some reason I thought that was a spec class and not a resteasy internal one.

[stuartwdouglas]

javax.ws.rs.core.Request was the one I was thinking of

[FroMage]

Yeah, nothing exists ATM. I think we can add it in RESTEasy and later promote it to JAX-RS, because it allows us to implement it for any RESTEasy backend. That'd be very useful. And it would work on resteasy-vertx as well as resteasy-undertow.

[FroMage]

javax.ws.rs.core.Request has no interesting method for this.

[FroMage]

We could make it a subtype of it, though.

[gsmet]

@cescoffier changed the filter this morning to use a Vert.x object: https://github.com/quarkusio/quarkus-quickstarts/blob/development/rest-json/src/main/java/org/acme/rest/json/LoggingFilter.java#L21 .

Obviously, this is not portable so I suppose a portable solution in JAX-RS would be better in the long run but, at least for now, we are covered.

[FroMage]

So this issue is not on the table for the next milestone anymore, or still?

[FroMage]

I think it should still be done, and should be quick to implement.

[FroMage]

Done in resteasy/resteasy#2176 pending two design decisions.

[cescoffier]

I fixed it already. Sorry, I forgot to update the issue.

[FroMage]

Well, it's not really fixed unless we decide that exposing vert.x is the way to do it. My PR got merged and we're waiting for a release.

[FroMage]

Went in RESTEasy 4.4.0.Final which is not released yet.

[gsmet]

@FroMage I'm reopening this one, let's close it once we have upgraded RESTEasy.

[FroMage]

OK, thanks. Perhaps @asoldano has an idea when it will be released?

[asoldano]

@FroMage , I'm targetting end of October for the 4.4.0.Final release

[FroMage]

OK, thanks.

[FroMage]

I want to document this, but I don't see any documentation on the resteasy vs. servlet deployment in guides. Is this documented somewhere @stuartwdouglas @patriot1burke ?

[patriot1burke]

Inject HttpRequest HttpResponse

[patriot1burke]

org.jboss.resteasy.spi.HttpRequest/HttpResponse

I think what's missing is client IP address

[patriot1burke]

@stuartwdouglas HttpRequest/Response is a public resteasy SPI.

[FroMage]

Yeah I added this, I know, but I don't know where best to document it ;)

[gsmet]

@FroMage for now, please document it at the end of the rest-json guide. Hopefully, we will find a more appropriate place for it once we have a reference guide but let's collect as much as we can for now.

[FroMage]

Done: #5581

[k0l0ssus]

@gsmet I don't understand how the linked PR addresses the OP. It's a documentation update that refers to a component that's supposed to be a substitute, but

1. The dependency that contains the class isn't part of the BOM nor docs
2. Isn't actually working - I'm still not able to inject org.jboss.resteasy.plugins.server.sun.http.HttpServerRequest or any of the other children of BaseHttpServerRequest with @Inject. Is there a sample project or unit test I can look at to see how this is supposed to work?

[patriot1burke]

@k0l0ssus I veto (if I actually have one) adding any mock HttpServletRequest into resteasy-without-servlet. If you want to inject an HttpServletRequest, add undertow to your build. The point of resteasy standalone is that there is no servlet overhead and there is a leaner build. With the ability to obtain the IP addresses from HttpRequest, there is no reason to use servlet spec with Resteasy.

[gsmet]

@k0l0ssus have you looked at the documentation? There's no reference to org.jboss.resteasy.plugins.server.sun.http.HttpServerRequest.

Either you use a standard servlet environment by adding the quarkus-undertow extension or you don't and in this case the replacement is: https://docs.jboss.org/resteasy/docs/4.4.1.Final/javadocs/org/jboss/resteasy/spi/HttpRequest.html .

[k0l0ssus]

Apologies @gsmet, I should have clarified I was speaking about https://github.com/resteasy/Resteasy/pull/2176/files as linked through #4125 (comment), not in the OP. Given

  <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-vertx</artifactId>
    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-undertow</artifactId>
    </dependency>

None of the following injections work:

    @Inject
     //resolves to null but doesn't break startup
    javax.servlet.http.HttpServletRequest injectedHttpServletRequest;  //comes out null;
    @Inject
    //UnsatisfiedResolutionException. Breaks startup
    org.jboss.resteasy.plugins.server.sun.http.HttpServerRequest injectedHttpRequest;  
    @Inject
    //UnsatisfiedResolutionException. Breaks startup
    org.jboss.resteasy.spi.HttpRequest injectedHttpRequest; 
    @Inject
    //Requires JDK11+. UnsatisfiedResolutionException still. Breaks startup
    java.net.http.HttpRequest request;

So as it stands, neither RestEasy nor Undertow provide the object.

[patriot1burke]

@k0l0ssus You have to use @context (with a captial 'C', github is making it lower case) within a JAX-Rs resource not @Inject.

[k0l0ssus]

@patriot1burke Thank you! That works.

[38leinaD]

Is there some way to inject the HTTPRequest into a CDI interceptor?
@context does not work; at least for me the member is null

@Context HttpRequest request;

What i want to achive is to annotate certain Jax-RS endpoint with an interceptor-binding and let the CDI-interceptor check some value in the headers.

[alesj]

What if you try @context on some servlet listener, set the request into some ThreadLocal, and get it from TL in that interceptor ... ?

…

On Sun, 16 Feb 2020 at 18:24, Daniel Platz ***@***.***> wrote: Is there some way to inject the HTTPRequest into a CDI interceptor? @context <https://github.com/context> does not work; at least for me the member is null @context HttpRequest request; What i want to achive is to annotate certain Jax-RS endpoint with an interceptor-binding and let the CDI-interceptor check some value in the headers. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#4125?email_source=notifications&email_token=AACRA6DELNBPQI2F6KPVOMLRDFZEVA5CNFSM4IYUJUS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEL4M4KA#issuecomment-586731048>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AACRA6DTEXEFUP35KJQXFW3RDFZEVANCNFSM4IYUJUSQ> .

[38leinaD]

Thanks! That worked. Actually used a JaxRS filter

@Provider
public class AccessControlFilter implements ContainerRequestFilter {

    @Context
    HttpRequest request;
    
    static final ThreadLocal<HttpRequest> HTTP_REQUEST_CONTEXT = new ThreadLocal<HttpRequest>();
    
    @Override
    public void filter(ContainerRequestContext context) {
        HTTP_REQUEST_CONTEXT.set(request);
    }
}

[alesj]

Don’t forget to cleanup TL afterwards ...

…

On Sun, 16 Feb 2020 at 19:45, Daniel Platz ***@***.***> wrote: Thanks! That worked. Actually used a JaxRS filter @Provider public class AccessControlFilter implements ContainerRequestFilter { @context HttpRequest request; static final ThreadLocal<HttpRequest> HTTP_REQUEST_CONTEXT = new ThreadLocal<HttpRequest>(); @OverRide public void filter(ContainerRequestContext context) { HTTP_REQUEST_CONTEXT.set(request); } } — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#4125?email_source=notifications&email_token=AACRA6BN3RRTTG4VOVNMRZTRDGCT5A5CNFSM4IYUJUS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEL4O2UY#issuecomment-586739027>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AACRA6B2J672P52VCULMO4TRDGCT5ANCNFSM4IYUJUSQ> .

[ShahmirAhmed]

I've followed this thread and tried the suggestions mentioned, but unfortunately to no avail. I've tried the several approaches that @k0l0ssus used that gave them UnsatisfiedResolutionExceptions with both HttpServletRequest and HttpRequest. I've used @context annotation with HttpServletRequest to which a NullPointerException was thrown, I've also tried using

@RequestScoped
public class RequestDetailsConfig {

  private HttpServletRequest request;
  private ServletContext context;

  public RequestDetailsConfig(@Context HttpServletRequest request, @Context ServletContext context) {
    this.request = request;
    this.context = context;
  }

  public String getRemoteAddress() {
    return request.getRemoteAddr();
  }

  public String getRemoteHost() {
    return request.getRemoteHost();
  }
}

which is a little redundant with the constructor, however, I get back

java.lang.IllegalStateException: UT000048: No request is currently active at io.undertow.servlet.handlers.ServletRequestContext.requireCurrent(ServletRequestContext.java:84)

I'm hoping someone may have some insight, as I've been facing this issue for a few days now. If more context (pun intended) is needed feel free to mention

[FroMage]

Can you open a new issue with a full stack trace and list of extensions please? We need to know what sort of application you're injecting this into.

[jcunliffe1]

I'm struggling with the same, trying to get any request information injected into the AuthorizationController.