Resteasy Reference Guide En US

User Manual:

Open the PDF directly: View PDF PDF.
Page Count: 346

DownloadResteasy-reference-guide-en-US
Open PDF In BrowserView PDF
RESTEasy JAX-RS
RESTFul Web Services for Java
3.6.2.Final

Preface ............................................................................................................................. ix
1. Overview ...................................................................................................................... 1
2. License ........................................................................................................................ 3
3. Installation/Configuration ............................................................................................ 5
3.1. RESTEasy modules in WildFly ............................................................................ 5
3.1.1. Other RESTEasy modules ........................................................................ 7
3.1.2. Upgrading RESTEasy within WildFly ......................................................... 7
3.2. Deploying a RESTEasy application to WildFly ...................................................... 7
3.3. Deploying to other servlet containers ................................................................... 8
3.3.1. Servlet 3.0 containers .............................................................................. 9
3.3.2. Older servlet containers ............................................................................ 9
3.4. Configuration switches ...................................................................................... 10
3.5. javax.ws.rs.core.Application ............................................................................... 14
3.6. RESTEasy as a ServletContextListener .............................................................. 15
3.7. RESTEasy as a Servlet Filter ............................................................................ 16
3.8. Client side ........................................................................................................ 16
4. Using @Path and @GET, @POST, etc. ...................................................................... 19
4.1. @Path and regular expression mappings ...........................................................
4.2. JAX-RS 2.0 Matching Algorithm .........................................................................
5. @PathParam ..............................................................................................................
5.1. Advanced @PathParam and Regular Expressions ..............................................
5.2. @PathParam and PathSegment ........................................................................
6. @QueryParam ............................................................................................................
7. @HeaderParam ..........................................................................................................
8. Linking resources ......................................................................................................
8.1. Link Headers ....................................................................................................
8.2. Atom links in the resource representations .........................................................
8.2.1. Configuration ..........................................................................................
8.2.2. Your first links injected ...........................................................................
8.2.3. Customising how the Atom links are serialised .........................................
8.2.4. Specifying which JAX-RS methods are tied to which resources ..................
8.2.5. Specifying path parameter values for URI templates .................................
8.2.6. Securing entities ....................................................................................
8.2.7. Extending the UEL context .....................................................................
8.2.8. Resource facades ..................................................................................
9. @MatrixParam ............................................................................................................
10. @CookieParam ........................................................................................................
11. @FormParam ...........................................................................................................
12. @Form .....................................................................................................................
13. Improved @…Param annotations ............................................................................
14. @DefaultValue ..........................................................................................................
15. @Encoded and encoding .........................................................................................
16. @Context .................................................................................................................
17. JAX-RS Resource Locators and Sub Resources .....................................................

20
21
23
24
24
27
29
31
31
31
31
31
34
34
35
38
38
40
43
45
47
49
53
55
57
59
61

iii

RESTEasy JAX-RS

18. Resources metadata configuration .......................................................................... 65
19. JAX-RS Content Negotiation .................................................................................... 69
19.1. URL-based negotiation ....................................................................................
19.2. Query String Parameter-based negotiation ........................................................
20. Content Marshalling/Providers .................................................................................
20.1. Default Providers and default JAX-RS Content Marshalling ................................
20.2. Content Marshalling with @Provider classes .....................................................
20.3. Providers Utility Class .....................................................................................
20.4. Configuring Document Marshalling ...................................................................
20.5. Text media types and character sets ................................................................
21. JAXB providers ........................................................................................................
21.1. JAXB Decorators ............................................................................................
21.2. Pluggable JAXBContext's with ContextResolvers ..............................................
21.3. JAXB + XML provider ......................................................................................
21.3.1. @XmlHeader and @Stylesheet .............................................................
21.4. JAXB + JSON provider ....................................................................................
21.5. JAXB + FastinfoSet provider ............................................................................

22.

23.

24.
25.

iv

70
71
73
73
74
75
78
79
81
82
83
84
84
86
90

21.6. Arrays and Collections of JAXB Objects ........................................................... 90
21.6.1. Retrieving Collections on the client side ................................................. 93
21.6.2. JSON and JAXB Collections/arrays ....................................................... 94
21.7. Maps of JAXB Objects .................................................................................... 95
21.7.1. Retrieving Maps on the client side ......................................................... 97
21.7.2. JSON and JAXB maps ......................................................................... 98
21.7.3. Possible Problems with Jettison Provider ............................................... 98
21.8. Interfaces, Abstract Classes, and JAXB ............................................................ 99
21.9. Configurating JAXB Marshalling ....................................................................... 99
RESTEasy Atom Support ....................................................................................... 101
22.1. RESTEasy Atom API and Provider ................................................................. 101
22.2. Using JAXB with the Atom Provider ............................................................... 102
JSON Support via Jackson .................................................................................... 105
23.1. Using Jackson 1.9.x Outside of WildFly .......................................................... 105
23.2. Using Jackson 1.9.x Inside WildFly 8 ............................................................. 105
23.3. Using Jackson 2 Outside of WildFly ............................................................... 105
23.4. Using Jackson 2 Inside WildFly 9 and above .................................................. 106
23.5. Additional RESTEasy Specifics ...................................................................... 106
23.6. Possible Conflict With JAXB Provider ............................................................. 107
23.7. JSONP Support ............................................................................................ 107
23.8. Jackson JSON Decorator .............................................................................. 109
23.9. JSON Filter Support ...................................................................................... 109
JSON Support via Java EE 7 JSON-P API .............................................................. 113
Multipart Providers ................................................................................................. 115
25.1. Input with multipart/mixed .............................................................................. 115
25.2. java.util.List with multipart data ....................................................................... 117
25.3. Input with multipart/form-data ......................................................................... 117

25.4. java.util.Map with multipart/form-data .............................................................. 118
25.5. Input with multipart/related ............................................................................. 118
25.6. Output with multipart .....................................................................................
25.7. Multipart Output with java.util.List ...................................................................
25.8. Output with multipart/form-data ......................................................................
25.9. Multipart FormData Output with java.util.Map ..................................................
25.10. Output with multipart/related .........................................................................
25.11. @MultipartForm and POJOs ........................................................................
25.12. XML-binary Optimized Packaging (Xop) ........................................................
25.13. Note about multipart parsing and working with other frameworks .....................
25.14. Overwriting the default fallback content type for multipart messages ................
25.15. Overwriting the content type for multipart messages ......................................
25.16. Overwriting the default fallback charset for multipart messages .......................
26. YAML Provider .......................................................................................................
27. JAX-RS 2.1 Additions .............................................................................................
27.1. CompletionStage support ...............................................................................
27.2. Reactive Clients API ......................................................................................

119
120
120
122
123
124
128
130
130
131
131
133
135
135
135

27.3. Server-Sent Events (SSE) .............................................................................
27.3.1. SSE Server ........................................................................................
27.3.2. SSE Broadcasting ..............................................................................
27.3.3. SSE Client .........................................................................................
27.4. Java API for JSON Binding ............................................................................
String marshalling for String based @*Param .......................................................
28.1. Simple conversion .........................................................................................
28.2. ParamConverter ............................................................................................
28.3. StringParameterUnmarshaller .........................................................................
28.4. Collections ....................................................................................................
28.4.1. @QueryParam ...................................................................................
28.4.2. @MatrixParam ...................................................................................
28.4.3. @HeaderParam ..................................................................................
28.4.4. @CookieParam ..................................................................................
28.4.5. @PathParam ......................................................................................
28.5. Extension to ParamConverter semantics .........................................................
Responses using javax.ws.rs.core.Response ........................................................
Exception Handling ................................................................................................
30.1. Exception Mappers ........................................................................................
30.2. RESTEasy Built-in Internally-Thrown Exceptions .............................................
30.3. Overriding RESTEasy Builtin Exceptions ........................................................
Configuring Individual JAX-RS Resource Beans ...................................................
Content encoding ...................................................................................................
32.1. GZIP Compression/Decompression ................................................................
32.1.1. Configuring GZIP compression / decompression ...................................
32.2. General content encoding ..............................................................................
CORS .....................................................................................................................

135
135
137
138
138
141
141
142
143
145
145
146
146
147
147
149
155
157
157
158
159
161
163
163
163
165
169

28.

29.
30.

31.
32.

33.

v

RESTEasy JAX-RS

34. Content-Range Support ......................................................................................... 171
35. RESTEasy Caching Features ................................................................................. 173
35.1. @Cache and @NoCache Annotations ............................................................
35.2. Client "Browser" Cache .................................................................................
35.3. Local Server-Side Response Cache ...............................................................
35.4. HTTP preconditions .......................................................................................
36. Filters and Interceptors ..........................................................................................
36.1. Server Side Filters ........................................................................................
36.1.1. Asynchronous filters ............................................................................
36.2. Client Side Filters ..........................................................................................
36.3. Reader and Writer Interceptors ......................................................................
36.4. Per Resource Method Filters and Interceptors .................................................
36.5. Ordering .......................................................................................................
37. Asynchronous HTTP Request Processing .............................................................
37.1. Using the @Suspended annotation ................................................................
37.2. Using Reactive return types ...........................................................................
37.3. Asynchronous filters ......................................................................................

173
174
175
177
179
179
180
180
181
181
182
183
183
184
185

38. Asynchronous Job Service ....................................................................................
38.1. Using Async Jobs .........................................................................................
38.2. Oneway: Fire and Forget ...............................................................................
38.3. Setup and Configuration ................................................................................
39. Reactive programming support .............................................................................
39.1. CompletionStage ...........................................................................................
39.2. CompletionStage in JAX-RS ..........................................................................
39.3. Beyond CompletionStage ...............................................................................
39.4. Pluggable reactive types: RxJava 2 in RESTEasy ...........................................
39.5. Proxies .........................................................................................................
39.6. Adding extensions .........................................................................................
40. Embedded Containers ............................................................................................
40.1. Undertow ......................................................................................................
40.2. Sun JDK HTTP Server ..................................................................................
40.3. TJWS Embeddable Servlet Container .............................................................
40.4. Netty ............................................................................................................
40.5. Vert.x ............................................................................................................
41. Server-side Mock Framework .................................................................................
42. Securing JAX-RS and RESTEasy ...........................................................................
43. JSON Web Signature and Encryption (JOSE-JWT) ................................................
43.1. JSON Web Signature (JWS) ..........................................................................
43.2. JSON Web Encryption (JWE) ........................................................................
44. Doseta Digital Signature Framework ......................................................................
44.1. Maven settings ..............................................................................................
44.2. Signing API ...................................................................................................
44.2.1. @Signed annotation ...........................................................................
44.3. Signature Verification API ..............................................................................

187
187
188
188
191
191
194
198
199
211
213
217
217
219
220
221
222
225
227
229
229
229
233
235
235
236
237

vi

44.3.1. Annotation-based verification ............................................................... 239
44.4. Managing Keys via a KeyRepository .............................................................. 240
44.4.1. Create a KeyStore ..............................................................................
44.4.2. Configure Restreasy to use the KeyRepository .....................................
44.4.3. Using DNS to Discover Public Keys .....................................................
Body Encryption and Signing via SMIME ..............................................................
45.1. Maven settings ..............................................................................................
45.2. Message Body Encryption .............................................................................
45.3. Message Body Signing ..................................................................................
45.4. application/pkcs7-signature ............................................................................
EJB Integration ......................................................................................................
Spring Integration ..................................................................................................
CDI Integration .......................................................................................................
48.1. Using CDI beans as JAX-RS components ......................................................
48.2. Default scopes ..............................................................................................
48.3. Configuration within WildFly ...........................................................................
48.4. Configuration with different distributions ..........................................................

240
240
242
245
245
245
248
250
251
253
261
261
261
262
262

49. Guice 3.0 Integration ..............................................................................................
49.1. Request Scope .............................................................................................
49.2. Binding JAX-RS utilities .................................................................................
49.3. Configuring Stage .........................................................................................
49.4. Custom Injector creation ................................................................................
50. RESTEasy Client API .............................................................................................
50.1. JAX-RS 2.0 Client API ...................................................................................
50.2. RESTEasy Proxy Framework .........................................................................
50.2.1. Abstract Responses ............................................................................
50.2.2. Response proxies ...............................................................................
50.2.3. Giving client proxy an ad hoc URI .......................................................
50.2.4. Sharing an interface between client and server .....................................
50.3. Apache HTTP Client 4.x and other backends ..................................................
50.3.1. HTTP redirect .....................................................................................
50.3.2. Apache HTTP Client pre-4.3 APIs .......................................................
50.3.3. Apache HTTP Client 4.3 APIs .............................................................
50.3.4. Asynchronous HTTP Request Processing ............................................
50.3.5. Jetty Client Engine .............................................................................
51. MicroProfile Rest Client .........................................................................................
51.1. Client proxies ................................................................................................
51.2. Beyond RESTEasy ........................................................................................
52. AJAX Client ............................................................................................................
52.1. Generated JavaScript API ..............................................................................
52.1.1. JavaScript API servlet .........................................................................
52.1.2. JavaScript API usage .........................................................................
52.1.3. Work with @Form ..............................................................................
52.1.4. MIME types and unmarshalling. ...........................................................

263
264
265
265
266
269
269
270
272
272
276
278
278
280
281
282
283
284
285
285
288
293
293
293
294
296
297

45.

46.
47.
48.

vii

RESTEasy JAX-RS

52.1.5. MIME types and marshalling. .............................................................. 299
52.2. Using the JavaScript API to build AJAX queries .............................................. 300
52.2.1. The REST object ................................................................................
52.2.2. The REST.Request class ....................................................................
52.3. Caching Features ..........................................................................................
RESTEasy WADL Support .....................................................................................
53.1. RESTEasy WADL Support for Servlet Container .............................................
53.2. RESTEasy WADL support for Sun JDK HTTP Server ......................................
53.3. RESTEasy WADL support for Netty Container ................................................
53.4. RESTEasy WADL Support for Undertow Container .........................................
Validation ...............................................................................................................
54.1. Violation reporting .........................................................................................
54.2. Validation Service Providers ..........................................................................
Internationalization and Localization .....................................................................
55.1. Internationalization .........................................................................................
55.2. Localization ...................................................................................................
Maven and RESTEasy ............................................................................................

300
301
302
303
303
303
305
305
307
308
312
317
317
319
321

57. Deprecated Security Modules ................................................................................
58. Migration to RESTEasy 3.5 series ..........................................................................
59. Migration to RESTEasy 3.1 series ..........................................................................
59.1. Upgrading with RESTEasy 3 API ...................................................................
59.2. Upgrading with RESTEasy 2 API ...................................................................
60. Migration from older versions ................................................................................
60.1. Migrating from RESTEasy 2 to RESTEasy 3 ...................................................
60.2. Migrating from 3.0.x to 4.0.0 ..........................................................................
61. Books You Can Read .............................................................................................

325
327
329
330
331
333
333
333
335

53.

54.

55.

56.

viii

Preface
Commercial development support, production support and training for RESTEasy JAX-RS is available through JBoss, a division of Red Hat Inc. (see http://www.jboss.com/).
In some of the example listings, what is meant to be displayed on one line does not fit inside the
available page width. These lines have been broken up. A '\' at the end of a line means that a
break has been introduced to fit in the page, with the following lines indented. So:

Let's pretend to have an extremely \
long line that \
does not fit
This one is short

Is really:

Let's pretend to have an extremely long line that does not fit
This one is short

ix

x

Chapter 1.

Chapter 1. Overview
JAX-RS 2.0 (JSR-339) and JAX-RS 2.1 (JSR-370), are JCP specifications that provide a Java API
for RESTful Web Services over the HTTP protocol. RESTEasy is a portable implementation of
these specifications which can run in any Servlet container. Tighter integration with WildFly application server is also available to make the user experience nicer in that environment. RESTEasy
also comes with additional features on top of plain JAX-RS functionalities.

1

2

Chapter 2.

Chapter 2. License
RESTEasy is distributed under the ASL 2.0 license. It does not distribute any thirdparty libraries
that are GPL. It does ship thirdparty libraries licensed under Apache ASL 2.0 and LGPL.

3

4

Chapter 3.

Chapter 3. Installation/
Configuration
RESTEasy is installed and configured in different ways depending on which environment you are
running in. If you are running in WildFly, RESTEasy is already bundled and integrated completely
so there is very little you have to do. If you are running in a different environment, there is some
manual installation and configuration you will have to do.

3.1. RESTEasy modules in WildFly
In WildFly, RESTEasy and the JAX-RS API are automatically loaded into your deployment's classpath if and only if you are deploying a JAX-RS application (as determined by the presence of JAXRS annotations). However, only some RESTEasy features are automatically loaded. See Table
3.1. If you need any of those libraries which are not loaded automatically, you'll have to bring them
in with a jboss-deployment-structure.xml file in the WEB-INF directory of your WAR file. Here's
an example:









The services attribute must be set to "import" for modules that have default providers in a METAINF/services/javax.ws.rs.ext.Providers file.
To get an idea of which RESTEasy modules are loaded by default when JAX-RS services are
deployed, please see the table below, which refers to a recent WildFly ditribution patched with the
current RESTEasy distribution. Clearly, future and unpatched WildFly distributions might differ a
bit in terms of modules enabled by default, as the container actually controls this too.

Table 3.1.
Module Name

Loaded by Default

Description

org.jboss.resteasy.resteasyatom-provider

yes

RESTEasy's atom library

org.jboss.resteasy.resteasycdi

yes

RESTEasy CDI integration

5

Chapter 3. Installation/Confi...

Module Name

Loaded by Default

Description

org.jboss.resteasy.resteasycrypto

yes

S/MIME, DKIM, and support
for other security formats.

org.jboss.resteasy.resteasyjackson-provider

no

Integration with the JSON
parser and object mapper
Jackson (deprecated)

org.jboss.resteasy.resteasyjackson2-provider

yes

Integration with the JSON
parser and object mapper
Jackson 2

org.jboss.resteasy.resteasyjaxb-provider

yes

XML JAXB integration.

org.jboss.resteasy.resteasyjaxrs

yes

Core RESTEasy libraries for
server and client. You will
need to include this in your deployment if you are only using
JAX-RS client.

org.jboss.resteasy.resteasyjettison-provider

no

Alternative JAXB-like parser
for JSON (deprecated)

org.jboss.resteasy.jose-jwt

no

JSON Web Token support.

org.jboss.resteasy.resteasyjsapi

yes

RESTEasy's Javascript API

org.jboss.resteasy.resteasyjson-p-provider

yes

JSON parsing API

org.jboss.resteasy.resteasyjson-binding-provider

yes

JSON binding API

javax.json.bind-api

yes

JSON binding API

org.eclipse.yasson

yes

RI implementation of JSON
binding API

org.jboss.resteasy.resteasymultipart-provider

yes

Support for multipart formats

org.jboss.resteasy.skeletonkey

no

OAuth2 support.

org.jboss.resteasy.resteasyspring

no

Spring provider

org.jboss.resteasy.resteasyvalidator-provider-11

yes

RESTEasy's interface to Hibernate Bean Validation 1.1

org.jboss.resteasy.resteasyyaml-provider

yes

YAML marshalling

6

Other RESTEasy modules

3.1.1. Other RESTEasy modules
Not all RESTEasy modules are bundled with WildFly. For example, resteasy-fastinfoset-provider
and resteasy-wadl are not included among the modules listed in Section 3.1, “RESTEasy modules
in WildFly”. If you want to use them in your application, you can include them in your WAR as
you would if you were deploying outside of WildFly. See Section 3.3, “Deploying to other servlet
containers” for more information.

3.1.2. Upgrading RESTEasy within WildFly
RESTEasy is bundled with WildFly, but you may want to upgrade RESTEasy in WildFly to
the latest version. The RESTEasy distribution comes with a zip file called resteasy-jboss-modules-.zip. Unzip this file within the modules/system/layers/base/ directory of the WildFly
distribution. This will configure WildFly to use new versions of the modules listed in Section 3.1,
“RESTEasy modules in WildFly”.

3.2. Deploying a RESTEasy application to WildFly
RESTEasy is bundled with WildFly and completely integrated as per the requirements of Java EE.
You can use it with EJB and CDI and you can rely completely on WildFly to scan for and deploy
your JAX-RS services and providers. All you have to provide is your JAX-RS service and provider
classes packaged within a WAR either as POJOs, CDI beans, or EJBs. A simple way to configure
an application is by simply providing an empty web.xml file. You can of course deploy any custom
servlet, filter or security constraint you want to within your web.xml, but none of them are required:




http://

Also, RESTEasy context-params (see Section 3.4, “Configuration switches”) are available if you
want to tweak or turn on/off any specific RESTEasy feature.
Since

we're

not

using

a

 element, we must define a
javax.ws.rs.core.Application class (see Section 3.5, “javax.ws.rs.core.Application”) that is
annotated with the javax.ws.rs.ApplicationPath annotation. If you return any empty set for
classes and singletons, which is the behavior inherited from Application, your WAR will be
scanned for resource and provider classes as indicated by the presence of JAX-RS annotations.

import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;

7

Chapter 3. Installation/Confi...

@ApplicationPath("/root-path")
public class MyApplication extends Application
{
}

Note. Actually, if the application jar contains an Application class (or a subclass thereof) which
is annotated with an ApplicationPath annotation, a web.xml file isn't even needed. Of course,
even in this case it can be used to specify additional information such as context parameters.
If there is an Application class but it doesn't have an @ApplicationPath annotation, then a
web.xml file with at least a  element is required.
Note. As mentioned in Section 3.1.1, “Other RESTEasy modules”, not all RESTEasy modules
are bundled with WildFly. For example, resteasy-fastinfoset-provider and resteasy-wadl are not
included among the modules listed in Section 3.1, “RESTEasy modules in WildFly”. If you want
to use them in your application, you can include them in your WAR as you would if you were
deploying outside of WildFly. See Section 3.3, “Deploying to other servlet containers” for more
information.

3.3. Deploying to other servlet containers
If you are using RESTEasy outside of WildFly, in a standalone servlet container like Tomcat or
Jetty, for example, you will need to include the appropriate RESTEasy jars in your WAR file. You
will need the core classes in the resteasy-jaxrs module, and you may need additional facilities like
the resteasy-jaxb-provider module. We strongly suggest that you use Maven to build your WAR
files as RESTEasy is split into a bunch of different modules:


org.jboss.resteasy
resteasy-jaxrs
${resteasy.version}


org.jboss.resteasy
resteasy-jaxb-provider
${resteasy.version}


You can see sample Maven projects in https://github.com/resteasy/resteasy-examples.
If you are not using Maven, you can include the necessary jars by hand. If you download
RESTEasy (from http://resteasy.jboss.org/downloads.html, for example) you will get a file like
resteasy-jaxrs--all.zip. If you unzip it you will see a lib/ directory that contains the libraries
needed by RESTEasy. Copy these, as needed, into your /WEB-INF/lib directory. Place your JAX-

8

Servlet 3.0 containers

RS annotated class resources and providers within one or more jars within /WEB-INF/lib or your
raw class files within /WEB-INF/classes.

3.3.1. Servlet 3.0 containers
RESTEasy uses the ServletContainerInitializer integration interface in Servlet 3.0 containers to initialize an application, automatically scanning for resources and providers. To enable automatic scanning, you must also include the resteasy-servlet-initializer artifact in your
WAR file as well:


org.jboss.resteasy
resteasy-servlet-initializer
${resteasy.version}


3.3.2. Older servlet containers
The resteasy-servlet-initializer artifact will not work in Servlet versions older than
3.0. You'll then have to manually declare the RESTEasy servlet in your WEB-INF/web.xml
file of your WAR project, and you'll have to use an Application class (see Section 3.5,
“javax.ws.rs.core.Application”) which explicitly lists resources and providers. For example:


Archetype Created Web Application

Resteasy

org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher


javax.ws.rs.Application
com.restfully.shop.services.ShoppingApplication



Resteasy
/*


9

Chapter 3. Installation/Confi...



The RESTEasy servlet is responsible for initializing some basic components of RESTEasy.
Note. It is likely that support for pre-3.0 Servlet specifications will be deprecated and eliminated
eventually.

3.4. Configuration switches
RESTEasy receives configuration options from  elements.

Table 3.2.
Option Name

Default Value

resteasy.servlet.mapping.prefix no default

Description
If the url-pattern for the
RESTEasy servlet-mapping is
not /*

resteasy.scan

false

Automatically scan WEB-INF/
lib jars and WEB-INF/classes
directory for both @Provider
and JAX-RS resource classes (@Path, @GET, @POST
etc..) and register them.
This property is deprecated; please use a Servlet
3.0 container or higher and
the ResteasyServletInitializer
instead.

resteasy.scan.providers

false

Scan for @Provider classes
and register them. This property is deprecated; please use
a Servlet 3.0 container or higher and the ResteasyServletInitializer instead.

resteasy.scan.resources

false

Scan for JAX-RS resource
classes. This property is deprecated; please use a Servlet
3.0 container or higher and
the ResteasyServletInitializer
instead.

resteasy.providers

no default

A comma delimited list of fully qualified @Provider class
names you want to register

10

Configuration switches

Option Name

Default Value

Description

resteasy.use.builtin.providers

true

Whether or not to register default, built-in @Provider classes

resteasy.resources

no default

A comma delimited list of fully qualified JAX-RS resource
class names you want to register

resteasy.jndi.resources

no default

A comma delimited list of JNDI
names which reference objects you want to register as
JAX-RS resources

javax.ws.rs.Application

no default

Fully qualified name of Application class to bootstrap in a
spec portable way

resteasy.media.type.mappings no default

Replaces the need for an Accept header by mapping file
name extensions (like .xml
or .txt) to a media type. Used
when the client is unable
to use an Accept header to
choose a representation (i.e.
a browser). See Chapter 19,
JAX-RS Content Negotiation
for more details.

resteasy.language.mappings

no default

Replaces the need for an
Accept-Language header by
mapping file name extensions
(like .en or .fr) to a language.
Used when the client is unable to use an Accept-Language header to choose a language (i.e. a browser). See
Chapter 19, JAX-RS Content
Negotiation for more details.

resteasy.media.type.param.mapping
no default

Names a query parameter that
can be set to an acceptable
media type, enabling content
negotiation without an Accept
header. See Chapter 19, JAXRS Content Negotiation for
more details.

11

Chapter 3. Installation/Confi...

Option Name

Default Value

Description

resteasy.role.based.security

false

Enables role based security. See Chapter 42, Securing JAX-RS and RESTEasy for
more details.

resteasy.document.expand.entity.references
false

Expand external entities in
org.w3c.dom.Document documents and JAXB object representations

resteasy.document.secure.processing.feature
true

Impose
straints

security
conin
processing

org.w3c.dom.Document documents and JAXB object representations
resteasy.document.secure.disableDTDs
true

Prohibit
DTDs
in
org.w3c.dom.Document documents and JAXB object representations

resteasy.wider.request.matchingfalse

Turns off the JAX-RS spec
defined class-level expression
filtering and instead tries to
match version every method's
full path.

resteasy.use.container.form.params
false

Obtain
meters

form
by

parausing

HttpServletRequest.getParameterMap().
Use this switch if you are calling this method within a servlet
filter or eating the input stream
within the filter.
resteasy.rfc7232preconditions false

Enables RFC7232 compliant
HTTP preconditions handling.

resteasy.gzip.max.input

Imposes maximum size on decompressed gzipped .

10000000

resteasy.secure.random.max.use
100

The number of times a SecureRandom can be used before reseeding.

resteasy.buffer.exception.entity true

Upon receiving an exception,
the client side buffers any response entity before closing
the connection.

12

Configuration switches

Option Name

Default Value

Description

resteasy.add.charset

true

If a resource method returns
a text/* or application/xml* media type without an explicit
charset, RESTEasy will add
"charset=UTF-8" to the returned Content-Type header.
Note that the charset defaults
to UTF-8 in this case, independent of the setting of this parameter.

jaxrs.2.0.request.matching

false

In searching for a matching resource method with which to
respond to a request, consider only resource methods with
the best match for the request
path. See JAX-RS 2.0 Matching Algorithm for discussion.

resteasy.disable.html.sanitizer false

Normally, a response with media type "text/html" and a status of 400 will be processed
so that the characters "/", "<",
">", "&", """ (double quote), and
"'" (single quote) are escaped
to prevent an XSS attack. If
this parameter is set to "true",
escaping will not occur.

Note. The resteasy.servlet.mapping.prefix  variable must be set if your servletmapping for the RESTEasy servlet has a url-pattern other than /*. For example, if the url-pattern is


Resteasy
/restful-services/*


Then the value of resteasy.servlet.mapping.prefix must be:


resteasy.servlet.mapping.prefix
/restful-services

13

Chapter 3. Installation/Confi...



3.5. javax.ws.rs.core.Application
The javax.ws.rs.core.Application class is a standard JAX-RS class that you may implement
to provide information on your deployment. It is simply a class the lists all JAX-RS root resources
and providers.

/**
* Defines the components of a JAX-RS application and supplies additional
* metadata. A JAX-RS application or implementation supplies a concrete
* subclass of this abstract class.
*/
public abstract class Application
{
private static final Set emptySet = Collections.emptySet();
/**
* Get a set of root resource and provider classes. The default lifecycle
* for resource class instances is per-request. The default lifecycle for
* providers is singleton.
* 

* 
Implementations should warn about and ignore classes that do not
* conform to the requirements of root resource or provider classes.
* Implementations should warn about and ignore classes for which
* {@link #getSingletons()} returns an instance. Implementations MUST
* NOT modify the returned set.

*
* @return a set of root resource and provider classes. Returning null
* is equivalent to returning an empty set.
*/
public abstract Set> getClasses();
/**
* Get a set of root resource and provider instances. Fields and properties
* of returned instances are injected with their declared dependencies
* (see {@link Context}) by the runtime prior to use.
* 

* 
Implementations should warn about and ignore classes that do not
* conform to the requirements of root resource or provider classes.
* Implementations should flag an error if the returned set includes
* more than one instance of the same class. Implementations MUST
* NOT modify the returned set.

* 

* 
The default implementation returns an empty set.

*

14

RESTEasy as a ServletContextListener

* @return a set of root resource and provider instances. Returning null
* is equivalent to returning an empty set.
*/
public Set getSingletons()
{
return emptySet;
}
}

Note. If your web.xml file does not have a  element, you must use an Application class annotated with @ApplicationPath.

3.6. RESTEasy as a ServletContextListener
This section is pretty much deprecated if you are using a Servlet 3.0 container or higher. Skip it if
you are and read the configuration section above on installing in Servlet 3.0. The initialization of
RESTEasy can be performed within a ServletContextListener instead of within the Servlet. You
may need this if you are writing custom Listeners that need to interact with RESTEasy at boot
time. An example of this is the RESTEasy Spring integration that requires a Spring ServletContextListener. The org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap class is a ServletContextListener that configures an instance of an ResteasyProviderFactory and Registry. You can
obtain instances of a ResteasyProviderFactory and Registry from the ServletContext attributes
org.jboss.resteasy.spi.ResteasyProviderFactory and org.jboss.resteasy.spi.Registry. From these
instances you can programmatically interact with RESTEasy registration interfaces.




org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap




Resteasy

org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher



Resteasy

15

Chapter 3. Installation/Confi...

/Resteasy/*



3.7. RESTEasy as a Servlet Filter
This section is pretty much deprecated if you are using a Servlet 3.0 container or higher. Skip it
if you are and read the configuration section above on installing in Servlet 3.0. The downside of
running RESTEasy as a Servlet is that you cannot have static resources like .html and .jpeg files
in the same path as your JAX-RS services. RESTEasy allows you to run as a Filter instead. If
a JAX-RS resource is not found under the URL requested, RESTEasy will delegate back to the
base servlet container to resolve URLs.



Resteasy

org.jboss.resteasy.plugins.server.servlet.FilterDispatcher


javax.ws.rs.Application
com.restfully.shop.services.ShoppingApplication



Resteasy
/*



3.8. Client side
JAX-RS 2.0 conforming implementations such as RESTEasy support a client side framework
which simplifies communicating with restful applications. In RESTEasy, the minimal set of modules
needed for the client framework consists of resteasy-jaxrs and resteasy-client. You can access
them by way of maven:



16

Client side

org.jboss.resteasy
resteasy-jaxrs
${resteasy.version}


org.jboss.resteasy
resteasy-client
${resteasy.version}


Other modules, such as resteasy-jaxb-provider, may be brought in as needed.

17

18

Chapter 4.

Chapter 4. Using @Path and @GET,
@POST, etc.
@Path("/library")
public class Library {
@GET
@Path("/books")
public String getBooks() {...}
@GET
@Path("/book/{isbn}")
public String getBook(@PathParam("isbn") String id) {
// search my database and get a string representation and return it
}
@PUT
@Path("/book/{isbn}")
public void addBook(@PathParam("isbn") String id, @QueryParam("name") String
name) {...}
@DELETE
@Path("/book/{id}")
public void removeBook(@PathParam("id") String id {...}
}

Let's say you have the RESTEasy servlet configured and reachable at a root path of http://
myhost.com/services. The requests would be handled by the Library class:
• GET http://myhost.com/services/library/books
• GET http://myhost.com/services/library/book/333
• PUT http://myhost.com/services/library/book/333
• DELETE http://myhost.com/services/library/book/333
The @javax.ws.rs.Path annotation must exist on either the class and/or a resource method. If it
exists on both the class and method, the relative path to the resource method is a concatenation
of the class and method.
In the @javax.ws.rs package there are annotations for each HTTP method. @GET, @POST,
@PUT, @DELETE, and @HEAD. You place these on public methods that you want to map to

19

Chapter 4. Using @Path and @G...

that certain kind of HTTP method. As long as there is a @Path annotation on the class, you do
not have to have a @Path annotation on the method you are mapping. You can have more than
one HTTP method as long as they can be distinguished from other methods.
When you have a @Path annotation on a method without an HTTP method, these are called
JAXRSResourceLocators.

4.1. @Path and regular expression mappings
The @Path annotation is not limited to simple path expressions. You also have the ability to insert
regular expressions into @Path's value. For example:

@Path("/resources)
public class MyResource {
@GET
@Path("{var:.*}/stuff")
public String get() {...}
}

The following GETs will route to the getResource() method:

GET /resources/stuff
GET /resources/foo/stuff
GET /resources/on/and/on/stuff

The format of the expression is:

"{" variable-name [ ":" regular-expression ] "}"

The regular-expression part is optional. When the expression is not provided, it defaults to a
wildcard matching of one particular segment. In regular-expression terms, the expression defaults
to

"([]*)"

For example:

20

JAX-RS 2.0 Matching Algorithm

@Path("/resources/{var}/stuff")
will match these:

GET /resources/foo/stuff
GET /resources/bar/stuff

but will not match:

GET /resources/a/bunch/of/stuff

4.2. JAX-RS 2.0 Matching Algorithm
The resource method matching algorithm mandated by JAX-RS 2.1 is more inclusive that that of
JAX-RS 2.0. There are three stages in each of the matching algorithms:

1. Use the request path to choose possible resource classes.
2. Use the request path to choose possible resource methods.
3. Use the HTTP verb and media types, coming and going, to choose a final resource method.
In JAX-RS 2.1, step 2 determines the set of matching resource methods and passes it on to step
3. However, in JAX-RS 2.0, that set is sorted, based on properties of @Path values like number
of literals, and only the maximal elements are passed on to step 3. It follows that in some cases,
the newer algorithm will find some matches that the earlier algoritm misses. For example,

@Path("/")
public static class TestResource
{
@GET
@Path("complex/match")
public String get()
{
return "content";
}
@POST
@Path("complex/{param}")

21

Chapter 4. Using @Path and @G...

public String post(@PathParam("param") String param)
{
return "<" + param + "/>";
}
}

Both methods can match a request with path "complex/match", but get() comes out ahead of
post() in the JAX-RS 2.0 sort because it has more literal characters, and only get() is considered
in step 3. [For more details about the sort, see the specification for JAX-RS 2.0.] Therefore, a
request that expects a POST method will fail.
On the other hand, both methods are passed on to step 3 in the JAX-RS 2.1 algorithm, so post()
is available as a potential match.
The algorithm from JAX-RS 2.1 would seem to be preferable, but, in case the earlier behavior is expected for backwards compatibility, RESTEasy provides a configuration switch,
"jaxrs.2.0.request.matching", which, if set to "true", will cause the JAX-RS 2.0 matching to be
used. The default value, of course, is "false".

22

Chapter 5.

Chapter 5. @PathParam
Note
RESTEasy supports @PathParam annotations with no parameter name..

@PathParam is a parameter annotation which allows you to map variable URI path fragments
into your method call.

@Path("/library")
public class Library {
@GET
@Path("/book/{isbn}")
public String getBook(@PathParam("isbn") String id) {
// search my database and get a string representation and return it
}
}

What this allows you to do is embed variable identification within the URIs of your resources. In
the above example, an isbn URI parameter is used to pass information about the book we want to
access. The parameter type you inject into can be any primitive type, a String, or any Java object
that has a constructor that takes a String parameter, or a static valueOf method that takes a String
as a parameter. For example, lets say we wanted isbn to be a real object. We could do:

@GET
@Path("/book/{isbn}")
public String getBook(@PathParam("isbn") ISBN id) {...}
public class ISBN {
public ISBN(String str) {...}
}

Or instead of a public String constructors, have a valueOf method:

public class ISBN {
public static ISBN valueOf(String isbn) {...}

23

Chapter 5. @PathParam

}

5.1. Advanced @PathParam and Regular Expressions
There are a few more complicated uses of @PathParams not discussed in the previous section.

You are allowed to specify one or more path params embedded in one URI segment. Here are
some examples:

1. @Path("/aaa{param}bbb")
2. @Path("/{name}-{zip}")
3. @Path("/foo{name}-{zip}bar")

So, a URI of "/aaa111bbb" would match #1. "/bill-02115" would match #2. "foobill-02115bar" would
match #3.

We discussed before how you can use regular expression patterns within @Path values.

@GET
@Path("/aaa{param:b+}/{many:.*}/stuff")
public String getIt(@PathParam("param") String bs, @PathParam("many") String
many) {...}

For the following requests, lets see what the values of the "param" and "many" @PathParams
would be:

Table 5.1.
Request

param

many

GET /aaabb/some/stuff

bb

some

GET /aaab/a/lot/of/stuff

b

a/lot/of

5.2. @PathParam and PathSegment
The specification has a very simple abstraction for examining a fragment of the URI path being
invoked on javax.ws.rs.core.PathSegment:

24

@PathParam and PathSegment

public interface PathSegment {
/**
* Get the path segment.
* 

* @return the path segment
*/
String getPath();
/**
* Get a map of the matrix parameters associated with the path segment
* @return the map of matrix parameters
*/
MultivaluedMap getMatrixParameters();
}

You can have RESTEasy inject a PathSegment instead of a value with your @PathParam.

@GET
@Path("/book/{id}")
public String getBook(@PathParam("id") PathSegment id) {...}

This is very useful if you have a bunch of @PathParams that use matrix parameters. The idea
of matrix parameters is that they are an arbitrary set of name-value pairs embedded in a uri path
segment. The PathSegment object gives you access to these parameters. See also MatrixParam.
A matrix parameter example is:
GET http://host.com/library/book;name=EJB 3.0;author=Bill Burke
The basic idea of matrix parameters is that it represents resources that are addressable by their
attributes as well as their raw id.

25

26

Chapter 6.

Chapter 6. @QueryParam
Note
RESTEasy supports @QueryParam annotations with no parameter name..

The @QueryParam annotation allows you to map a URI query string parameter or url form encoded parameter to your method invocation.
GET /books?num=5

@GET
public String getBooks(@QueryParam("num") int num) {
...
}

Currently since RESTEasy is built on top of a Servlet, it does not distinguish between URI query
strings or url form encoded parameters. Like PathParam, your parameter type can be an String,
primitive, or class that has a String constructor or static valueOf() method.

27

28

Chapter 7.

Chapter 7. @HeaderParam
Note
RESTEasy supports @HeaderParam annotations with no parameter name..

The @HeaderParam annotation allows you to map a request HTTP header to your method invocation.
GET /books?num=5

@GET
public String getBooks(@HeaderParam("From") String from) {
...
}

Like PathParam, your parameter type can be an String, primitive, or class that has a String constructor or static valueOf() method. For example, MediaType has a valueOf() method and you
could do:

@PUT
public void put(@HeaderParam("Content-Type") MediaType contentType, ...)

29

30

Chapter 8.

Chapter 8. Linking resources
There are two mechanisms available in RESTEasy to link a resource to another, and to link resources to operations: the Link HTTP header, and Atom links inside the resource representations.

8.1. Link Headers
RESTEasy
has
both
client
and
server
side
support
for
the
header
specification
[http://tools.ietf.org/html/draft-nottingham-http-link-header-06].
the javadocs for org.jboss.resteasy.spi.LinkHeader, org.jboss.resteasy.spi.Link,
org.jboss.resteasy.client.ClientResponse.

Link
See
and

The main advantage of Link headers over Atom links in the resource is that those links are available without parsing the entity body.

8.2. Atom links in the resource representations
RESTEasy allows you to inject Atom links [http://tools.ietf.org/html/rfc4287#section-4.2.7] directly
inside the entity objects you are sending to the client, via auto-discovery.

Warning
This is only available when using the Jettison or JAXB providers (for JSON and
XML).

The main advantage over Link headers is that you can have any number of Atom links directly
over the concerned resources, for any number of resources in the response. For example, you
can have Atom links for the root response entity, and also for each of its children entities.

8.2.1. Configuration
There is no configuration required to be able to inject Atom links in your resource representation,
you just have to have this maven artifact in your path:

Table 8.1. Maven artifact for Atom link injection
Group

Artifact

Version

org.jboss.resteasy

resteasy-links

3.6.2.Final

8.2.2. Your first links injected
You need three things in order to tell RESTEasy to inject Atom links in your entities:
• Annotate the JAX-RS method with @AddLinks to indicate that you want Atom links injected in
your response entity.

31

Chapter 8. Linking resources

• Add RESTServiceDiscovery fields to the resource classes where you want Atom links injected.
• Annotate the JAX-RS methods you want Atom links for with @LinkResource, so that RESTEasy
knows which links to create for which resources.
The following example illustrates how you would declare everything in order to get the Atom links
injected in your book store:

@Path("/")
@Consumes({"application/xml", "application/json"})
@Produces({"application/xml", "application/json"})
public interface BookStore {
@AddLinks
@LinkResource(value = Book.class)
@GET
@Path("books")
public Collection getBooks();
@LinkResource
@POST
@Path("books")
public void addBook(Book book);
@AddLinks
@LinkResource
@GET
@Path("book/{id}")
public Book getBook(@PathParam("id") String id);
@LinkResource
@PUT
@Path("book/{id}")
public void updateBook(@PathParam("id") String id, Book book);
@LinkResource(value = Book.class)
@DELETE
@Path("book/{id}")
public void deleteBook(@PathParam("id") String id);
}

And this is the definition of the Book resource:

@Mapped(namespaceMap = @XmlNsMap(jsonName
www.w3.org/2005/Atom"))
@XmlRootElement
@XmlAccessorType(XmlAccessType.NONE)

32

=

"atom",

namespace

=

"http://

Your first links injected

public class Book {
@XmlAttribute
private String author;
@XmlID
@XmlAttribute
private String title;
@XmlElementRef
private RESTServiceDiscovery rest;
}

If you do a GET /order/foo you will then get this XML representation:






href="http://localhost:8081/books" rel="add"/>
href="http://localhost:8081/book/foo" rel="self"/>
href="http://localhost:8081/book/foo" rel="update"/>
href="http://localhost:8081/book/foo" rel="remove"/>

And in JSON format:

{
"book":
{
"@title":"foo",
"@author":"bar",
"atom.link":
[
{"@href":"http://localhost:8081/books","@rel":"list"},
{"@href":"http://localhost:8081/books","@rel":"add"},
{"@href":"http://localhost:8081/book/foo","@rel":"self"},
{"@href":"http://localhost:8081/book/foo","@rel":"update"},
{"@href":"http://localhost:8081/book/foo","@rel":"remove"}
]
}
}

33

Chapter 8. Linking resources

8.2.3. Customising how the Atom links are serialised
Because the RESTServiceDiscovery is in fact a JAXB type which inherits from List you are free
to annotate it as you want to customise the JAXB serialisation, or just rely on the default with
@XmlElementRef.

8.2.4. Specifying which JAX-RS methods are tied to which resources
This is all done by annotating the methods with the @LinkResource annotation. It supports the
following optional parameters:

Table 8.2.
@LinkResource

parameters

Parameter

Type

Function

Default

value

Class

Declares an Atom link Defaults to the enfor the given type of re- tity body type (nonsources.
annotated parameter),
or the method's return type. This default
does not work with
Response or Collection types, they need
to be explicitly specified.

rel

String

The Atom link relation list
For GET methods
returning a Collection

self
For GET methods returning a
non-Collection
remove
For DELETE methods
update
For PUT methods
add
For POST methods

34

Specifying path parameter values for URI templates
You can add several @LinkResource annotations on a single method by enclosing them in a
@LinkResources annotation. This way you can add links to the same method on several resource
types. For example the /order/foo/comments operation can belongs on the Order resource with
the comments relation, and on the Comment resource with the list relation.

8.2.5. Specifying path parameter values for URI templates
When RESTEasy adds links to your resources it needs to insert the right values in the URI template. This is done either automatically by guessing the list of values from the entity, or by specifying the values in the @LinkResource pathParameters parameter.

8.2.5.1. Loading URI template values from the entity
URI template values are extracted from the entity from fields or Java Bean properties annotated
with @ResourceID, JAXB's @XmlID or JPA's @Id. If there are more than one URI template value
to find in a given entity, you can annotate your entity with @ResourceIDs to list the names of
fields or properties that make up this entity's Id. If there are other URI template values required
from a parent entity, we try to find that parent in a field or Java Bean property annotated with
@ParentResource. The list of URI template values extracted up every @ParentResource is then

reversed and used as the list of values for the URI template.
For example, let's consider the previous Book example, and a list of comments:

@XmlRootElement
@XmlAccessorType(XmlAccessType.NONE)
public class Comment {
@ParentResource
private Book book;
@XmlElement
private String author;
@XmlID
@XmlAttribute
private String id;
@XmlElementRef
private RESTServiceDiscovery rest;
}

Given the previous book store service augmented with comments:

@Path("/")
@Consumes({"application/xml", "application/json"})
@Produces({"application/xml", "application/json"})
public interface BookStore {

35

Chapter 8. Linking resources

@AddLinks
@LinkResources({
@LinkResource(value = Book.class, rel = "comments"),
@LinkResource(value = Comment.class)
})
@GET
@Path("book/{id}/comments")
public Collection getComments(@PathParam("id") String bookId);

@AddLinks
@LinkResource
@GET
@Path("book/{id}/comment/{cid}")
public Comment getComment(@PathParam("id") String bookId, @PathParam("cid") String commentI
@LinkResource
@POST
@Path("book/{id}/comments")
public void addComment(@PathParam("id") String bookId, Comment comment);

@LinkResource
@PUT
@Path("book/{id}/comment/{cid}")
public void updateComment(@PathParam("id") String bookId, @PathParam("cid") String commentI

@LinkResource(Comment.class)
@DELETE
@Path("book/{id}/comment/{cid}")
public void deleteComment(@PathParam("id") String bookId, @PathParam("cid") String commentI
}

Whenever we need to make links for a Book entity, we look up the ID in the Book's @XmlID property.
Whenever we make links for Comment entities, we have a list of values taken from the Comment's
@XmlID and its @ParentResource: the Book and its @XmlID.
For a Comment with id "1" on a Book with title "foo" we will therefore get a list of URI template
values of {"foo", "1"}, to be replaced in the URI template, thus obtaining either "/book/foo/
comments" or "/book/foo/comment/1".

8.2.5.2. Specifying path parameters manually
If you do not want to annotate your entities with resource ID annotations (@ResourceID, @ResourceIDs, @XmlID or @Id) and @ParentResource, you can also specify the URI template values
inside the @LinkResource annotation, using Unified Expression Language expressions:

Table 8.3.

36

Specifying path parameter values for URI templates
@LinkResource

URI template parameter

Parameter

Type

Function

Default

pathParameters

String[]

Declares a list of UEL
expressions to obtain
the URI template values.

Defaults

to using
@ResourceID,
@ResourceIDs, @XmlID or
@Id and @ParentResource annotations to
extract the values
from the model.

The UEL expressions are evaluated in the context of the entity, which means that any unqualified
variable will be taken as a property for the entity itself, with the special variable this bound to
the entity we're generating links for.
The previous example of Comment service could be declared as such:

@Path("/")
@Consumes({"application/xml", "application/json"})
@Produces({"application/xml", "application/json"})
public interface BookStore {
@AddLinks
@LinkResources({
@LinkResource(value = Book.class, rel = "comments", pathParameters = "${title}"),
@LinkResource(value = Comment.class, pathParameters = {"${book.title}", "${id}"})
})
@GET
@Path("book/{id}/comments")
public Collection getComments(@PathParam("id") String bookId);

@AddLinks
@LinkResource(pathParameters = {"${book.title}", "${id}"})
@GET
@Path("book/{id}/comment/{cid}")
public Comment getComment(@PathParam("id") String bookId, @PathParam("cid") String commentI
@LinkResource(pathParameters = {"${book.title}", "${id}"})
@POST
@Path("book/{id}/comments")
public void addComment(@PathParam("id") String bookId, Comment comment);

@LinkResource(pathParameters = {"${book.title}", "${id}"})
@PUT
@Path("book/{id}/comment/{cid}")
public void updateComment(@PathParam("id") String bookId, @PathParam("cid") String commentI
@LinkResource(Comment.class, pathParameters = {"${book.title}", "${id}"})

37

Chapter 8. Linking resources

@DELETE

@Path("book/{id}/comment/{cid}")
public void deleteComment(@PathParam("id") String bookId, @PathParam("cid") String commentI
}

8.2.6. Securing entities
You can restrict which links are injected in the resource based on security restrictions for the client,
so that if the current client doesn't have permission to delete a resource he will not be presented
with the "delete" link relation.
Security restrictions can either be specified on the @LinkResource annotation, or using RESTEasy
and EJB's security annotation @RolesAllowed on the JAX-RS method.

Table 8.4.
@LinkResource

security restrictions

Parameter

Type

Function

Default

constraint

String

A UEL expression Defaults to using
which must evaluate @RolesAllowed from
to true to inject this the JAX-RS method.
method's link in the response entity.

8.2.7. Extending the UEL context
We've seen that both the URI template values and the security constraints of @LinkResource use
UEL to evaluate expressions, and we provide a basic UEL context with access only to the entity
we're injecting links in, and nothing more.
If you want to add more variables or functions in this context, you can by adding a @LinkELProvider annotation on the JAX-RS method, its class, or its package. This annotation's value
should point to a class that implements the ELProvider interface, which wraps the default ELContext in order to add any missing functions.
For example, if you want to support the Seam annotation s:hasPermission(target, permission) in your security constraints, you can add a package-info.java file like this:

@LinkELProvider(SeamELProvider.class)
package org.jboss.resteasy.links.test;
import org.jboss.resteasy.links.*;

With the following provider implementation:

38

Extending the UEL context

package org.jboss.resteasy.links.test;
import
import
import
import

javax.el.ELContext;
javax.el.ELResolver;
javax.el.FunctionMapper;
javax.el.VariableMapper;

import org.jboss.seam.el.SeamFunctionMapper;
import org.jboss.resteasy.links.ELProvider;
public class SeamELProvider implements ELProvider {
public ELContext getContext(final ELContext ctx) {
return new ELContext() {
private SeamFunctionMapper functionMapper;
@Override
public ELResolver getELResolver() {
return ctx.getELResolver();
}
@Override
public FunctionMapper getFunctionMapper() {
if (functionMapper == null)
functionMapper = new SeamFunctionMapper(ctx
.getFunctionMapper());
return functionMapper;
}
@Override
public VariableMapper getVariableMapper() {
return ctx.getVariableMapper();
}
};
}
}

And then use it as such:

@Path("/")
@Consumes({"application/xml", "application/json"})
@Produces({"application/xml", "application/json"})
public interface BookStore {

39

Chapter 8. Linking resources

@AddLinks
@LinkResources({
@LinkResource(value=Book.class,rel="comments",constraint="${s:hasPermission(this,
'add-comment')}"),
@LinkResource(value = Comment.class, constraint = "${s:hasPermission(this,
'insert')}")
})
@GET
@Path("book/{id}/comments")
public Collection getComments(@PathParam("id") String bookId);

@AddLinks
@LinkResource(constraint = "${s:hasPermission(this, 'read')}")
@GET
@Path("book/{id}/comment/{cid}")
public Comment getComment(@PathParam("id") String bookId, @PathParam("cid") String commentI
@LinkResource(constraint = "${s:hasPermission(this, 'insert')}")
@POST
@Path("book/{id}/comments")
public void addComment(@PathParam("id") String bookId, Comment comment);

@LinkResource(constraint = "${s:hasPermission(this, 'update')}")
@PUT
@Path("book/{id}/comment/{cid}")
public void updateComment(@PathParam("id") String bookId, @PathParam("cid") String commentI

@LinkResource(Comment.class, constraint = "${s:hasPermission(this,
'delete')}")
@DELETE
@Path("book/{id}/comment/{cid}")
public void deleteComment(@PathParam("id") String bookId, @PathParam("cid") String commentI
}

8.2.8. Resource facades
Sometimes it is useful to add resources which are just containers or layers on other resources. For
example if you want to represent a collection of Comment with a start index and a certain number
of entries, in order to implement paging. Such a collection is not really an entity in your model, but
it should obtain the "add" and "list" link relations for the Comment entity.
This is possible using resource facades. A resource facade is a resource which implements the
ResourceFacade interface for the type T, and as such, should receive all links for that type.
Since in most cases the instance of the T type is not directly available in the resource facade,
we need another way to extract its URI template values, and this is done by calling the resource
facade's pathParameters() method to obtain a map of URI template values by name. This map

40

Resource facades

will be used to fill in the URI template values for any link generated for T, if there are enough
values in the map.
Here is an example of such a resource facade for a collection of Comments:

@XmlRootElement
@XmlAccessorType(XmlAccessType.NONE)
public class ScrollableCollection implements ResourceFacade {
private String bookId;
@XmlAttribute
private int start;
@XmlAttribute
private int totalRecords;
@XmlElement
private List comments = new ArrayList();
@XmlElementRef
private RESTServiceDiscovery rest;
public Class facadeFor() {
return Comment.class;
}
public Map pathParameters() {
HashMap map = new HashMap();
map.put("id", bookId);
return map;
}
}

This will produce such an XML collection:






great book







terrible book

41

Chapter 8. Linking resources









42

Chapter 9.

Chapter 9. @MatrixParam
Note
RESTEasy supports @MatrixParam annotations with no parameter name..

The idea of matrix parameters is that they are an arbitrary set of name-value pairs embedded in
a uri path segment. A matrix parameter example is:
GET http://host.com/library/book;name=EJB 3.0;author=Bill Burke
The basic idea of matrix parameters is that it represents resources that are addressable by their
attributes as well as their raw id. The @MatrixParam annotation allows you to inject URI matrix
parameters into your method invocation

@GET
public String getBook(@MatrixParam("name") String name, @MatrixParam("author")
String author) {...}

There is one big problem with @MatrixParam that the current version of the specification does
not resolve. What if the same MatrixParam exists twice in different path segments? In this case,
right now, its probably better to use PathParam combined with PathSegment.

43

44

Chapter 10.

Chapter 10. @CookieParam
Note
RESTEasy supports @CookieParam annotations with no parameter name..

The @CookieParam annotation allows you to inject the value of a cookie or an object representation of an HTTP request cookie into your method invocation
GET /books?num=5

@GET
public String getBooks(@CookieParam("sessionid") int id) {
...
}
@GET
public
{...}

String

getBooks(@CookieParam("sessionid")

javax.ws.rs.core.Cookie

id)

Like PathParam, your parameter type can be an String, primitive, or class that has a String constructor or static valueOf() method. You can also get an object representation of the cookie via
the javax.ws.rs.core.Cookie class.

45

46

Chapter 11.

Chapter 11. @FormParam
Note
RESTEasy supports @FormParam annotations with no parameter name..

When the input request body is of the type "application/x-www-form-urlencoded", a.k.a. an HTML
Form, you can inject individual form parameters from the request body into method parameter
values.



First name:



Last name:




If you post through that form, this is what the service might look like:

@Path("/")
public class NameRegistry {
@Path("/resources/service")
@POST
public
void
addName(@FormParam("firstname")
@FormParam("lastname") String last) {...}

String

first,

You cannot combine @FormParam with the default "application/x-www-form-urlencoded" that unmarshalls to a MultivaluedMap. i.e. This is illegal:

@Path("/")
public class NameRegistry {
@Path("/resources/service")
@POST
@Consumes("application/x-www-form-urlencoded")

47

Chapter 11. @FormParam

public

void

addName(@FormParam("firstname")

MultivaluedMap form) {...}

48

String

first,

Chapter 12.

Chapter 12. @Form
This is a RESTEasy specific annotation that allows you to re-use any @*Param annotation within an injected class. RESTEasy will instantiate the class and inject values into any annotated
@*Param or @Context property. This is useful if you have a lot of parameters on your method
and you want to condense them into a value object.

public class MyForm {
@FormParam("stuff")
private int stuff;
@HeaderParam("myHeader")
private String header;
@PathParam("foo")
public void setFoo(String foo) {...}
}

@POST
@Path("/myservice")
public void post(@Form MyForm form) {...}

When somebody posts to /myservice, RESTEasy will instantiate an instance of MyForm and inject
the form parameter "stuff" into the "stuff" field, the header "myheader" into the header field, and
call the setFoo method with the path param variable of "foo".

Also, @Form has some expanded @FormParam features. If you specify a prefix within the Form
param, this will prepend a prefix to any form parameter lookup. For example, let's say you have
one Address class, but want to reference invoice and shipping addresses from the same set of
form parameters:

public static class Person
{
@FormParam("name")
private String name;
@Form(prefix = "invoice")
private Address invoice;

49

Chapter 12. @Form

@Form(prefix = "shipping")
private Address shipping;
}
public static class Address
{
@FormParam("street")
private String street;
}
@Path("person")
public static class MyResource
{
@POST
@Produces(MediaType.TEXT_PLAIN)
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public String post(@Form Person p)
{
return p.toString();
}
}

In this example, the client could send the following form parameters:

name=bill
invoice.street=xxx
shipping.street=yyy

The Person.invoice and Person.shipping fields would be populated appropriately. Also, prefix
mappings also support lists and maps:

public static class Person {
@Form(prefix="telephoneNumbers") List telephoneNumbers;
@Form(prefix="address") Map addresses;
}
public static class TelephoneNumber {
@FormParam("countryCode") private String countryCode;
@FormParam("number") private String number;
}
public static class Address {
@FormParam("street") private String street;
@FormParam("houseNumber") private String houseNumber;

50

}
@Path("person")
public static class MyResource {
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public void post (@Form Person p) {}

The following form params could be submitted and the Person.telephoneNumbers and
Person.addresses fields would be populated appropriately

request.addFormHeader("telephoneNumbers[0].countryCode", "31");
request.addFormHeader("telephoneNumbers[0].number", "0612345678");
request.addFormHeader("telephoneNumbers[1].countryCode", "91");
request.addFormHeader("telephoneNumbers[1].number", "9717738723");
request.addFormHeader("address[INVOICE].street", "Main Street");
request.addFormHeader("address[INVOICE].houseNumber", "2");
request.addFormHeader("address[SHIPPING].street", "Square One");
request.addFormHeader("address[SHIPPING].houseNumber", "13");

51

52

Chapter 13.

Chapter 13. Improved
annotations

@…Param

With the addition of parameter names in the bytecode since Java 8, it is no longer necessary
to require users to specify parameter names in the following annotations: @PathParam, @QueryParam, @FormParam, @CookieParam, @HeaderParam and @MatrixParam. In order to benefit from
this feature, you have to switch to new annotations with the same name, in a different package,
which have an optional value parameter. To use this, follow these steps:

• Import the org.jboss.resteasy.annotations.jaxrs package to replace annotations from
the JAX-RS spec.
• Tell your build system to record method parameter names in the bytecode.
• Remove the annotation value if the name matches the name of the annotated variable.
Note that you can omit the annotation name for annotated method parameters as well as annotated fields or JavaBean properties.
For Maven users, recording method parameter names in the bytecode can be enabled by setting
the maven.compiler.parameters to true:


true


Usage:

import org.jboss.resteasy.annotations.jaxrs.*;
@Path("/library")
public class Library {
@GET
@Path("/book/{isbn}")
public String getBook(@PathParam String isbn) {
// search my database and get a string representation and return it
}
}

53

Chapter 13. Improved @…Param ...

If your annotated variable does not have the same name as the path parameter, you can still
specify the name:

import org.jboss.resteasy.annotations.jaxrs.*;
@Path("/library")
public class Library {
@GET
@Path("/book/{isbn}")
public String getBook(@PathParam("isbn") String id) {
// search my database and get a string representation and return it
}
}

54

Chapter 14.

Chapter 14. @DefaultValue
@DefaultValue is a parameter annotation that can be combined with any of the other @*Param
annotations to define a default value when the HTTP request item does not exist.

@GET
public String getBooks(@QueryParam("num") @DefaultValue("10") int num) {...}

55

56

Chapter 15.

Chapter 15. @Encoded and
encoding
JAX-RS allows you to get encoded or decoded @*Params and specify path definitions and parameter names using encoded or decoded strings.

The @javax.ws.rs.Encoded annotation can be used on a class, method, or param. By default,
inject @PathParam and @QueryParams are decoded. By additionally adding the @Encoded annotation, the value of these params will be provided in encoded form.

@Path("/")
public class MyResource {
@Path("/{param}")
@GET
public String get(@PathParam("param") @Encoded String param) {...}
}

In the above example, the value of the @PathParam injected into the param of the get() method
will be URL encoded. Adding the @Encoded annotation as a paramater annotation triggers this
affect.
You may also use the @Encoded annotation on the entire method and any combination of
@QueryParam or @PathParam's values will be encoded.

@Path("/")
public class MyResource {
@Path("/{param}")
@GET
@Encoded
public String get(@QueryParam("foo") String foo, @PathParam("param") String
param) {}
}

In the above example, the values of the "foo" query param and "param" path param will be injected
as encoded values.
You can also set the default to be encoded for the entire class.

57

Chapter 15. @Encoded and encoding

@Path("/")
@Encoded
public class ClassEncoded {
@GET
public String get(@QueryParam("foo") String foo) {}
}

The @Path annotation has an attribute called encode. Controls whether the literal part of the
supplied value (those characters that are not part of a template variable) are URL encoded. If true,
any characters in the URI template that are not valid URI character will be automatically encoded.
If false then all characters must be valid URI characters. By default this is set to true. If you want
to encoded the characters yourself, you may.

@Path(value="hello%20world", encode=false)

Much like @Path.encode(), this controls whether the specified query param name should be encoded by the container before it tries to find the query param in the request.

@QueryParam(value="hello%20world", encode=false)

58

Chapter 16.

Chapter 16. @Context
The @Context annotation allows you to inject instances of

• javax.ws.rs.core.HttpHeaders
• javax.ws.rs.core.UriInfo
• javax.ws.rs.core.Request
• javax.servlet.http.HttpServletRequest
• javax.servlet.http.HttpServletResponse
• javax.servlet.ServletConfig
• javax.servlet.ServletContext
• javax.ws.rs.core.SecurityContext
objects.

59

60

Chapter 17.

Chapter 17. JAX-RS Resource
Locators and Sub Resources
Resource classes are able to partially process a request and provide another "sub" resource object
that can process the remainder of the request. For example:

@Path("/")
public class ShoppingStore {
@Path("/customers/{id}")
public Customer getCustomer(@PathParam("id") int id) {
Customer cust = ...; // Find a customer object
return cust;
}
}
public class Customer {
@GET
public String get() {...}
@Path("/address")
public String getAddress() {...}
}

Resource methods that have a @Path annotation, but no HTTP method are considered sub-resource locators. Their job is to provide an object that can process the request. In the above example ShoppingStore is a root resource because its class is annotated with @Path. The getCustomer() method is a sub-resource locator method.
If the client invoked:

GET /customer/123

The ShoppingStore.getCustomer() method would be invoked first. This method provides a Customer object that can service the request. The http request will be dispatched to the Customer.get()
method. Another example is:

GET /customer/123/address

61

Chapter 17. JAX-RS Resource L...

In this request, again, first the ShoppingStore.getCustomer() method is invoked. A customer object
is returned, and the rest of the request is dispatched to the Customer.getAddress() method.

Another interesting feature of Sub-resource locators is that the locator method result is
dynamically processed at runtime to figure out how to dispatch the request. So, the
ShoppingStore.getCustomer() method does not have to declare any specific type.

@Path("/")
public class ShoppingStore {
@Path("/customers/{id}")
public java.lang.Object getCustomer(@PathParam("id") int id) {
Customer cust = ...; // Find a customer object
return cust;
}
}
public class Customer {
@GET
public String get() {...}
@Path("/address")
public String getAddress() {...}
}

In the above example, getCustomer() returns a java.lang.Object. Per request, at runtime, the JAXRS server will figure out how to dispatch the request based on the object returned by getCustomer(). What are the uses of this? Well, maybe you have a class hierarchy for your customers.
Customer is the abstract base, CorporateCustomer and IndividualCustomer are subclasses. Your
getCustomer() method might be doing a Hibernate polymorphic query and doesn't know, or care,
what concrete class is it querying for, or what it returns.

@Path("/")
public class ShoppingStore {
@Path("/customers/{id}")
public java.lang.Object getCustomer(@PathParam("id") int id) {
Customer cust = entityManager.find(Customer.class, id);
return cust;
}
}

62

public class Customer {
@GET
public String get() {...}
@Path("/address")
public String getAddress() {...}
}
public class CorporateCustomer extends Customer {
@Path("/businessAddress")
public String getAddress() {...}
}

63

64

Chapter 18.

Chapter 18. Resources metadata
configuration
When processing JAX-RS deployments, RESTEasy relies on ResourceBuilder to create metadata for each JAX-RS resource. Such metadata is defined using the metadata SPI in package
org.jboss.resteasy.spi.metadata, in particular the ResourceClass interface:

package org.jboss.resteasy.spi.metadata;
public interface ResourceClass
{
String getPath();
Class getClazz();
ResourceConstructor getConstructor();
FieldParameter[] getFields();
SetterParameter[] getSetters();
ResourceMethod[] getResourceMethods();
ResourceLocator[] getResourceLocators();
}

Among the other classes and interfaces defining metadata SPI, the following interfaces are worth
a mention here:

public interface ResourceConstructor
{
ResourceClass getResourceClass();
Constructor getConstructor();
ConstructorParameter[] getParams();
}
public interface ResourceMethod extends ResourceLocator
{
Set getHttpMethods();

65

Chapter 18. Resources metadat...

MediaType[] getProduces();
MediaType[] getConsumes();
boolean isAsynchronous();
void markAsynchronous();
}
public interface ResourceLocator
{
ResourceClass getResourceClass();
Class getReturnType();
Type getGenericReturnType();
Method getMethod();
Method getAnnotatedMethod();
MethodParameter[] getParams();
String getFullpath();
String getPath();
}

Now, the interesting point is that RESTEasy allows tuning the metadata generation by providing
implementations of the ResourceClassProcessor interface:

package org.jboss.resteasy.spi.metadata;
public interface ResourceClassProcessor
{
/**
* Allows the implementation of this method to modify the resource metadata
represented by
* the supplied {@link ResourceClass} instance. Implementation will typically
create
* wrappers which modify only certain aspects of the metadata.
*
* @param clazz The original metadata

66

* @return the (potentially modified) metadata (never null)
*/
ResourceClass process(ResourceClass clazz);
}

The processors are meant to be, and are resolved as, regular JAX-RS annotated providers. They
allow for wrapping resource metadata classes with custom versions that can be used for various
advanced scenarios like

• adding additional resource method/locators to the resource
• altering the http methods
• altering the @Produces / @Consumes media types
• ...

67

68

Chapter 19.

Chapter 19. JAX-RS Content
Negotiation
The HTTP protocol has built in content negotiation headers that allow the client and server to
specify what content they are transferring and what content they would prefer to get. The server
declares content preferences via the @Produces and @Consumes headers.
@Consumes is an array of media types that a particular resource or resource method consumes.
For example:

@Consumes("text/*")
@Path("/library")
public class Library {
@POST
public String stringBook(String book) {...}
@Consumes("text/xml")
@POST
public String jaxbBook(Book book) {...}
}

When a client makes a request, JAX-RS first finds all methods that match the path, then, it sorts
things based on the content-type header sent by the client. So, if a client sent:

POST /library
Content-Type: text/plain
This is a nice book

The stringBook() method would be invoked because it matches to the default "text/*" media type.
Now, if the client instead sends XML:

POST /library
Content-Type: text/xml


69

Chapter 19. JAX-RS Content Ne...

The jaxbBook() method would be invoked.
The @Produces is used to map a client request and match it up to the client's Accept header.
The Accept HTTP header is sent by the client and defines the media types the client prefers to
receive from the server.

@Produces("text/*")
@Path("/library")
public class Library {
@GET
@Produces("application/json")
public String getJSON() {...}
@GET
public String get() {...}

So, if the client sends:

GET /library
Accept: application/json

The getJSON() method would be invoked.
@Consumes and @Produces can list multiple media types that they support. The client's Accept
header can also send multiple types it might like to receive. More specific media types are chosen
first. The client Accept header or @Produces @Consumes can also specify weighted preferences
that are used to match up requests with resource methods. This is best explained by RFC 2616
section 14.1 . RESTEasy supports this complex way of doing content negotiation.

A variant in JAX-RS is a combination of media type, content-language, and content encoding as well as etags, last modified headers, and other preconditions. This is a more complex
form of content negotiation that is done programmatically by the application developer using the
javax.ws.rs.Variant, VarianListBuilder, and Request objects. Request is injected via @Context.
Read the javadoc for more info on these.

19.1. URL-based negotiation
Some clients, like browsers, cannot use the Accept and Accept-Language headers to negotiation the representation's media type or language. RESTEasy allows you to map file name
suffixes like (.xml, .txt, .en, .fr) to media types and languages. These file name suffixes take
the place and override any Accept header sent by the client. You configure this using the

70

Query String Parameter-based negotiation

resteasy.media.type.mappings and resteasy.language.mappings context-param variables within
your web.xml.


Archetype Created Web Application

resteasy.media.type.mappings
html : text/html, json : application/json, xml : application/
xml


resteasy.language.mappings
en : en-US, es : es, fr : fr

...


Mappings are a comma delimited list of suffix/mediatype or suffix/language mappings. Each mapping is delimited by a ':'. So, if you invoked GET /foo/bar.xml.en, this would be equivalent to invoking the following request:

GET /foo/bar
Accept: application/xml
Accept-Language: en-US

The mapped file suffixes are stripped from the target URL path before the request is dispatched
to a corresponding JAX-RS resource.

19.2. Query String Parameter-based negotiation
RESTEasy can do content negotiation based in a parameter in query string. To enable this, the
web.xml can be configured like follow:


Archetype Created Web Application

resteasy.media.type.param.mapping
someName


71

Chapter 19. JAX-RS Content Ne...

...


The param-value is the name of the query string parameter that RESTEasy will use in the place
of the Accept header.
Invoking http://service.foo.com/resouce?someName=application/xml, will give the application/xml
media type the highest priority in the content negotiation.
In cases where the request contains both the parameter and the Accept header, the parameter
will be more relevant.
It is possible to left the param-value empty, what will cause the processor to look for a parameter
named 'accept'.

72

Chapter 20.

Chapter 20. Content Marshalling/
Providers
20.1. Default Providers and default JAX-RS Content
Marshalling
RESTEasy can automatically marshal and unmarshal a few different message bodies.

Table 20.1.
Media Types

Java Type

application/*+xml, text/*+xml, application/* JaxB annotated classes
+json,
application/*+fastinfoset,
application/atom+*
application/*+xml, text/*+xml

org.w3c.dom.Document

*/*

java.lang.String

*/*

java.io.InputStream

text/plain

primitives, java.lang.String, or any type
that has a String constructor, or static
valueOf(String) method for input, toString() for
output

*/*

javax.activation.DataSource

*/*

java.io.File

*/*

byte[]

application/x-www-form-urlencoded

javax.ws.rs.core.MultivaluedMap

Note. When a java.io.File is created, as in

@Path("/test")
public class TempFileDeletionResource
{
@POST
@Path("post")
public Response post(File file) throws Exception
{
return Response.ok(file.getPath()).build();
}
}

73

Chapter 20. Content Marshalli...

a temporary file is created in the file system. On the server side, that temporary file will be deleted
at the end of the invocation. On the client side, however, it is the responsibility of the user to delete
the temporary file.

20.2. Content Marshalling with @Provider classes
The JAX-RS specification allows you to plug in your own request/response body reader and writers. To do this, you annotate a class with @Provider and specify the @Produces types for a writer
and @Consumes types for a reader. You must also implement a MessageBodyReader/Writer
interface respectively. Here is an example:

@Provider
@Produces("text/plain")
@Consumes("text/plain")
public class DefaultTextPlain
MessageBodyWriter {

implements

MessageBodyReader,

public boolean isReadable(Class type, Type genericType, Annotation[]
annotations, MediaType mediaType) {
// StringTextStar should pick up strings
return
!String.class.equals(type)
&&
TypeConverter.isConvertable(type);
}
public Object readFrom(Class type, Type genericType,
Annotation[] annotations, MediaType mediaType, MultivaluedMap httpHeaders,
InputStream entityStream) throws IOException, WebApplicationException {
InputStream delegate = NoContent.noContentCheck(httpHeaders,
entityStream);
String value = ProviderHelper.readString(delegate, mediaType);
return TypeConverter.getType(type, value);
}
public boolean isWriteable(Class type, Type genericType, Annotation[]
annotations, MediaType mediaType) {
// StringTextStar should pick up strings
return !String.class.equals(type) && !type.isArray();
}
public long getSize(Object o, Class type, Type genericType, Annotation[]
annotations, MediaType mediaType) {
String charset = mediaType.getParameters().get("charset");
if (charset != null)

74

Providers Utility Class

try {
return o.toString().getBytes(charset).length;
} catch (UnsupportedEncodingException e) {
// Use default encoding.
}
return o.toString().getBytes(StandardCharsets.UTF_8).length;
}
public void writeTo(Object o, Class type, Type genericType, Annotation[]
annotations, MediaType mediaType, MultivaluedMap httpHeaders, OutputStream
entityStream) throws IOException, WebApplicationException {
String charset = mediaType.getParameters().get("charset");
if
(charset
==
null)
entityStream.write(o.toString().getBytes(StandardCharsets.UTF_8));
else entityStream.write(o.toString().getBytes(charset));
}
}

The RESTEasy ServletContextLoader will automatically scan your WEB-INF/lib and classes directories for classes annotated with @Provider or you can manually configure them in web.xml.
See Installation/Configuration.

20.3. Providers Utility Class
javax.ws.rs.ext.Providers is a simple injectable interface that allows you to look up MessageBodyReaders, Writers, ContextResolvers, and ExceptionMappers. It is very useful, for instance,
for implementing multipart providers. Content types that embed other random content types.

public interface Providers
{
/**
* Get a message body reader that matches a set of criteria. The set of
* readers is first filtered by comparing the supplied value of
* {@code mediaType} with the value of each reader's
* {@link javax.ws.rs.Consumes}, ensuring the supplied value of
* {@code type} is assignable to the generic type of the reader, and
* eliminating those that do not match.
* The list of matching readers is then ordered with those with the best
* matching values of {@link javax.ws.rs.Consumes} (x/y > x/* > */*)
* sorted first. Finally, the
* {@link MessageBodyReader#isReadable}
* method is called on each reader in order using the supplied criteria and
* the first reader that returns {@code true} is selected and returned.

75

Chapter 20. Content Marshalli...

*
* @param type
the class of object that is to be written.
* @param mediaType
the media type of the data that will be read.
* @param genericType the type of object to be produced. E.g. if the
*
message body is to be converted into a method
parameter, this will be
*
the formal type of the method parameter as returned by
*
Class.getGenericParameterTypes.
* @param annotations an array of the annotations on the declaration of the
*
artifact that will be initialized with the produced
instance. E.g. if the
*
message body is to be converted into a method
parameter, this will be
*
the annotations on that parameter returned by
*
Class.getParameterAnnotations.
* @return a MessageBodyReader that matches the supplied criteria or null
*
if none is found.
*/
 MessageBodyReader getMessageBodyReader(Class type,
Type genericType, Annotation
annotations[], MediaType mediaType);
/**
* Get a message body writer that matches a set of criteria. The set of
* writers is first filtered by comparing the supplied value of
* {@code mediaType} with the value of each writer's
* {@link javax.ws.rs.Produces}, ensuring the supplied value of
* {@code type} is assignable to the generic type of the reader, and
* eliminating those that do not match.
* The list of matching writers is then ordered with those with the best
* matching values of {@link javax.ws.rs.Produces} (x/y > x/* > */*)
* sorted first. Finally, the
* {@link MessageBodyWriter#isWriteable}
* method is called on each writer in order using the supplied criteria and
* the first writer that returns {@code true} is selected and returned.
*
* @param mediaType
the media type of the data that will be written.
* @param type
the class of object that is to be written.
* @param genericType the type of object to be written. E.g. if the
*
message body is to be produced from a field, this
*
the declared type of the field as returned by
*
Field.getGenericType.
* @param annotations an array of the annotations on the declaration
*
artifact that will be written. E.g. if the
*
message body is to be produced from a field, this
*
the annotations on that field returned by
*
Field.getDeclaredAnnotations.
* @return a MessageBodyReader that matches the supplied criteria or
*
if none is found.

76

will be

of the
will be

null

Providers Utility Class

*/
 MessageBodyWriter getMessageBodyWriter(Class type,
Type genericType, Annotation
annotations[], MediaType mediaType);
/**
* Get an exception mapping provider for a particular class of exception.
* Returns the provider whose generic type is the nearest superclass of
* {@code type}.
*
* @param type the class of exception
* @return an {@link ExceptionMapper} for the supplied type or null if none
*
is found.
*/
 ExceptionMapper getExceptionMapper(Class type);
/**
* Get a context resolver for a particular type of context and media type.
* The set of resolvers is first filtered by comparing the supplied value of
* {@code mediaType} with the value of each resolver's
* {@link javax.ws.rs.Produces}, ensuring the generic type of the context
* resolver is assignable to the supplied value of {@code contextType}, and
* eliminating those that do not match. If only one resolver matches the
* criteria then it is returned. If more than one resolver matches then the
* list of matching resolvers is ordered with those with the best
* matching values of {@link javax.ws.rs.Produces} (x/y > x/* > */*)
* sorted first. A proxy is returned that delegates calls to
* {@link ContextResolver#getContext(java.lang.Class)} to each matching context
* resolver in order and returns the first non-null value it obtains or null
* if all matching context resolvers return null.
*
* @param contextType the class of context desired
* @param mediaType
the media type of data for which a context is required.
* @return a matching context resolver instance or null if no matching
*
context providers are found.
*/
 ContextResolver getContextResolver(Class contextType,
MediaType mediaType);
}

A Providers instance is injectable into MessageBodyReader or Writers:

@Provider
@Consumes("multipart/fixed")
public class MultipartProvider implements MessageBodyReader {

77

Chapter 20. Content Marshalli...

private @Context Providers providers;
...
}

20.4. Configuring Document Marshalling
XML document parsers are subject to a form of attack known as the XXE (Xml eXternal Entity)
Attack (http://www.securiteam.com/securitynews/6D0100A5PU.html), in which expanding an external entity causes an unsafe file to be loaded. For example, the document


]>

bill
&xxe;


could cause the passwd file to be loaded.
By default, RESTEasy's built-in unmarshaller for org.w3c.dom.Document documents will not expand external entities, replacing them by the empty string instead. It can be configured to replace
external entities by values defined in the DTD by setting the context parameter
to "true" in the web.xml file:


resteasy.document.expand.entity.references
true


Another way of dealing with the problem is by prohibiting DTDs, which RESTEasy does by default.
This behavior can be changed by setting the context parameter
to "false".
Documents are also subject to Denial of Service Attacks when buffers are overrun by large entities
or too many attributes. For example, if a DTD defined the following entities

78

Text media types and character sets


foo1 '&foo;&foo;&foo;&foo;&foo;&foo;&foo;&foo;&foo;&foo;'>
foo2 '&foo1;&foo1;&foo1;&foo1;&foo1;&foo1;&foo1;&foo1;&foo1;&foo1;'>
foo3 '&foo2;&foo2;&foo2;&foo2;&foo2;&foo2;&foo2;&foo2;&foo2;&foo2;'>
foo4 '&foo3;&foo3;&foo3;&foo3;&foo3;&foo3;&foo3;&foo3;&foo3;&foo3;'>
foo5 '&foo4;&foo4;&foo4;&foo4;&foo4;&foo4;&foo4;&foo4;&foo4;&foo4;'>
foo6 '&foo5;&foo5;&foo5;&foo5;&foo5;&foo5;&foo5;&foo5;&foo5;&foo5;'>

then the expansion of &foo6; would result in 1,000,000 foos. By default, RESTEasy will limit the
number of expansions and the number of attributes per entity. The exact behavior depends on
the underlying parser. The limits can be turned off by setting the context parameter
to "false".

20.5. Text media types and character sets
The JAX-RS specification says

When writing responses, implementations SHOULD respect application-supplied
character
set metadata and SHOULD use UTF-8 if a character set is not specified by the
application
or if the application specifies a character set that is unsupported.

On the other hand, the HTTP specification says

When no explicit charset parameter is provided by the sender, media subtypes
of the
"text" type are defined to have a default charset value of "ISO-8859-1" when
received
via HTTP. Data in character sets other than "ISO-8859-1" or its subsets MUST
be labeled
with an appropriate charset value.

It follows that, in the absence of a character set specified by a resource or resource method,
RESTEasy SHOULD use UTF-8 as the character set for text media types, and, if it does, it
MUST add an explicit charset parameter to the Content-Type response header. RESTEasy started adding the explicit charset parameter in releases 3.1.2.Final and 3.0.22.Final, and that new
behavior could cause some compatibility problems. To specify the previous behavior, in which

79

Chapter 20. Content Marshalli...

UTF-8 was used for text media types, but the explicit charset was not appended, the context parameter "resteasy.add.charset" may be set to "false". It defaults to "true".
Note. By "text" media types, we mean

• a media type with type "text" and any subtype;
• a media type with type ""application" and subtype beginning with "xml".
The latter set includes "application/xml-external-parsed-entity" and "application/xml-dtd".

80

Chapter 21.

Chapter 21. JAXB providers
As required by the specification, RESTEasy JAX-RS includes support for (un)marshalling JAXB
annotated classes. RESTEasy provides multiple JAXB Providers to address some subtle differences between classes generated by XJC and classes which are simply annotated with @XmlRootElement, or working with JAXBElement classes directly.
For the most part, developers using the JAX-RS API, the selection of which provider is invoked
will be completely transparent. For developers wishing to access the providers directly (which
most folks won't need to do), this document describes which provider is best suited for different
configurations.
A JAXB Provider is selected by RESTEasy when a parameter or return type is an object that
is annotated with JAXB annotations (such as @XmlRootEntity or @XmlType) or if the type is a
JAXBElement. Additionally, the resource class or resource method will be annotated with either
a @Consumes or @Produces annotation and contain one or more of the following values:
• text/*+xml
• application/*+xml
• application/*+fastinfoset
• application/*+json
RESTEasy will select a different provider based on the return type or parameter type used in the
resource. This section describes how the selection process works.
@XmlRootEntity When a class is annotated with a @XmlRootElement annotation, RESTEasy will
select the JAXBXmlRootElementProvider. This provider handles basic marshaling and unmarshalling of custom JAXB entities.
@XmlType Classes which have been generated by XJC will most likely not contain an @XmlRootEntity annotation. In order for these classes to marshalled, they must be wrapped within a
JAXBElement instance. This is typically accomplished by invoking a method on the class which
serves as the XmlRegistry and is named ObjectFactory.
The JAXBXmlTypeProvider provider is selected when the class is annotated with an XmlType
annotation and not an XmlRootElement annotation.
This provider simplifies this task by attempting to locate the XmlRegistry for the target class. By
default, a JAXB implementation will create a class called ObjectFactory and is located in the same
package as the target class. When this class is located, it will contain a "create" method that takes
the object instance as a parameter. For example, if the target type is called "Contact", then the
ObjectFactory class will have a method:
public JAXBElement createContact(Contact value) {..

81

Chapter 21. JAXB providers

JAXBElement If your resource works with the JAXBElement class directly, the RESTEasy
runtime will select the JAXBElementProvider. This provider examines the ParameterizedType
value of the JAXBElement in order to select the appropriate JAXBContext.

21.1. JAXB Decorators
Resteasy's JAXB providers have a pluggable way to decorate Marshaller and Unmarshaller instances. The way it works is that you can write an annotation that can trigger the decoration of
a Marshaller or Unmarshaller. Your decorators can do things like set Marshaller or Unmarshaller
properties, set up validation, stuff like that. Here's an example. Let's say we want to have an annotation that will trigger pretty-printing, nice formatting, of an XML document. If we were doing raw
JAXB, we would set a property on the Marshaller of Marshaller.JAXB_FORMATTED_OUTPUT.
Let's write a Marshaller decorator.
First we define a annotation:

import org.jboss.resteasy.annotations.Decorator;
@Target({ElementType.TYPE,
ElementType.METHOD,
ElementType.PARAMETER,
ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
@Decorator(processor = PrettyProcessor.class, target = Marshaller.class)
public @interface Pretty {}

To get this to work, we must annotate our @Pretty annotation with a meta-annotation called @Decorator. The target() attribute must be the JAXB Marshaller class. The processor() attribute is a
class we will write next.

import org.jboss.resteasy.core.interception.DecoratorProcessor;
import org.jboss.resteasy.annotations.DecorateTypes;
import
import
import
import
import

javax.xml.bind.Marshaller;
javax.xml.bind.PropertyException;
javax.ws.rs.core.MediaType;
javax.ws.rs.Produces;
java.lang.annotation.Annotation;

/**
* @author Bill Burke
* @version $Revision: 1 $
*/
@DecorateTypes({"text/*+xml", "application/*+xml"})

82

Pluggable JAXBContext's with ContextResolvers

public class PrettyProcessor implements DecoratorProcessor
{
public Marshaller decorate(Marshaller target, Pretty annotation,
Class type, Annotation[] annotations, MediaType mediaType)
{
target.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
}
}

The processor implementation must implement the DecoratorProcessor interface and should also
be annotated with @DecorateTypes. This annotation specifies what media types the processor
can be used with. Now that we've defined our annotation and our Processor, we can use it on our
JAX-RS resource methods or JAXB types as follows:

@GET
@Pretty
@Produces("application/xml")
public SomeJAXBObject get() {...}

If you are confused, check the RESTEasy source code for the implementation of @XmlHeader

21.2. Pluggable JAXBContext's with ContextResolvers
You should not use this feature unless you know what you're doing.
Based on the class you are marshalling/unmarshalling, RESTEasy will, by default create and
cache JAXBContext instances per class type. If you do not want RESTEasy to create JAXBContexts, you can plug-in your own by implementing an instance of javax.ws.rs.ext.ContextResolver

public interface ContextResolver
{
T getContext(Class type);
}
@Provider
@Produces("application/xml")
public class MyJAXBContextResolver implements ContextResolver
{
JAXBContext getContext(Class type)
{
if (type.equals(WhateverClassIsOverridedFor.class)) return
JAXBContext.newInstance()...;
}

83

Chapter 21. JAXB providers

}

You must provide a @Produces annotation to specify the media type the context is meant for.
You must also make sure to implement ContextResolver. This helps the runtime
match to the correct context resolver. You must also annotate the ContextResolver class with
@Provider.
There are multiple ways to make this ContextResolver available.

1. Return it as a class or instance from a javax.ws.rs.core.Application implementation
2. List it as a provider with resteasy.providers
3. Let RESTEasy automatically scan for it within your WAR file. See Configuration Guide
4. Manually add it via ResteasyProviderFactory.getInstance().registerProvider(Class)
registerProviderInstance(Object)

or

21.3. JAXB + XML provider
RESTEasy is required to provide JAXB provider support for XML. It has a few extra annotations
that can help code your app.

21.3.1. @XmlHeader and @Stylesheet
Sometimes when outputting XML documents you may want to set an XML header. RESTEasy
provides the @org.jboss.resteasy.annotations.providers.jaxb.XmlHeader annotation for this. For
example:

@XmlRootElement
public static class Thing
{
private String name;
public String getName()
{
return name;
}
public void setName(String name)
{
this.name = name;
}
}

84

@XmlHeader and @Stylesheet

@Path("/test")
public static class TestService
{
@GET
@Path("/header")
@Produces("application/xml")
@XmlHeader("")
public Thing get()
{
Thing thing = new Thing();
thing.setName("bill");
return thing;
}
}

The @XmlHeader here forces the XML output to have an xml-stylesheet header. This header
could also have been put on the Thing class to get the same result. See the javadocs for more
details on how you can use substitution values provided by resteasy.
RESTEasy also has a convenience annotation for stylesheet headers. For example:

@XmlRootElement
public static class Thing
{
private String name;
public String getName()
{
return name;
}
public void setName(String name)
{
this.name = name;
}
}
@Path("/test")
public static class TestService
{
@GET
@Path("/stylesheet")
@Produces("application/xml")
@Stylesheet(type="text/css", href="${basepath}foo.xsl")
@Junk
public Thing getStyle()

85

Chapter 21. JAXB providers

{
Thing thing = new Thing();
thing.setName("bill");
return thing;
}
}

21.4. JAXB + JSON provider
RESTEasy allows you to marshall JAXB annotated POJOs to and from JSON. This provider wraps
the Jettison JSON library to accomplish this. You can obtain more information about Jettison and
how it works from https://github.com/jettison-json/jettison.
To use this integration with Jettision you need to import the resteasy-jettison-provider Maven module. Older versions of RESTEasy used to include this within the resteasy-jaxb-provider but we
decided to modularize it more.
Jettison has two mapping formats. One is BadgerFish the other is a Jettison Mapped Convention
format. The Mapped Convention is the default mapping.
For example, consider this JAXB class:

@XmlRootElement(name = "book")
public class Book
{
private String author;
private String ISBN;
private String title;
public Book()
{
}
public Book(String author, String ISBN, String title)
{
this.author = author;
this.ISBN = ISBN;
this.title = title;
}
@XmlElement
public String getAuthor()
{
return author;
}

86

JAXB + JSON provider

public void setAuthor(String author)
{
this.author = author;
}
@XmlElement
public String getISBN()
{
return ISBN;
}
public void setISBN(String ISBN)
{
this.ISBN = ISBN;
}
@XmlAttribute
public String getTitle()
{
return title;
}
public void setTitle(String title)
{
this.title = title;
}
}

This is how the JAXB Book class would be marshalled to JSON using the BadgerFish Convention:

{"book":
{
"@title":"EJB 3.0",
"author":{"$":"Bill Burke"},
"ISBN":{"$":"596529260"}
}
}

Notice that element values have a map associated with them and to get to the value of the element,
you must access the "$" variable. Here's an example of accessing the book in Javascript:

var data = eval("(" + xhr.responseText + ")");
document.getElementById("zone").innerHTML = data.book.@title;

87

Chapter 21. JAXB providers

document.getElementById("zone").innerHTML += data.book.author.$;

To

use

the

BadgerFish

Convention

you

must

use

the

@org.jboss.resteasy.annotations.providers.jaxb.json.BadgerFish annotation on the JAXB class
you are marshalling/unmarshalling, or, on the JAX-RS resource method or parameter:

@BadgerFish
@XmlRootElement(name = "book")
public class Book {...}

If you are returning a book on the JAX-RS method and you don't want to (or can't) pollute your
JAXB classes with RESTEasy annotations, add the annotation to the JAX-RS method:

@BadgerFish
@GET
public Book getBook(...) {...}

If a Book is your input then you put it on the parameter:

@POST
public void newBook(@BadgerFish Book book) {...}

The default Jettison Mapped Convention would return JSON that looked like this:

{ "book" :
{
"@title":"EJB 3.0",
"author":"Bill Burke",
"ISBN":596529260
}
}

Notice that the @XmlAttribute "title" is prefixed with the '@' character. Unlike BadgerFish, the '$'
does not represent the value of element text. This format is a bit simpler than the BadgerFish convention which is why it was chose as a default. Here's an example of accessing this in Javascript:

88

JAXB + JSON provider

var data = eval("(" + xhr.responseText + ")");
document.getElementById("zone").innerHTML = data.book.@title;
document.getElementById("zone").innerHTML += data.book.author;

The Mapped Convention allows you to fine tune the JAXB mapping using the
@org.jboss.resteasy.annotations.providers.jaxb.json.Mapped annotation. You can provide an
XML Namespace to JSON namespace mapping. For example, if you defined your JAXB namespace within your package-info.java class like this:

@javax.xml.bind.annotation.XmlSchema(namespace="http://jboss.org/books")
package org.jboss.resteasy.test.books;

You would have to define a JSON to XML namespace mapping or you would receive an exception
of something like this:

java.lang.IllegalStateException: Invalid JSON namespace: http://jboss.org/books
at
org.codehaus.jettison.mapped.MappedNamespaceConvention.getJSONNamespace(MappedNamespaceConvent
at
org.codehaus.jettison.mapped.MappedNamespaceConvention.createKey(MappedNamespaceConvention.jav
at
org.codehaus.jettison.mapped.MappedXMLStreamWriter.writeStartElement(MappedXMLStreamWriter.jav

To fix this problem you need another annotation, @Mapped. You use the @Mapped annotation on
your JAXB classes, on your JAX-RS resource method, or on the parameter you are unmarshalling

import org.jboss.resteasy.annotations.providers.jaxb.json.Mapped;
import org.jboss.resteasy.annotations.providers.jaxb.json.XmlNsMap;
...
@GET
@Produces("application/json")
@Mapped(namespaceMap = {
@XmlNsMap(namespace = "http://jboss.org/books", jsonName = "books")
})
public Book get() {...}

89

Chapter 21. JAXB providers

Besides mapping XML to JSON namespaces, you can also force @XmlAttribute's to be marshaled
as XMLElements.

@Mapped(attributeAsElements={"title"})
@XmlRootElement(name = "book")
public class Book {...}

If you are returning a book on the JAX-RS method and you don't want to (or can't) pollute your
JAXB classes with RESTEasy annotations, add the annotation to the JAX-RS method:

@Mapped(attributeAsElements={"title"})
@GET
public Book getBook(...) {...}

If a Book is your input then you put it on the parameter:

@POST
public void newBook(@Mapped(attributeAsElements={"title"}) Book book) {...}

21.5. JAXB + FastinfoSet provider
RESTEasy supports the FastinfoSet mime type with JAXB annotated classes. Fast infoset documents are faster to serialize and parse, and smaller in size, than logically equivalent XML documents. Thus, fast infoset documents may be used whenever the size and processing time of XML
documents is an issue. It is configured the same way the XML JAXB provider is so really no other
documentation is needed here.
To use this integration with Fastinfoset you need to import the resteasy-fastinfoset-provider Maven
module. Older versions of RESTEasy used to include this within the resteasy-jaxb-provider but
we decided to modularize it more.

21.6. Arrays and Collections of JAXB Objects
RESTEasy will automatically marshal arrays, java.util.Set's, and java.util.List's of JAXB objects to
and from XML, JSON, Fastinfoset (or any other new JAXB mapper Restasy comes up with).

90

Arrays and Collections of JAXB Objects

@XmlRootElement(name = "customer")
@XmlAccessorType(XmlAccessType.FIELD)
public class Customer
{
@XmlElement
private String name;
public Customer()
{
}
public Customer(String name)
{
this.name = name;
}
public String getName()
{
return name;
}
}
@Path("/")
public class MyResource
{
@PUT
@Path("array")
@Consumes("application/xml")
public void putCustomers(Customer[] customers)
{
Assert.assertEquals("bill", customers[0].getName());
Assert.assertEquals("monica", customers[1].getName());
}
@GET
@Path("set")
@Produces("application/xml")
public Set getCustomerSet()
{
HashSet set = new HashSet();
set.add(new Customer("bill"));
set.add(new Customer("monica"));
return set;
}
@PUT

91

Chapter 21. JAXB providers

@Path("list")
@Consumes("application/xml")
public void putCustomers(List customers)
{
Assert.assertEquals("bill", customers.get(0).getName());
Assert.assertEquals("monica", customers.get(1).getName());
}
}

The above resource can publish and receive JAXB objects. It is assumed that are wrapped in a
collection element


bill
monica


You can change the namespace URI, namespace tag, and collection element name by using the
@org.jboss.resteasy.annotations.providers.jaxb.Wrapped annotation on a parameter or method

@Target({ElementType.PARAMETER, ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface Wrapped
{
String element() default "collection";
String namespace() default "http://jboss.org/resteasy";
String prefix() default "resteasy";
}

So, if we wanted to output this XML


bill
monica


We would use the @Wrapped annotation as follows:

92

Retrieving Collections on the client side

@GET
@Path("list")
@Produces("application/xml")
@Wrapped(element="list", namespace="http://foo.org", prefix="foo")
public List getCustomerSet()
{
List list = new ArrayList();
list.add(new Customer("bill"));
list.add(new Customer("monica"));
return list;
}

21.6.1. Retrieving Collections on the client side
If you try to retrieve a List or Set of JAXB objects in the obvious way on the client side:

Response response = request.get();
List list = response.readEntity(List.class);

the call to readEntity() will fail because it has no way of knowing the element type Customer.
The trick is to use an instance of javax.ws.rs.core.GenericType:

Response response = request.get();
GenericType> genericType = new GenericType>()
{};
List list = response.readEntity(genericType);

For more information about GenericType, please see its javadoc.
The same trick applies to retrieving a Set:

Response response = request.get();
GenericType> genericType = new GenericType>()
{};
Set set = response.readEntity(genericType);

On the other hand, GenericType is not necessary to retrieve an array of JAXB objects:

93

Chapter 21. JAXB providers

Response response = request.get();
Customer[] array = response.readEntity(Customer[].class);

21.6.2. JSON and JAXB Collections/arrays
RESTEasy supports using collections with JSON. It encloses lists, sets, or arrays of returned
JAXB objects within a simple JSON array. For example:

@XmlRootElement
@XmlAccessorType(XmlAccessType.FIELD)
public static class Foo
{
@XmlAttribute
private String test;
public Foo()
{
}
public Foo(String test)
{
this.test = test;
}
public String getTest()
{
return test;
}
public void setTest(String test)
{
this.test = test;
}
}

This a List or array of this Foo class would be represented in JSON like this:

[{"foo":{"@test":"bill"}},{"foo":{"@test":"monica}"}}]

It also expects this format for input

94

Maps of JAXB Objects

21.7. Maps of JAXB Objects
RESTEasy will automatically marshal maps of JAXB objects to and from XML, JSON, Fastinfoset
(or any other new JAXB mapper Restasy comes up with). Your parameter or method return type
must be a generic with a String as the key and the JAXB object's type.

@XmlRootElement(namespace = "http://foo.com")
public static class Foo
{
@XmlAttribute
private String name;
public Foo()
{
}
public Foo(String name)
{
this.name = name;
}
public String getName()
{
return name;
}
}
@Path("/map")
public static class MyResource
{
@POST
@Produces("application/xml")
@Consumes("application/xml")
public Map post(Map map)
{
Assert.assertEquals(2, map.size());
Assert.assertNotNull(map.get("bill"));
Assert.assertNotNull(map.get("monica"));
Assert.assertEquals(map.get("bill").getName(), "bill");
Assert.assertEquals(map.get("monica").getName(), "monica");
return map;
}
}

95

Chapter 21. JAXB providers

The above resource can publish and receive JAXB objects within a map. By default, they are
wrapped in a "map" element in the default namespace. Also, each "map" element has zero or
more "entry" elements with a "key" attribute.










You can change the namespace URI, namespace prefix and map, entry, and key element and attribute names by using the @org.jboss.resteasy.annotations.providers.jaxb.WrappedMap annotation on a parameter or method

@Target({ElementType.PARAMETER, ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface WrappedMap
{
/**
* map element name
*/
String map() default "map";
/**
* entry element name *
*/
String entry() default "entry";
/**
* entry's key attribute name
*/
String key() default "key";
String namespace() default "";
String prefix() default "";
}

So, if we wanted to output this XML

96

Retrieving Maps on the client side







We would use the @WrappedMap annotation as follows:

@Path("/map")
public static class MyResource
{
@GET
@Produces("application/xml")
@WrappedMap(map="hashmap", entry="hashentry", key="hashkey")
public Map get()
{
...
return map;
}
}

21.7.1. Retrieving Maps on the client side
If you try to retrieve a Map of JAXB objects in the obvious way on the client side:

Response response = request.get();
Map map = response.readEntity(Map.class);

the call to readEntity() will fail because it has no way of knowing the element type Customer.
The trick is to use an instance of javax.ws.rs.core.GenericType:

Response response = request.get();
GenericType genericType = new GenericType>() {};
Map map = response.readEntity(genericType);

For more information about GenericType, please see its javadoc.

97

Chapter 21. JAXB providers

21.7.2. JSON and JAXB maps
RESTEasy supports using maps with JSON. It encloses maps returned JAXB objects within a
simple JSON map. For example:

@XmlRootElement
@XmlAccessorType(XmlAccessType.FIELD)
public static class Foo
{
@XmlAttribute
private String test;
public Foo()
{
}
public Foo(String test)
{
this.test = test;
}
public String getTest()
{
return test;
}
public void setTest(String test)
{
this.test = test;
}
}

This a List or array of this Foo class would be represented in JSON like this:

{ "entry1" : {"foo":{"@test":"bill"}}, "entry2" : {"foo":{"@test":"monica}"}}}

It also expects this format for input

21.7.3. Possible Problems with Jettison Provider
If you have the resteasy-jackson-provider-xxx.jar in your classpath, the Jackson JSON provider
will be triggered. This will screw up code that is dependent on the Jettison JAXB/JSon provider.

98

Interfaces, Abstract Classes, and JAXB

If you had been using the Jettison JAXB/Json providers, you must either remove Jackson from
your WEB-INF/lib or classpath, or use the @NoJackson annotation on your JAXB classes.

21.8. Interfaces, Abstract Classes, and JAXB
Some objects models use abstract classes and interfaces heavily. Unfortunately, JAXB doesn't
work with interfaces that are root elements and RESTEasy can't unmarshal parameters that are
interfaces or raw abstract classes because it doesn't have enough information to create a JAXBContext. For example:

public interface IFoo {}
@XmlRootElement
public class RealFoo implements IFoo {}
@Path("/jaxb")
public class MyResource {
@PUT
@Consumes("application/xml")
public void put(IFoo foo) {...}
}

In this example, you would get an error from RESTEasy of something like "Cannot find a MessageBodyReader for...". This is because RESTEasy does not know that implementations of IFoo are
JAXB classes and doesn't know how to create a JAXBContext for it. As a workaround, RESTEasy
allows you to use the JAXB annotation @XmlSeeAlso on the interface to correct the problem.
(NOTE, this will not work with manual, hand-coded JAXB).

@XmlSeeAlso(RealFoo.class)
public interface IFoo {}

The extra @XmlSeeAlso on IFoo allows RESTEasy to create a JAXBContext that knows how to
unmarshal RealFoo instances.

21.9. Configurating JAXB Marshalling
As a consumer of XML datasets, JAXB is subject to a form of attack known as the XXE (Xml eXternal Entity) Attack (http://www.securiteam.com/securitynews/6D0100A5PU.html), in which expanding an external entity causes an unsafe file to be loaded. Preventing the expansion of external entities is discussed in Section 20.4, “Configuring Document Marshalling”. The same context
parameter,

99

Chapter 21. JAXB providers

applies to JAXB unmarshallers as well.
Section 20.4, “Configuring Document Marshalling” also discusses the prohibition of DTDs and the
imposition of limits on entity expansion and the number of attributes per element. The context
parameters
and
discussed there, and their default values, also apply to the representation of JAXB objects.

100

Chapter 22.

Chapter 22. RESTEasy Atom
Support
From W3.org (http://tools.ietf.org/html/rfc4287):
"Atom is an XML-based document format that describes lists of related information known as
"feeds". Feeds are composed of a number of items, known as "entries", each with an extensible
set of attached metadata. For example, each entry has a title. The primary use case that Atom
addresses is the syndication of Web content such as weblogs and news headlines to Web sites
as well as directly to user agents."
Atom is the next-gen RSS feed. Although it is used primarily for the syndication of blogs and news,
many are starting to use this format as the envelope for Web Services, for example, distributed
notifications, job queues, or simply a nice format for sending or receiving data in bulk from a
service.

22.1. RESTEasy Atom API and Provider
RESTEasy has defined a simple object model in Java to represent Atom and uses JAXB to marshal and unmarshal it. The main classes are in the org.jboss.resteasy.plugins.providers.atom
package and are Feed, Entry, Content, and Link. If you look at the source, you'd see that these are
annotated with JAXB annotations. The distribution contains the javadocs for this project and are a
must to learn the model. Here is a simple example of sending an atom feed using the RESTEasy
API.

import
import
import
import
import

org.jboss.resteasy.plugins.providers.atom.Content;
org.jboss.resteasy.plugins.providers.atom.Entry;
org.jboss.resteasy.plugins.providers.atom.Feed;
org.jboss.resteasy.plugins.providers.atom.Link;
org.jboss.resteasy.plugins.providers.atom.Person;

@Path("atom")
public class MyAtomService
{
@GET
@Path("feed")
@Produces("application/atom+xml")
public Feed getFeed() throws URISyntaxException
{
Feed feed = new Feed();
feed.setId(new URI("http://example.com/42"));
feed.setTitle("My Feed");
feed.setUpdated(new Date());

101

Chapter 22. RESTEasy Atom Support

Link link = new Link();
link.setHref(new URI("http://localhost"));
link.setRel("edit");
feed.getLinks().add(link);
feed.getAuthors().add(new Person("Bill Burke"));
Entry entry = new Entry();
entry.setTitle("Hello World");
Content content = new Content();
content.setType(MediaType.TEXT_HTML_TYPE);
content.setText("Nothing much");
entry.setContent(content);
feed.getEntries().add(entry);
return feed;
}
}

Because RESTEasy's atom provider is JAXB based, you are not limited to sending atom objects using XML. You can automatically re-use all the other JAXB providers that RESTEasy has
like JSON and fastinfoset. All you have to do is have "atom+" in front of the main subtype. i.e.
@Produces("application/atom+json") or @Consumes("application/atom+fastinfoset")

22.2. Using JAXB with the Atom Provider
The org.jboss.resteasy.plugins.providers.atom.Content class allows you to unmarshal and marshal JAXB annotated objects that are the body of the content. Here's an example of sending an
Entry with a Customer object attached as the body of the entry's content.

@XmlRootElement(namespace = "http://jboss.org/Customer")
@XmlAccessorType(XmlAccessType.FIELD)
public class Customer
{
@XmlElement
private String name;
public Customer()
{
}
public Customer(String name)
{
this.name = name;
}
public String getName()
{
return name;

102

Using JAXB with the Atom Provider

}
}
@Path("atom")
public static class AtomServer
{
@GET
@Path("entry")
@Produces("application/atom+xml")
public Entry getEntry()
{
Entry entry = new Entry();
entry.setTitle("Hello World");
Content content = new Content();
content.setJAXBObject(new Customer("bill"));
entry.setContent(content);
return entry;
}
}

The Content.setJAXBObject() method is used to tell the content object you are sending back a
Java JAXB object and want it marshalled appropriately. If you are using a different base format
other than XML, i.e. "application/atom+json", this attached JAXB object will be marshalled into
that same format.
If you have an atom document as your input, you can also extract JAXB objects from Content using
the Content.getJAXBObject(Class clazz) method. Here is an example of an input atom document
and extracting a Customer object from the content.

@Path("atom")
public static class AtomServer
{
@PUT
@Path("entry")
@Produces("application/atom+xml")
public void putCustomer(Entry entry)
{
Content content = entry.getContent();
Customer cust = content.getJAXBObject(Customer.class);
}
}

103

104

Chapter 23.

Chapter 23. JSON Support via
Jackson
Besides the Jettision JAXB adapter for JSON, RESTEasy also supports integration with the
Jackson project. Many users find the output from Jackson much nicer than the Badger format
or Mapped format provided by Jettison. For more on Jackson 2, see http://wiki.fasterxml.com/
JacksonHome. Besides JAXB like APIs, it has a JavaBean based model, described at http://
wiki.fasterxml.com/JacksonDataBinding, which allows you to easily marshal Java objects to and
from JSON. RESTEasy integrates with the JavaBean model. While Jackson does come with its
own JAX-RS integration, RESTEasy expanded it a little, as decribed below.
NOTE. The resteasy-jackson-provider module, which is based on the outdated Jackson 1.9.x, is
currently deprecated, and will be removed in a release subsequent to 3.1.0.Final. The resteasyjackson2-provider module is based on Jackson 2.

23.1. Using Jackson 1.9.x Outside of WildFly
If you're deploying RESTEasy outside of WildFly, add the RESTEasy Jackson provder to your
WAR pom.xml build:


org.jboss.resteasy
resteasy-jackson-provider
${version.resteasy}


23.2. Using Jackson 1.9.x Inside WildFly 8
If you're deploying RESTEasy with WildFly 8, there's nothing you need to do except to make sure
you've updated your installation with the latest and greatest RESTEasy. See the Installation/Configuration section of this documentation for more details.

23.3. Using Jackson 2 Outside of WildFly
If you're deploying RESTEasy outside of WildFly, add the RESTEasy Jackson provder to your
WAR pom.xml build:


org.jboss.resteasy

105

Chapter 23. JSON Support via ...

resteasy-jackson2-provider
${version.resteasy}


23.4. Using Jackson 2 Inside WildFly 9 and above
If you're deploying RESTEasy with WildFly 9 or above, there's nothing you need to do except
to make sure you've updated your installation with the latest and greatest RESTEasy. See the
Installation/Configuration section of this documentation for more details.

23.5. Additional RESTEasy Specifics
The first extra piece that RESTEasy added to the integration was to support "application/*+json".
Jackson would only accept "application/json" and "text/json" as valid media types. This allows you
to create json-based media types and still let Jackson marshal things for you. For example:

@Path("/customers")
public class MyService {
@GET
@Produces("application/vnd.customer+json")
public Customer[] getCustomers() {}
}

Another problem that occurs is when you are using the RESTEasy JAXB providers alongside Jackson. You may want to use Jettison and JAXB to output your JSON instead of Jackson. In this case, you must either not install the Jackson provider, or use the annotation
@org.jboss.resteasy.annotations.providers.NoJackson on your JAXB annotated classes. For example:

@XmlRootElement
@NoJackson
public class Customer {...}
@Path("/customers")
public class MyService {
@GET
@Produces("application/vnd.customer+json")
public Customer[] getCustomers() {}
}

106

Possible Conflict With JAXB Provider

If you can't annotate the JAXB class with @NoJackson, then you can use the annotation on a
method parameter. For example:

@XmlRootElement
public class Customer {...}
@Path("/customers")
public class MyService {
@GET
@Produces("application/vnd.customer+json")
@NoJackson
public Customer[] getCustomers() {}
@POST
@Consumes("application/vnd.customer+json")
public void createCustomer(@NoJackson Customer[] customers) {...}
}

23.6. Possible Conflict With JAXB Provider
If your Jackson classes are annotated with JAXB annotations and you
have the resteasy-jaxb-provider in your classpath, you may trigger the Jettision JAXB marshalling code. To turn off the JAXB json marshaller use the
@org.jboss.resteasy.annotations.providers.jaxb.IgnoreMediaTypes("application/*+json") on your
classes.

23.7. JSONP Support
If
you're
using
Jackson,
RESTEasy
has
JSONP
[http://
en.wikipedia.org/wiki/JSONP]
that
you
can
turn
on
by
adding
the
provider
org.jboss.resteasy.plugins.providers.jackson.JacksonJsonpInterceptor
(Jackson2JsonpInterceptor if you're using the Jackson2 provider) to your deployments. If the media type of the response is json and a callback query parameter is given, the response will be
a javascript snippet with a method call of the method defined by the callback parameter. For example:

GET /resources/stuff?callback=processStuffResponse

will produce this response:

107

Chapter 23. JSON Support via ...

processStuffResponse()

This supports the default behavior of jQuery [http://api.jquery.com/jQuery.ajax/
]. To enable JacksonJsonpInterceptor in WildFly, you need to import annotations from org.jboss.resteasy.resteasy-jackson-provider module using jboss-deployment-structure.xml:









You can change the name of the callback parameter by setting the callbackQueryParameter property.
JacksonJsonpInterceptor can wrap the response into a try-catch block:

try{processStuffResponse()}catch(e){}

You can enable this feature by setting the resteasy.jsonp.silent property to true
Note. Because JSONP can be used in Cross Site Scripting Inclusion (XSSI) attacks,
Jackson2JsonpInterceptor is disabled by default. Two steps are necessary to enable it:

1. As noted above, Jackson2JsonpInterceptor must be included in the deployment. For example, a service file META-INF/services/javax.ws.rs.ext.Providers with the line

org.jboss.resteasy.plugins.providers.jackson.Jackson2JsonpInterceptor

may be included on the classpath
2. Also, the servlet context parameter parameter "resteasy.jsonp.enable" must be set to "true".

108

Jackson JSON Decorator

23.8. Jackson JSON Decorator
If you are using the Jackson 2 provider, RESTEasy has provided a pretty-printing annotation
simliar with the one in JAXB provider:

org.jboss.resteasy.annotations.providers.jackson.Formatted

Here is an example:

@GET
@Produces("application/json")
@Path("/formatted/{id}")
@Formatted
public Product getFormattedProduct()
{
return new Product(333, "robot");
}

As the example shown above, the @Formatted annotation will enable the underlying Jackson
option "SerializationFeature.INDENT_OUTPUT".

23.9. JSON Filter Support
In Jackson2 , there is new feature JsonFilter [http://wiki.fasterxml.com/JacksonFeatureJsonFilter]
to allow annotate class with @JsonFilter and doing dynamic filtering. Here is an example which
defines mapping from "nameFilter" to filter instances and filter bean properties when serilize to
json format:

@JsonFilter(value="nameFilter")
public class Jackson2Product {
protected String name;
protected int id;
public Jackson2Product() {
}
public Jackson2Product(final int id, final String name) {
this.id = id;
this.name = name;
}
public String getName() {
return name;
}

109

Chapter 23. JSON Support via ...

public void setName(String name) {
this.name = name;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
}

@JsonFilter annotates resource class to filter out some property not to serialize in the json response. To map the filter id and instance we need to create another jackson class to add the id
and filter instance map:

public class ObjectFilterModifier extends ObjectWriterModifier {
public ObjectFilterModifier() {
}
@Override
public ObjectWriter modify(EndpointConfigBase endpoint,
MultivaluedMap httpHeaders, Object valueToWrite,
ObjectWriter w, JsonGenerator jg) throws IOException {
FilterProvider filterProvider = new SimpleFilterProvider().addFilter(
"nameFilter",
SimpleBeanPropertyFilter.filterOutAllExcept("name"));
return w.with(filterProvider);
}
}

Here the method modify() will take care of filtering all properties except "name" property before
write. To make this work, we need let RESTEasy know this mapping info. This can be easily set
in a WriterInterceptor using Jackson's ObjectWriterInjector:

@Provider
public class JsonFilterWriteInterceptor implements WriterInterceptor{
private ObjectFilterModifier modifier = new ObjectFilterModifier();
@Override

110

JSON Filter Support

public void aroundWriteTo(WriterInterceptorContext context)
throws IOException, WebApplicationException {
//set a threadlocal modifier
ObjectWriterInjector.set(modifier);
context.proceed();
}
}

Alternatively, Jackson's documentation suggest doing the same in a servlet filter; that however
potentially leads to issues on RESTEasy, as the ObjectFilterModifier ends up being stored using
a ThreadLocal object and there's no guarantee the same thread serving the servlet filter will be
running the resource endpoint execution too. So, for the servlet filter scenario, RESTEasy offers
its own injector that relies on the current thread context classloader for carrying over the specified
modifier:

public class ObjectWriterModifierFilter implements Filter {
private static ObjectFilterModifier modifier = new ObjectFilterModifier();
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {

modifier);
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
}

111

112

Chapter 24.

Chapter 24. JSON Support via Java
EE 7 JSON-P API
No, this is not the JSONP you are thinking of! JSON-P is a new Java EE 7 JSON parsing API.
Horrible name for a new JSON parsing API! What were they thinking? Anyways, RESTEasy has a
provider for it. If you are using WildFly, it is required by Java EE 7 so you will have it automatically
bundled. Otherwise, use this maven dependency.


org.jboss.resteasy
resteasy-json-p-provider
3.6.2.Final


It has built in support for JsonObject, JsonArray, and JsonStructure as request or response entities. It should not conflict with Jackson or Jettison if you have that in your path too.

113

114

Chapter 25.

Chapter 25. Multipart Providers
RESTEasy has rich support for the "multipart/*" and "multipart/form-data" mime types. The multipart mime format is used to pass lists of content bodies. Multiple content bodies are embedded
in one message. "multipart/form-data" is often found in web application HTML Form documents
and is generally used to upload files. The form-data format is the same as other multipart formats,
except that each inlined piece of content has a name associated with it.
RESTEasy provides a custom API for reading and writing multipart types as well as marshalling
arbitrary List (for any multipart type) and Map (multipart/form-data only) objects

25.1. Input with multipart/mixed
When writing a JAX-RS service, RESTEasy provides an interface that allows you to read in any
multipart mime type. org.jboss.resteasy.plugins.providers.multipart.MultipartInput

package org.jboss.resteasy.plugins.providers.multipart;
public interface MultipartInput
{
List getParts();
String getPreamble();
// You must call close to delete any temporary files created
// Otherwise they will be deleted on garbage collection or on JVM exit
void close();
}
public interface InputPart
{
MultivaluedMap getHeaders();
String getBodyAsString();
 T getBody(Class type, Type genericType) throws IOException;
 T getBody(org.jboss.resteasy.util.GenericType type) throws IOException;
MediaType getMediaType();
boolean isContentTypeFromMessage();
}

115

Chapter 25. Multipart Providers

MultipartInput is a simple interface that allows you to get access to each part of the multipart
message. Each part is represented by an InputPart interface. Each part has a set of headers
associated with it You can unmarshall the part by calling one of the getBody() methods. The Type
genericType parameter can be null, but the Class type parameter must be set. RESTEasy will find
a MessageBodyReader based on the media type of the part as well as the type information you
pass in. The following piece of code is unmarshalling parts which are XML into a JAXB annotated
class called Customer.

@Path("/multipart")
public class MyService
{
@PUT
@Consumes("multipart/mixed")
public void put(MultipartInput input)
{
List customers = new ArrayList...;
for (InputPart part : input.getParts())
{
Customer cust = part.getBody(Customer.class, null);
customers.add(cust);
}
input.close();
}
}

Sometimes you may want to unmarshall a body part that is sensitive to generic type metadata.
In this case you can use the org.jboss.resteasy.util.GenericType class. Here's an example of
unmarshalling a type that is sensitive to generic type metadata.

@Path("/multipart")
public class MyService
{
@PUT
@Consumes("multipart/mixed")
public void put(MultipartInput input)
{
for (InputPart part : input.getParts())
{
List cust = part.getBody(new GenericType>List>Customer<<()
{});
}
input.close();
}

116

java.util.List with multipart data

}

Use of GenericType is required because it is really the only way to obtain generic type information
at runtime.

25.2. java.util.List with multipart data
If your body parts are uniform, you do not have to manually unmarshall each and every part. You
can just provide a java.util.List as your input parameter. It must have the type it is unmarshalling
with the generic parameter of the List type declaration. Here's an example again of unmarshalling
a list of customers.

@Path("/multipart")
public class MyService
{
@PUT
@Consumes("multipart/mixed")
public void put(List customers)
{
...
}
}

25.3. Input with multipart/form-data
When writing a JAX-RS service, RESTEasy provides an interface that allows you to read in multipart/form-data mime type. "multipart/form-data" is often found in web application HTML Form
documents and is generally used to upload files. The form-data format is the same as other multipart formats, except that each inlined piece of content has a name associated with it. The interface
used for form-data input is org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput

public interface MultipartFormDataInput extends MultipartInput
{
@Deprecated
Map getFormData();
Map> getFormDataMap();
 T getFormDataPart(String key, Class rawType, Type genericType) throws
IOException;
 T getFormDataPart(String key, GenericType type) throws IOException;

117

Chapter 25. Multipart Providers

}

It works in much the same way as MultipartInput described earlier in this chapter.

25.4. java.util.Map with multipart/form-data
With form-data, if your body parts are uniform, you do not have to manually unmarshall each and
every part. You can just provide a java.util.Map as your input parameter. It must have the type it
is unmarshalling with the generic parameter of the List type declaration. Here's an example of of
unmarshalling a Map of Customer objects which are JAXB annotated classes.

@Path("/multipart")
public class MyService
{
@PUT
@Consumes("multipart/form-data")
public void put(Map customers)
{
...
}
}

25.5. Input with multipart/related
When writing a JAX-RS service, RESTEasy provides an interface that allows you to read in multipart/related mime type. A multipart/related is used to indicate that message parts should not be
considered individually but rather as parts of an aggregate whole. One example usage for multipart/related is to send a web page complete with images in a single message. Every multipart/related message has a root/start part that references the other parts of the message. The parts are
identified by their "Content-ID" headers. multipart/related is defined by RFC 2387. The interface
used for related input is org.jboss.resteasy.plugins.providers.multipart.MultipartRelatedInput

public interface MultipartRelatedInput extends MultipartInput
{
String getType();
String getStart();
String getStartInfo();
InputPart getRootPart();

118

Output with multipart

Map getRelatedMap();
}

It works in much the same way as MultipartInput described earlier in this chapter.

25.6. Output with multipart
RESTEasy provides a simple API to output multipart data.

package org.jboss.resteasy.plugins.providers.multipart;
public class MultipartOutput
{
public OutputPart addPart(Object entity, MediaType mediaType)
public
mediaType)

OutputPart

addPart(Object

entity,

GenericType

type,

MediaType

public OutputPart addPart(Object entity, Class type, Type genericType,
MediaType mediaType)
public List getParts()
public String getBoundary()
public void setBoundary(String boundary)
}
public class OutputPart
{
public MultivaluedMap getHeaders()
public Object getEntity()
public Class getType()
public Type getGenericType()
public MediaType getMediaType()
}

When you want to output multipart data it is as simple as creating a MultipartOutput object and
calling addPart() methods. RESTEasy will automatically find a MessageBodyWriter to marshall
your entity objects. Like MultipartInput, sometimes you may have marshalling which is sensitive to
generic type metadata. In that case, use GenericType. Most of the time though passing in an Ob-

119

Chapter 25. Multipart Providers

ject and its MediaType is enough. In the example below, we are sending back a "multipart/mixed"
format back to the calling client. The parts are Customer objects which are JAXB annotated and
will be marshalling into "application/xml".

@Path("/multipart")
public class MyService
{
@GET
@Produces("multipart/mixed")
public MultipartOutput get()
{
MultipartOutput output = new MultipartOutput();
output.addPart(new Customer("bill"), MediaType.APPLICATION_XML_TYPE);
output.addPart(new Customer("monica"), MediaType.APPLICATION_XML_TYPE);
return output;
}
}

25.7. Multipart Output with java.util.List
If your body parts are uniform, you do not have to manually marshall each and every part or even
use a MultipartOutput object.. You can just provide a java.util.List. It must have the generic type
it is marshalling with the generic parameter of the List type declaration. You must also annotate
the method with the @PartType annotation to specify what media type each part is. Here's an
example of sending back a list of customers back to a client. The customers are JAXB objects

@Path("/multipart")
public class MyService
{
@GET
@Produces("multipart/mixed")
@PartType("application/xml")
public List get()
{
...
}
}

25.8. Output with multipart/form-data
RESTEasy provides a simple API to output multipart/form-data.

120

Output with multipart/form-data

package org.jboss.resteasy.plugins.providers.multipart;
public class MultipartFormDataOutput extends MultipartOutput
{
public OutputPart addFormData(String key, Object entity, MediaType mediaType)
public OutputPart addFormData(String key, Object entity, GenericType type,
MediaType mediaType)
public OutputPart addFormData(String key, Object entity, Class type, Type
genericType, MediaType mediaType)
public Map getFormData()
public Map> getFormDataMap()
}

When you want to output multipart/form-data it is as simple as creating a MultipartFormDataOutput
object and calling addFormData() methods. RESTEasy will automatically find a MessageBodyWriter to marshall your entity objects. Like MultipartInput, sometimes you may have marshalling
which is sensitive to generic type metadata. In that case, use GenericType. Most of the time though
passing in an Object and its MediaType is enough. In the example below, we are sending back a
"multipart/form-data" format back to the calling client. The parts are Customer objects which are
JAXB annotated and will be marshalling into "application/xml".

@Path("/form")
public class MyService
{
@GET
@Produces("multipart/form-data")
public MultipartFormDataOutput get()
{
MultipartFormDataOutput output = new MultipartFormDataOutput();
output.addPart("bill",
new
Customer("bill"),
MediaType.APPLICATION_XML_TYPE);
output.addPart("monica",
new
Customer("monica"),
MediaType.APPLICATION_XML_TYPE);
return output;
}
}

When using form-data format the named content can be a list of OutputPart objects as long as
each object in the named list contains a uniform object and media type. In the example below,

121

Chapter 25. Multipart Providers

we are sending back a "multipart/form-data" format which consists of two named list of objects,
bill and monica.

@Path("/form")
public class MyService
{
@GET
@Produces("multipart/form-data")
public MultipartFormDataOutput get()
{
MultipartFormDataOutput output = new MultipartFormDataOutput();
output.addPart("smith", new Customer("Joe Smith"),
MediaType.APPLICATION_XML_TYPE);
output.addPart("monica",
new
Employee("monica"),
MediaType.APPLICATION_JSON_TYPE);
output.addPart("smith", new Customer("Deb Smith"),
MediaType.APPLICATION_XML_TYPE);
output.addPart("smith", new Customer("Buba Smith"),
MediaType.APPLICATION_XML_TYPE);
return output;
}
}

25.9. Multipart FormData Output with java.util.Map
If your body parts are uniform, you do not have to manually marshall each and every part or even
use a MultipartFormDataOutput object.. You can just provide a java.util.Map. It must have the
generic type it is marshalling with the generic parameter of the Map type declaration. You must
also annotate the method with the @PartType annotation to specify what media type each part
is. Here's an example of sending back a list of customers back to a client. The customers are
JAXB objects

@Path("/multipart")
public class MyService
{
@GET
@Produces("multipart/form-data")
@PartType("application/xml")
public Map get()
{
...
}

122

Output with multipart/related

}

25.10. Output with multipart/related
RESTEasy provides a simple API to output multipart/related.

package org.jboss.resteasy.plugins.providers.multipart;
public class MultipartRelatedOutput extends MultipartOutput
{
public OutputPart getRootPart()
public OutputPart addPart(Object entity, MediaType mediaType,
String contentId, String contentTransferEncoding)
public String getStartInfo()
public void setStartInfo(String startInfo)
}

When you want to output multipart/related it is as simple as creating a MultipartRelatedOutput
object and calling addPart() methods. The first added part will be used as the root part of the
multipart/related message. RESTEasy will automatically find a MessageBodyWriter to marshall
your entity objects. Like MultipartInput, sometimes you may have marshalling which is sensitive
to generic type metadata. In that case, use GenericType. Most of the time though passing in an
Object and its MediaType is enough. In the example below, we are sending back a "multipart/related" format back to the calling client. We are sending a html with 2 images.

@Path("/related")
public class MyService
{
@GET
@Produces("multipart/related")
public MultipartRelatedOutput get()
{
MultipartRelatedOutput output = new MultipartRelatedOutput();
output.setStartInfo("text/html");
Map mediaTypeParameters = new LinkedHashMap();
mediaTypeParameters.put("charset", "UTF-8");
mediaTypeParameters.put("type", "text/html");
output.addPart(

123

Chapter 25. Multipart Providers

"\n"
+ "This is me: \n"
+ "
This is you: \n"
+ "",
new MediaType("text", "html", mediaTypeParameters),
"", "8bit");
output.addPart("// binary octets for me png",
new MediaType("image", "png"), "",
"binary");
output.addPart("// binary octets for you png", new MediaType(
"image", "png"),
"", "binary");
client.putRelated(output);
return output;
}
}

25.11. @MultipartForm and POJOs
If you have a exact knowledge of your multipart/form-data packets, you can
map them to and from a POJO class to and from multipart/form-data using the
@org.jboss.resteasy.annotations.providers.multipart.MultipartForm annotation and the JAX-RS
@FormParam annotation. You simple define a POJO with at least a default constructor and annotate its fields and/or properties with @FormParams. These @FormParams must also be annotated with @org.jboss.resteasy.annotations.providers.multipart.PartType if you are doing output.
For example:

public class CustomerProblemForm {
@FormParam("customer")
@PartType("application/xml")
private Customer customer;
@FormParam("problem")
@PartType("text/plain")
private String problem;
public
public
public
public

Customer getCustomer() { return customer; }
void setCustomer(Customer cust) { this.customer = cust; }
String getProblem() { return problem; }
void setProblem(String problem) { this.problem = problem; }

}

After defining your POJO class you can then use it to represent multipart/form-data. Here's an
example of sending a CustomerProblemForm using the RESTEasy client framework:

124

@MultipartForm and POJOs

@Path("portal")
public interface CustomerPortal {
@Path("issues/{id}")
@Consumes("multipart/form-data")
@PUT
public void putProblem(@MultipartForm CustomerProblemForm,
@PathParam("id") int id);
}
{
CustomerPortal portal = ProxyFactory.create(CustomerPortal.class, "http://
example.com");
CustomerProblemForm form = new CustomerProblemForm();
form.setCustomer(...);
form.setProblem(...);
portal.putProblem(form, 333);
}

You see that the @MultipartForm annotation was used to tell RESTEasy that the object has
@FormParam and that it should be marshalled from that. You can also use the same object to
receive multipart data. Here is an example of the server side counterpart of our customer portal.

@Path("portal")
public class CustomerPortalServer {
@Path("issues/{id})
@Consumes("multipart/form-data")
@PUT
public void putIssue(@MultipartForm CustoemrProblemForm,
@PathParam("id") int id) {
... write to database...
}
}

In addition to the XML data format, you can also use JSON formatted data to represent your POJO
classes. To achieve this goal, you need to plug in a JSON provider into your project. For example,
you can add RESTEasy Jackson2 Provider into your project's dependency scope:



125

Chapter 25. Multipart Providers

org.jboss.resteasy
resteasy-jackson2-provider
${resteasy.ver}


And then you can write an ordinary POJO class, which Jackson2 can automatically serialize/deserialize it in JSON format:

public class JsonUser {
private String name;
public JsonUser() {
}
public JsonUser(final String name) {
this.name = name;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}

The resource class can be written like this:

import org.jboss.resteasy.annotations.providers.multipart.MultipartForm;
import org.jboss.resteasy.annotations.providers.multipart.PartType;
import
import
import
import

javax.ws.rs.Consumes;
javax.ws.rs.FormParam;
javax.ws.rs.PUT;
javax.ws.rs.Path;

@Path("/")
public class JsonFormResource {
public JsonFormResource() {
}
public static class Form {

126

@MultipartForm and POJOs

@FormParam("user")
@PartType("application/json")
private JsonUser user;
public Form() {
}
public Form(final JsonUser user) {
this.user = user;
}
public JsonUser getUser() {
return user;
}
}
@PUT
@Path("form/class")
@Consumes("multipart/form-data")
public String putMultipartForm(@MultipartForm Form form) {
return form.getUser().getName();
}
}

As the code shown above, you can see the PartType of JsonUser is marked as "application/json",
and it's included in the "@MultipartForm Form" class instance.
To send request to the resource method, you need to send JSON formatted data that is corresponding with the JsonUser class. The easiest to do this is to use a proxy class that has the same
definition like the resource class. Here is the sample code of the proxy class that is corresponding
with the JsonFormResource class:

import org.jboss.resteasy.annotations.providers.multipart.MultipartForm;
import javax.ws.rs.Consumes;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
@Path("/")
public interface JsonForm {
@PUT
@Path("form/class")
@Consumes("multipart/form-data")
String putMultipartForm(@MultipartForm JsonFormResource.Form form);

127

Chapter 25. Multipart Providers

}

And then you can use the proxy class above to send request to the resource method correctly.
Here is the sample code:

ResteasyClient client = new ResteasyClientBuilder().build();
...
JsonForm
proxy
=
client.target("your_request_url_address").proxy(JsonForm.class);
String
name
=
proxy.putMultipartForm(new
JsonFormResource.Form(new
JsonUser("bill")));
...

And if your client side has Jackson2 provider included, your request will be marshaled correctly,
and your JsonUser data will be converted into JSON format and then send to the server side. You
can also use hand-crafted JSON data as your request and send it to server side, but you have to
make sure the request data is in correct form then.

25.12. XML-binary Optimized Packaging (Xop)
RESTEasy supports Xop messages packaged as multipart/related. What does this mean? If you
have a JAXB annotated POJO that also holds some binary content you may choose to send it in
such a way where the binary does not need to be encoded in any way (neither base64 neither
hex). This results in faster transport while still using the convenient POJO. More about Xop can
be read here: http://www.w3.org/TR/xop10/. Now lets see an example:
First we have a JAXB annotated POJO to work with. @XmlMimeType tells JAXB the mime type
of the binary content (its not required to do XOP packaging but it is recommended to be set if
you know the exact type):

@XmlRootElement
@XmlAccessorType(XmlAccessType.FIELD)
public static class Xop {
private Customer bill;
private Customer monica;
@XmlMimeType(MediaType.APPLICATION_OCTET_STREAM)
private byte[] myBinary;
@XmlMimeType(MediaType.APPLICATION_OCTET_STREAM)
private DataHandler myDataHandler;

128

XML-binary Optimized Packaging (Xop)

// methods, other fields ...
}

In the above POJO myBinary and myDataHandler will be processed as binary attachments while
the whole Xop object will be sent as xml (in the places of the binaries only their references will
be generated). javax.activation.DataHandler is the most general supported type so if you need an
java.io.InputStream or a javax.activation.DataSource you need to go with the DataHandler. Some
other special types are supported too: java.awt.Image and javax.xml.transform.Source. Let's assume that Customer is also JAXB friendly POJO in the above example (of course it can also have
binary parts). Now lets see a an example Java client that sends this:

// our client interface:
@Path("mime")
public static interface MultipartClient {
@Path("xop")
@PUT
@Consumes(MultipartConstants.MULTIPART_RELATED)
public void putXop(@XopWithMultipartRelated Xop bean);
}
// Somewhere using it:
{
MultipartClient client = ProxyFactory.create(MultipartClient.class,
"http://www.example.org");
Xop xop = new Xop(new Customer("bill"), new Customer("monica"),
"Hello Xop World!".getBytes("UTF-8"),
new
DataHandler(new
ByteArrayDataSource("Hello
World!".getBytes("UTF-8"),
MediaType.APPLICATION_OCTET_STREAM)));
client.putXop(xop);
}

Xop

We used @Consumes(MultipartConstants.MULTIPART_RELATED) to tell RESTEasy that we
want to send multipart/related packages (that's the container format that will hold our Xop message). We used @XopWithMultipartRelated to tell RESTEasy that we want to make Xop messages. So we have a POJO and a client service that is willing to send it. All we need now a server
that can read it:

@Path("/mime")
public class XopService {
@PUT
@Path("xop")
@Consumes(MultipartConstants.MULTIPART_RELATED)

129

Chapter 25. Multipart Providers

public void putXopWithMultipartRelated(@XopWithMultipartRelated Xop xop) {
// do very important things here
}
}

We used @Consumes(MultipartConstants.MULTIPART_RELATED) to tell RESTEasy that we
want to read multipart/related packages. We used @XopWithMultipartRelated to tell RESTEasy
that we want to read Xop messages. Of course we could also produce Xop return values but we
would than also need to annotate that and use a Produce annotation, too.

25.13. Note about multipart parsing and working with
other frameworks
There are a lot of frameworks doing multipart parsing automatically with the
help of filters and interceptors. Like org.jboss.seam.web.MultipartFilter in Seam or
org.springframework.web.multipart.MultipartResolver in Spring. However the incoming multipart
request stream can be parsed only once. RESTEasy users working with multipart should make
sure that nothing parses the stream before RESTEasy gets it.

25.14. Overwriting the default fallback content type for
multipart messages
By default if no Content-Type header is present in a part, "text/plain; charset=us-ascii" is used as
fallback. This is the value defined by the MIME RFC. However for example some web clients (like
most, if not all, web browsers) do not send Content-Type headers for all fields in a multipart/formdata request (only for the file parts). This can cause character encoding and unmarshalling errors
on the server side. To correct this there is an option to define an other, non-rfc compliant fallback
value. This can be done dynamically per request with the PreProcessInterceptor infrastructure of
RESTEasy. In the following example we will set "*/*; charset=UTF-8" as the new default fallback:

import org.jboss.resteasy.plugins.providers.multipart.InputPart;
@Provider
@ServerInterceptor
public
class
ContentTypeSetterPreProcessorInterceptor
PreProcessInterceptor {

implements

public ServerResponse preProcess(HttpRequest request, ResourceMethod method)
throws Failure, WebApplicationException {
request.setAttribute(InputPart.DEFAULT_CONTENT_TYPE_PROPERTY, "*/*;
charset=UTF-8");
return null;
}

130

Overwriting the content type for multipart messages
}

25.15. Overwriting the content type for multipart messages
Using an interceptor and the InputPart.DEFAULT_CONTENT_TYPE_PROPERTY attribute
allows
setting
a
default
Content-Type,
but
it
is
also
possible to override the Content-Type, if any, in any input part by calling
org.jboss.resteasy.plugins.providers.multipart.InputPart.setMediaType(). For example:

@POST
@Path("query")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces(MediaType.TEXT_PLAIN)
public Response setMediaType(MultipartInput input) throws IOException
{
List parts = input.getParts();
InputPart part = parts.get(0);
part.setMediaType(MediaType.valueOf("application/foo+xml"));
String s = part.getBody(String.class, null);
...
}

25.16. Overwriting the default fallback charset for multipart messages
Sometimes, a part may have a Content-Type header with no charset parameter. If the InputPart.DEFAULT_CONTENT_TYPE_PROPERTY property is set and the value has a charset parameter, that value will be appended to an existing Content-Type header that has no charset parameter. It is also possible to specify a default charset using the constant InputPart.DEFAULT_CHARSET_PROPERTY (actual value
"resteasy.provider.multipart.inputpart.defaultCharset"):

import org.jboss.resteasy.plugins.providers.multipart.InputPart;
@Provider
@ServerInterceptor
public
class
ContentTypeSetterPreProcessorInterceptor
PreProcessInterceptor {

implements

131

Chapter 25. Multipart Providers

public ServerResponse preProcess(HttpRequest request, ResourceMethod method)
throws Failure, WebApplicationException {
request.setAttribute(InputPart.DEFAULT_CHARSET_PROPERTY, "UTF-8");
return null;
}
}

If

both

InputPart.DEFAULT_CONTENT_TYPE_PROPERTY

are
set,
then
the
InputPart.DEFAULT_CHARSET_PROPERTY will override any charset in
InputPart.DEFAULT_CONTENT_TYPE_PROPERTY.
InputPart.DEFAULT_CHARSET_PROPERTY

132

and
value
of
the value of

Chapter 26.

Chapter 26. YAML Provider
RESTEasy comes with built in support for YAML using the SnakeYAML library. To enable YAML
support, you need to drop in the SnakeYaml 1.8 jar and the resteasy-yaml-provider.jar (whatever the current version is) in RestEASY's classpath. Then you need to manually register the
org.jboss.resteasy.plugins.providers.YamlProvider provider. Note this feature is currently deprecated due to security vulnerabilities and will likely be removed in the future.

SnakeYaml jar file can either be downloaded from Google code at http://code.google.com/p/
snakeyaml/downloads/list
Or if you use maven, the SnakeYaml jar is available through SonaType public repositories and
included using this dependency:


org.yaml
snakeyaml
1.8


When starting resteasy look out in the logs for a line stating that the YamlProvider has been added
- this indicates that resteasy has found the Jyaml jar:
2877 Main INFO org.jboss.resteasy.plugins.providers.RegisterBuiltin - Adding YamlProvider

The Yaml provider recognises three mime types:

• text/x-yaml
• text/yaml
• application/x-yaml

This is an example of how to use Yaml in a resource method.

import
import
import
import

javax.ws.rs.Consumes;
javax.ws.rs.GET;
javax.ws.rs.Path;
javax.ws.rs.Produces;

133

Chapter 26. YAML Provider

@Path("/yaml")
public class YamlResource
{
@GET
@Produces("text/x-yaml")
public MyObject getMyObject() {
return createMyObject();
}
...
}

134

Chapter 27.

Chapter 27. JAX-RS 2.1 Additions
JAX-RS 2.1 adds more asynchronous processing support in both the Client and the Server API.
The specification adds a Reactive programming style to the Client side and Server-Sent Events
(SSE) protocol support to both client and server.

27.1. CompletionStage support
The specification adds support for declaring asynchronous resource methods by returning a CompletionStage [184] instead of using the @Suspended annotation.

Note
RESTEasy supports more reactive types than the specification.

27.2. Reactive Clients API
The specification defines a new type of invoker named RxInvoker, and a default implementation
of this type named CompletionStageRxInvoker. CompletionStageRxInvoker implements Java 8's
interface CompletionStage. This interface declares a large number of methods dedicated to managing asynchronous computations.
There is also a new rx method which is used in a similar manner to async.

27.3. Server-Sent Events (SSE)
SSE is part of HTML standard, currently supported by many browsers. It is a server push technology, which provides a way to establish a one-way channel to continuously send data to clients. SSE
events are pushed to the client via a long-running HTTP connection. In case of lost connection,
clients can retrieve missed events by setting a "Last-Event-ID" HTTP header in a new request.
SSE stream has text/event-stream media type and contains multiple SSE events. SSE event is
a data structure encoded with UTF-8 and contains fields and comment. The field can be event,
data, id, retry and other kinds of field will be ignored.
From JAX-RS 2.1, Server-sent Events APIs are introduced to support sending, receiving and
broadcasting SSE events.

27.3.1. SSE Server
As shown in the following example, a SSE resource method has the text/event-stream produce
media type and an injected context parameter SseEventSink. The injected SseEventSink is the
connected SSE stream where events can be sent. Another injected context Sse is an entry point

135

Chapter 27. JAX-RS 2.1 Additions

for creating and broadcasting SSE events. Here is an example to demonstrate how to send SSE
events every 200ms and close the stream after a "done" event.

Example 27.1.

@GET
@Path("domains/{id}")
@Produces(MediaType.SERVER_SENT_EVENTS)
public void startDomain(@PathParam("id") final String id, @Context SseEventSink
sink @Context Sse sse)
{
ExecutorService service = (ExecutorService) servletContext
.getAttribute(ExecutorServletContextListener.TEST_EXECUTOR);
service.execute(new Thread()
{
public void run()
{
try
{
sink.send(sse.newEventBuilder().name("domain-progress")
.data(String.class, "starting domain " + id + " ...").build());
Thread.sleep(200);
sink.send(sse.newEvent("domain-progress", "50%"));
Thread.sleep(200);
sink.send(sse.newEvent("domain-progress", "60%"));
Thread.sleep(200);
sink.send(sse.newEvent("domain-progress", "70%"));
Thread.sleep(200);
sink.send(sse.newEvent("domain-progress", "99%"));
Thread.sleep(200);
sink.send(sse.newEvent("domain-progress",
"Done.")).thenAccept((Object obj) -> {
sink.close();
});
}
catch (final InterruptedException e)
{
logger.error(e.getMessage(), e);
}
}
});
}

136

SSE Broadcasting

Note
RESTEasy supports sending SSE events via reactive types.

27.3.2. SSE Broadcasting
With SseBroadcaster, SSE events can be broadcasted to multiple clients simultaneously. It will
iterate over all registered SseEventSinks and send events to all requested SSE Stream. An application can create a SseBroadcaster from an injected context Sse. The broadcast method on a
SseBroadcaster is used to send SSE events to all registered clients. The following code snippet is
an example on how to create SseBroadcaster, subscribe and broadcast events to all subscribed
consumers.

Example 27.2.

@GET
@Path("/subscribe")
@Produces(MediaType.SERVER_SENT_EVENTS)
public void subscribe(@Context SseEventSink sink) throws IOException
{
if (sink == null)
{
throw new IllegalStateException("No client connected.");
}
if (sseBroadcaster == null)
{
sseBroadcaster = sse.newBroadcaster();
}
sseBroadcaster.register(sink);
}
@POST
@Path("/broadcast")
public void broadcast(String message) throws IOException
{
if (sseBroadcaster == null)
{
sseBroadcaster = sse.newBroadcaster();
}
sseBroadcaster.broadcast(sse.newEvent(message));
}

137

Chapter 27. JAX-RS 2.1 Additions

27.3.3. SSE Client
SseEventSource is the entry point to read and process incoming SSE events. A SseEventSource
instance can be initialized with a WebTarget. Once SseEventSource is created and connected
to a server, registered event consumer will be invoked when an inbound event arrives. In case
of errors, an exception will be passed to a registered consumer so that it can be processed.
SseEventSource can automatically reconnect the server and continuously receive pushed events
after the connection has been lost. SseEventSource can send lastEventId to the server by default
when it is reconnected, and server may use this id to replay all missed events. But reply event
is really upon on SSE resource method implementation. If the server responds HTTP 503 with a
RETRY_AFTER header, SseEventSource will automatically schedule a reconnect task with this
RETRY_AFTER value. The following code snippet is to create a SseEventSource and print the
inbound event data value and error if it happens.

Example 27.3.

public void printEvent() throws Exception
{
WebTarget target = client.target("http://localhost:8080/service/serversent-events"));
SseEventSource msgEventSource = SseEventSource.target(target).build();
try (SseEventSource eventSource = msgEventSource)
{
eventSource.register(event -> {
System.out.println(event.readData(String.class));
}, ex -> {
ex.printStackTrace();
});
eventSource.open();
}
}

27.4. Java API for JSON Binding
RESTEasy supports both JSON-B and JSON-P. In accordance with the specification, entity
providers for JSON-B take precedence over those for JSON-P for all types except JsonValue and
its sub-types.
The support for JSON-B is provided by the JsonBindingProvider from resteasy-json-binding-provider module. To satisfy JAX-RS 2.1 requirements, JsonBindingProvider takes precedence over the other providers for dealing with JSON payloads, in particular the Jackson one. The
JSON outputs (for the same input) from Jackson and JSON-B reference implementation can be

138

Java API for JSON Binding

slightly different. As a consequence, in order to allow retaining backward compatibility, RESTEasy
offers a resteasy.preferJacksonOverJsonB context property that can be set to true to disable
JsonBindingProvider for the current deloyment.
WildFly 14 supports specifying the default value for the resteasy.preferJacksonOverJsonB
context property by setting a system property with the same name. Moreover, if no value is set
for the context and system properties, it scans JAX-RS deployments for Jackson annotations and
sets the property to true if any of those annotations is found.

139

140

Chapter 28.

Chapter 28. String marshalling for
String based @*Param
28.1. Simple conversion
Parameters and properties annotated with @CookieParam, @HeaderParam, @MatrixParam, @PathParam, or @QueryParam are represented as strings in a raw HTTP request. The specification says
that any of these injected parameters can be converted to an object if the object's class has a
valueOf(String) static method or a constructor that takes one Stringparameter. In the following, for example,

public static class Customer {
private String name;
public Customer(String name) {
this.name = name;
}
public String getName() {
return name;
}
}
@Path("test")
public static class TestResource {
@GET
@Path("")
public Response test(@QueryParam("cust") Customer cust) {
return Response.ok(cust.getName()).build();
}
}
@Test
public void testQuery() throws Exception {
Invocation.Builder request = ClientBuilder.newClient().target("http://
localhost:8081/test?cust=Bill").request();
Response response = request.get();
...
}

141

Chapter 28. String marshallin...

the query "?cust=Bill" will be transformed automatically to an instance of Customer with name
== "Bill".

28.2. ParamConverter
What if you have a class where valueOf()or this string constructor don't exist or are inappropriate
for an HTTP request? JAX-RS 2.0 has the javax.ws.rs.ext.ParamConverterProvider to help
in this situation.
A ParamConverterProvider is a provider defined as follows:

public interface ParamConverterProvider {
public  ParamConverter getConverter(Class rawType, Type genericType,
Annotation annotations[]);
}

where a ParamConverter is defined:

public interface ParamConverter {
...
public T fromString(String value);
public String toString(T value);
}

For example, consider DateParamConverterProvider and DateParamConverter:

@Provider
public class DateParamConverterProvider implements ParamConverterProvider {
@SuppressWarnings("unchecked")
@Override
public  ParamConverter getConverter(Class rawType, Type genericType,
Annotation[] annotations) {
if (rawType.isAssignableFrom(Date.class)) {
return (ParamConverter) new DateParamConverter();
}
return null;
}
}

142

StringParameterUnmarshaller

public class DateParamConverter implements ParamConverter {
public static final String DATE_PATTERN = "yyyyMMdd";
@Override
public Date fromString(String param) {
try {
return new SimpleDateFormat(DATE_PATTERN).parse(param.trim());
} catch (ParseException e) {
throw new BadRequestException(e);
}
}
@Override
public String toString(Date date) {
return new SimpleDateFormat(DATE_PATTERN).format(date);
}
}

Sending a Date in the form of a query, e.g., "?date=20161217" will cause the string "20161217"
to be converted to a Date on the server.

28.3. StringParameterUnmarshaller
In addition to the JAX-RS javax.ws.rs.ext.ParamConverterProvider, RESTEasy also has its
own org.jboss.resteasy.StringParameterUnmarshaller, defined

public interface StringParameterUnmarshaller
{
void setAnnotations(Annotation[] annotations);
T fromString(String str);
}

It is similar to javax.ws.rs.ext.ParamConverter except that
• it converts only from Strings;
• it is configured with the annotations on the injected parameter, which allows for fine-grained
control over the injection; and
• it is bound to a given parameter by an annotation that is annotated with the meta-annotation
org.jboss.resteasy.annotations.StringParameterUnmarshallerBinder:

143

Chapter 28. String marshallin...

@Target({ElementType.ANNOTATION_TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface StringParameterUnmarshallerBinder
{
Class value();
}

For example,

@Retention(RetentionPolicy.RUNTIME)
@StringParameterUnmarshallerBinder(TestDateFormatter.class)
public @interface TestDateFormat {
String value();
}
public
static
class
StringParameterUnmarshaller {
private SimpleDateFormat formatter;

TestDateFormatter

implements

public void setAnnotations(Annotation[] annotations) {
TestDateFormat format = FindAnnotation.findAnnotation(annotations,
TestDateFormat.class);
formatter = new SimpleDateFormat(format.value());
}
public Date fromString(String str) {
try {
return formatter.parse(str);
} catch (ParseException e) {
throw new RuntimeException(e);
}
}
}
@Path("/")
public static class TestResource {
@GET
@Produces("text/plain")
@Path("/datetest/{date}")
public String get(@PathParam("date") @TestDateFormat("MM-dd-yyyy") Date
date) {
Calendar c = Calendar.getInstance();
c.setTime(date);

144

Collections

return date.toString();
}
}

Note that the annotation @StringParameterUnmarshallerBinder on the annotation @TestDateFormat binds the formatter TestDateFormatter to a parameter annotated with @TestDateFormat. In this example, TestDateFormatter is used to format the Date parameter. Note also that the parameter "MM-dd-yyyy" to @TestDateFormat is accessible from
TestDateFormatter.setAnnotations().

28.4. Collections
For parameters and properties annotated with @CookieParam, @HeaderParam, @MatrixParam,
@PathParam, or @QueryParam, the JAX-RS specification [https://jcp.org/aboutJava/communityprocess/final/jsr339/index.html] allows conversion as defined in the Javadoc of the corresponding annotation. In general, the following types are supported:
1. Types for which a ParamConverter is available via a registered ParamConverterProvider.
See Javadoc for these classes for more information.
2. Primitive types.
3. Types that have a constructor that accepts a single String argument.
4. Types that have a static method named valueOf or fromString with a single String argument
that return an instance of the type. If both methods are present then valueOf MUST be used
unless the type is an enum in which case fromString MUST be used.
5. List, Set, or SortedSet, where T satisfies 3 or 4 above.
Items 1, 3, and 4 have been discussed above, and item 2 is obvious. Note that item 5 allows for
collections of parameters. How these collections are expressed in HTTP messages depends, by
default, on the particular kind of parameter. In most cases, the notation for collections is based
on convention rather than a specification.

28.4.1. @QueryParam
For example, a multivalued query parameter is conventionally expressed like this:

http://bluemonkeydiamond.com?q=1&q=2&q=3

In this case, there is a query with name "q" and value {1, 2, 3}. This notation is further supported
in JAX-RS by the method

145

Chapter 28. String marshallin...

public MultivaluedMap getQueryParameters();

in javax.ws.rs.core.UriInfo.

28.4.2. @MatrixParam
There is no specified syntax for collections derived from matrix parameters, but

1. matrix parameters in a URL segment are conventionally separated by ";", and
2. the method

MultivaluedMap getMatrixParameters();

in javax.ws.rs.core.PathSegment supports extraction of collections from matrix parameters.
RESTEasy adopts the convention that multiple instances of a matrix parameter with the same
name are treated as a collection. For example,

http://bluemonkeydiamond.com/sippycup;m=1;m=2;m=3

is interpreted as a matrix parameter on path segment "sippycup" with name "m" and value {1, 2, 3}.

28.4.3. @HeaderParam
The HTTP 1.1 specification doesn't exactly specify that multiple components of a header value
should be separated by commas, but commas are used in those headers that naturally use lists,
e.g. Accept and Allow. Also, note that the method

public MultivaluedMap getRequestHeaders();

in javax.ws.rs.core.HttpHeaders returns a MultivaluedMap. It is natural, then, for RESTEasy
to treat

146

@CookieParam

x-header: a, b, c

as mapping name "x-header" to set {a, b, c}.

28.4.4. @CookieParam
The syntax for cookies is specified, but, unfortunately, it is specified in multiple competing specifications. Typically, multiple name=value cookie pairs are separated by ";". However, unlike the
case with query and matrix parameters, there is no specified JAX-RS method that returns a collection of cookie values. Consequently, if two cookies with the same name are received on the
server and directed to a collection typed parameter, RESTEasy will inject only the second one.
Note, in fact, that the method

public Map getCookies();

in javax.ws.rs.core.HttpHeaders returns a Map rather than a MultivaluedMap.

28.4.5. @PathParam
Deriving a collection from path segments is somewhat less natural than it is for other parameters, but JAX-RS supports the injection of multiple javax.ws.rs.core.PathSegments. There are
a couple of ways of obtaining multiple PathSegments. One is through the use of multiple path
variables with the same name. For example, the result of calling testTwoSegmentsArray() and
testTwoSegmentsList() in

@Path("")
public static class TestResource {
@GET
@Path("{segment}/{other}/{segment}/array")
public Response getTwoSegmentsArray(@PathParam("segment")
segments) {
System.out.println("array segments: " + segments.length);
return Response.ok().build();
}

PathSegment[]

@GET
@Path("{segment}/{other}/{segment}/list")

147

Chapter 28. String marshallin...

public Response getTwoSegmentsList(@PathParam("segment") List
segments) {
System.out.println("list segments: " + segments.size());
return Response.ok().build();
}
}
...
@Test
public void testTwoSegmentsArray() throws Exception {
Invocation.Builder request = client.target("http://localhost:8081/a/b/c/
array").request();
Response response = request.get();
Assert.assertEquals(200, response.getStatus());
response.close();
}
@Test
public void testTwoSegmentsList() throws Exception {
Invocation.Builder request = client.target("http://localhost:8081/a/b/c/
list").request();
Response response = request.get();
Assert.assertEquals(200, response.getStatus());
response.close();
}

is

array segments: 2
list segments: 2

An alternative is to use a wildcard template parameter. For example, the output of calling testWildcardArray() and testWildcardList() in

@Path("")
public static class TestResource {
@GET
@Path("{segments:.*}/array")
public Response getWildcardArray(@PathParam("segments")
segments) {

148

PathSegment[]

Extension to ParamConverter semantics

System.out.println("array segments: " + segments.length);
return Response.ok().build();
}
@GET
@Path("{segments:.*}/list")
public Response getWildcardList(@PathParam("segments") List
segments) {
System.out.println("list segments: " + segments.size());
return Response.ok().build();
}
...
@Test
public void testWildcardArray() throws Exception {
Invocation.Builder request = client.target("http://localhost:8081/a/b/c/
array").request();
Response response = request.get();
response.close();
}
@Test
public void testWildcardList() throws Exception {
Invocation.Builder request = client.target("http://localhost:8081/a/b/c/
list").request();
Response response = request.get();
response.close();
}

is

array segments: 3
list segments: 3

28.5. Extension to ParamConverter semantics
In the JAX-RS semantics, a ParamConverter is supposed to convert a single String that represents an individual object. RESTEasy extends the semantics to allow a ParamConverter to parse
the String representation of multiple objects and generate a List, Set, SortedSet,
array, or, indeed, any multivalued data structure whatever. First, consider the resource

149

Chapter 28. String marshallin...

@Path("queryParam")
public static class TestResource {
@GET
@Path("")
public Response conversion(@QueryParam("q") List list) {
return Response.ok(stringify(list)).build();
}
}
private static  String stringify(List list) {
StringBuffer sb = new StringBuffer();
for (T s : list) {
sb.append(s).append(',');
}
return sb.toString();
}

Calling TestResource as follows, using the standard notation,

@Test
public void testQueryParamStandard() throws Exception {
ResteasyClient client = new ResteasyClientBuilder().build();
Invocation.Builder request = client.target("http://localhost:8081/queryParam?
q=20161217&q=20161218&q=20161219").request();
Response response = request.get();
System.out.println("response: " + response.readEntity(String.class));
}

results in

response: 20161217,20161218,20161219,

Suppose, instead, that we want to use a comma separated notation. We can add

150

Extension to ParamConverter semantics

public

static

class

MultiValuedParamConverterProvider

implements

ParamConverterProvider
@SuppressWarnings("unchecked")
@Override
public  ParamConverter getConverter(Class rawType, Type genericType,
Annotation[] annotations) {
if (List.class.isAssignableFrom(rawType)) {
return (ParamConverter) new MultiValuedParamConverter();
}
return null;
}
}
public static class MultiValuedParamConverter implements ParamConverter> {
@Override
public List fromString(String param) {
if (param == null || param.trim().isEmpty()) {
return null;
}
return parse(param.split(","));
}
@Override
public String toString(List list) {
if (list == null || list.isEmpty()) {
return null;
}
return stringify(list);
}
private static List parse(String[] params) {
List list = new ArrayList();
for (String param : params) {
list.add(param);
}
return list;
}
}

Now we can call

@Test

151

Chapter 28. String marshallin...

public void testQueryParamCustom() throws Exception {
ResteasyClient client = new ResteasyClientBuilder().build();
Invocation.Builder request = client.target("http://localhost:8081/queryParam?
q=20161217,20161218,20161219").request();
Response response = request.get();
System.out.println("response: " + response.readEntity(String.class));
}

and get

response: 20161217,20161218,20161219,

Note that in this case, MultiValuedParamConverter.fromString() creates and returns an ArrayList, so TestResource.conversion() could be rewritten

@Path("queryParam")
public static class TestResource {
@GET
@Path("")
public Response conversion(@QueryParam("q") ArrayList list) {
return Response.ok(stringify(list)).build();
}
}

On the other hand, MultiValuedParamConverter could be rewritten to return a LinkList and
the parameter list in TestResource.conversion() could be either a List or a LinkedList.
Finally, note that this extension works for arrays as well. For example,

public static class Foo {
private String foo;
public Foo(String foo) {this.foo = foo;}
public String getFoo() {return foo;}
}
public static class FooArrayParamConverter implements ParamConverter {

152

Extension to ParamConverter semantics

@Override
public Foo[] fromString(String value)
{
String[] ss = value.split(",");
Foo[] fs = new Foo[ss.length];
int i = 0;
for (String s : ss) {
fs[i++] = new Foo(s);
}
return fs;
}
@Override
public String toString(Foo[] values)
{
StringBuffer sb = new StringBuffer();
for (int i = 0; i < values.length; i++) {
sb.append(values[i].getFoo()).append(",");
}
if (sb.length() > 0) {
sb.deleteCharAt(sb.length() - 1);
}
return sb.toString();
}
}
@Provider
public
static
ParamConverterProvider {

class

FooArrayParamConverterProvider

implements

@SuppressWarnings("unchecked")
@Override
public  ParamConverter getConverter(Class rawType,
genericType, Annotation[] annotations) {
if (rawType.equals(Foo[].class));
return (ParamConverter) new FooArrayParamConverter();
}
}

Type

@Path("")
public static class ParamConverterResource {
@GET
@Path("test")
public Response test(@QueryParam("foos") Foo[] foos) {
return Response.ok(new FooArrayParamConverter().toString(foos)).build();
}
}

153

Chapter 28. String marshallin...

154

Chapter 29.

Chapter 29. Responses using
javax.ws.rs.core.Response
You can build custom responses using the javax.ws.rs.core.Response and ResponseBuilder
classes. If you want to do your own streaming, your entity response must be an implementation
of javax.ws.rs.core.StreamingOutput. See the java doc for more information.

155

156

Chapter 30.

Chapter 30. Exception Handling
30.1. Exception Mappers
ExceptionMappers are custom, application provided, components that can catch thrown application exceptions and write specific HTTP responses. They are classes annotated with @Provider
and that implement this interface

package javax.ws.rs.ext;
import javax.ws.rs.core.Response;
/**
* Contract for a provider that maps Java exceptions to
* {@link javax.ws.rs.core.Response}. An implementation of this interface
must
* be annotated with {@link Provider}.
*
* @see Provider
* @see javax.ws.rs.core.Response
*/
public interface ExceptionMapper
{
/**
* Map an exception to a {@link javax.ws.rs.core.Response}.
*
* @param exception the exception to map to a response
* @return a response mapped from the supplied exception
*/
Response toResponse(E exception);
}

When an application exception is thrown it will be caught by the JAX-RS runtime. JAX-RS will
then scan registered ExceptionMappers to see which one support marshalling the exception type
thrown. Here is an example of ExceptionMapper

@Provider
public
class
ExceptionMapper
{

EJBExceptionMapper

implements

157

Chapter 30. Exception Handling

public Response toResponse(EJBException exception) {
return Response.status(500).build();
}
}

You register ExceptionMappers the same way you do MessageBodyReader/Writers. By scanning,
through the resteasy provider context-param (if you're deploying via a WAR file), or programmatically through the ResteasyProviderFactory class.

30.2. RESTEasy Built-in Internally-Thrown Exceptions
RESTEasy has a set of built-in exceptions that are thrown by it when it encounters errors during
dispatching or marshalling. They all revolve around specific HTTP error codes. You can find them
in RESTEasy's javadoc under the package org.jboss.resteasy.spi. Here's a list of them:

Table 30.1.
Exception

HTTP Code

Description

ReaderException

400

All exceptions thrown from
MessageBodyReaders
are
wrapped within this exception. If there is no ExceptionMapper for the wrapped
exception or if the exception
isn't a WebApplicationException, then resteasy will return a
400 code by default.

WriterException

500

All
exceptions
thrown
from MessageBodyWriters are
wrapped within this exception. If there is no ExceptionMapper for the wrapped
exception or if the exception
isn't a WebApplicationException, then resteasy will return a
400 code by default.

o.j.r.plugins.providers.jaxb.JAXBUnmarshalException
400

The JAXB providers (XML
and Jettison) throw this exception on reads. They may
be wrapping JAXBExceptions.
This class extends ReaderException

158

Overriding RESTEasy Builtin Exceptions

Exception

HTTP Code

o.j.r.plugins.providers.jaxb.JAXBMarshalException
500

Description
The JAXB providers (XML
and Jettison) throw this exception on writes. They may
be wrapping JAXBExceptions.
This class extends WriterException

ApplicationException

N/A

This exception wraps all exceptions thrown from application code. It functions much in
the same way as InvocationTargetException. If there is an
ExceptionMapper for wrapped
exception, then that is used to
handle the request.

Failure

N/A

Internal
logged

RESTEasy.

Not

LoggableFailure

N/A

Internal
Logged

RESTEasy

DefaultOptionsMethodException

N/A

If the user invokes HTTP
OPTIONS and no JAX-RS

error.

method for it, RESTEasy provides a default behavior by
throwing this exception
UnrecognizedPropertyExceptionHandler

400

A Jackson provider throws this
exception when JSON data is
determine to be invalid.

30.3. Overriding RESTEasy Builtin Exceptions
You may override RESTEasy built-in exceptions by writing an ExceptionMapper for the exception.
For that matter, you can write an ExceptionMapper for any thrown exception including WebApplicationException

159

160

Chapter 31.

Chapter 31. Configuring Individual
JAX-RS Resource Beans
If you are scanning your path for JAX-RS annotated resource beans, your beans will be registered
in per-request mode. This means an instance will be created per HTTP request served. Generally,
you will need information from your environment. If you are running within a servlet container
using the WAR-file distribution, in 1.0.0.Beta-2 and lower, you can only use the JNDI lookups to
obtain references to Java EE resources and configuration information. In this case, define your EE
configuration (i.e. ejb-ref, env-entry, persistence-context-ref, etc...) within web.xml of the resteasy
WAR file. Then within your code do jndi lookups in the java:comp namespace. For example:
web.xml


ejb/foo
...


resource code:

@Path("/")
public class MyBean {
public Object getSomethingFromJndi() {
new InitialContext.lookup("java:comp/ejb/foo");
}
...
}

You can also manually configure and register your beans through the Registry. To do this in a
WAR-based deployment, you need to write a specific ServletContextListener to do this. Within the
listener, you can obtain a reference to the registry as follows:

public class MyManualConfig implements ServletContextListener

161

Chapter 31. Configuring Indiv...

{
public void contextInitialized(ServletContextEvent event)
{
Registry
registry
=
event.getServletContext().getAttribute(Registry.class.getName());

(Registry)

}
...
}

Please also take a look at our Spring Integration as well as the Embedded Container's Spring
Integration

162

Chapter 32.

Chapter 32. Content encoding
32.1. GZIP Compression/Decompression
RESTEasy supports (though not by default - see below) GZIP decompression. If properly configured, the client framework or a JAX-RS service, upon receiving a message body with a Content-Encoding of "gzip", will automatically decompress it. The client framework can (though not
by default - see below) automatically set the Accept-Encoding header to be "gzip, deflate" so you
do not have to set this header yourself.
RESTEasy also supports (though not by default - see below) automatic compression. If the
client framework is sending a request or the server is sending a response with the Content-Encoding header set to "gzip", RESTEasy will (if properly configured) do the compression. So that you do not have to set the Content-Encoding header directly, you can use the
@org.jboss.resteasy.annotation.GZIP annotation.

@Path("/")
public interface MyProxy {
@Consumes("application/xml")
@PUT
public void put(@GZIP Order order);
}

In the above example, we tag the outgoing message body, order, to be gzip compressed. You
can use the same annotation to tag server responses

@Path("/")
public class MyService {
@GET
@Produces("application/xml")
@GZIP
public String getData() {...}
}

32.1.1. Configuring GZIP compression / decompression
Note. Decompression carries a risk of attack from a bad actor that can package an entity that
will expand greatly. Consequently, RESTEasy disables GZIP compression / decompression by
default.

163

Chapter 32. Content encoding

There are three interceptors that are relevant to GZIP compression / decompression:

1. org.jboss.resteasy.plugins.interceptors.encoding.GZIPDecodingInterceptor: If the Content-Encoding header is present and has the value "gzip", GZIPDecodingInterceptor will install an
InputStream that decompresses the message body.
2. org.jboss.resteasy.plugins.interceptors.encoding.GZIPEncodingInterceptor: If the Content-Encoding header is present and has the value "gzip", GZIPEncodingInterceptor will install an
OutputStream that compresses the message body.
3. org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPFilter: If the Accept-Encoding header does not exist, AcceptEncodingGZIPFilter will add Accept-Encoding with the
value "gzip, deflate". If the Accept-Encoding header exists but does not contain "gzip", AcceptEncodingGZIPFilter will append ", gzip". Note that enabling GZIP compression / decompression does not depend on the presence of this interceptor.
If GZIP decompression is enabled, an upper limit is imposed on the number of bytes GZIPDecodingInterceptor will extract from a compressed message body. The default limit is 10,000,000,
but a different value can be configured. See below.

32.1.1.1. Server side configuration
The interceptors may be enabled by including their classnames in a META-INF/services/javax.ws.rs.ext.Providers file on the classpath. The upper limit on deflated files may be configured by setting the web application context parameter "resteasy.gzip.max.input". If the limit is
exceeded on the server side, GZIPDecodingInterceptor will return a Response with status 413
("Request Entity Too Large") and a message specifying the upper limit.
Note.
moved

As
from

of
release
3.1.0.Final,
the
GZIP
interceptors
have
package
org.jboss.resteasy.plugins.interceptors.encoding
to
org.jboss.resteasy.plugins.interceptors.
and
they
should
be
named
accordingly
in
javax.ws.rs.ext.Providers.
However,
they
continue
to
exist
in
org.jboss.resteasy.plugins.interceptors.encoding in module resteasy-legacy, so, if
resteasy-legacy is available, the original names can be used. See Chapter Migration to RESTEasy
3.1 for more information.

32.1.1.2. Client side configuration
The interceptors may be enabled by registering them with, for example, a Client or WebTarget.
For example,

Client client = new ResteasyClientBuilder() // Activate gzip compression on
client:
.register(AcceptEncodingGZIPFilter.class)

164

General content encoding

.register(GZIPDecodingInterceptor.class)
.register(GZIPEncodingInterceptor.class)
.build();

The upper limit on deflated files may configured by creating an instance of GZIPDecodingInterceptor with a specific value:

Client client = new ResteasyClientBuilder() // Activate gzip compression on
client:
.register(AcceptEncodingGZIPFilter.class)
.register(new GZIPDecodingInterceptor(256))
.register(GZIPEncodingInterceptor.class)
.build();

If the limit is exceeded on the client side, GZIPDecodingInterceptor will throw a ProcessingException with a message specifying the upper limit.

32.2. General content encoding
The designation of a compressible entity by the use of the @GZIP annotation is a built in, specific
instance of a more general facility supported by RESTEasy. There are three components to this
facility.

1. The annotation org.jboss.resteasy.annotations.ContentEncoding is a "meta-annotation" used on other annotations to indicate that they represent a Content-Encoding. For example, @GZIP is defined

@Target({ElementType.TYPE, ElementType.METHOD, ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
@ContentEncoding("gzip")
public @interface GZIP
{
}

The value of @ContentEncoding indicates the represented Content-Encoding. For @GZIP it is
"gzip".
2. ClientContentEncodingAnnotationFeature and ServerContentEncodingAnnotationFeature, two DynamicFeatures in package org.jboss.resteasy.plugins.interceptors,
examine resource methods for annotations decorated with @ContentEncoding.

165

Chapter 32. Content encoding

3. For each value found in a @ContentEncoding decorated annotation on a resource method, an instance of ClientContentEncodingAnnotationFilter or ServerContentEncodingAnnotationFilter, javax.ws.rs.ext.WriterInterceptors in package
org.jboss.resteasy.plugins.interceptors, is registered. They are responsible for adding

an appropriate Content-Encoding header. For example, ClientContentEncodingAnnotationFilter is defined

@ConstrainedTo(RuntimeType.CLIENT)
@Priority(Priorities.HEADER_DECORATOR)
public
class
ClientContentEncodingAnnotationFilter
WriterInterceptor
{
protected String encoding;

implements

public ClientContentEncodingAnnotationFilter(String encoding)
{
this.encoding = encoding;
}
@Override
public void aroundWriteTo(WriterInterceptorContext context) throws
IOException, WebApplicationException
{
context.getHeaders().putSingle(HttpHeaders.CONTENT_ENCODING, encoding);
context.proceed();
}
}

When it is created, ClientContentEncodingAnnotationFeature passes in the value to be
used for Content-Encoding headers.
The annotation @GZIP is built into RESTEasy, but ClientContentEncodingAnnotationFeature
and ServerContentEncodingAnnotationFeature will also recognize application defined annotations. For example,

@Target({ElementType.TYPE, ElementType.METHOD, ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
@ContentEncoding("compress")
public @interface Compress
{
}
@Path("")

166

General content encoding

public static class TestResource {
@GET
@Path("a")
@Compress
public String a() {
return "a";
}
}

If TestResource.a() is invoked as follows

@Test
public void testCompress() throws Exception
{
ResteasyClient client = new ResteasyClientBuilder().build();
Invocation.Builder request = client.target("http://localhost:8081/
a").request();
request.acceptEncoding("gzip,compress");
Response response = request.get();
System.out.println("content-encoding: "+ response.getHeaderString("ContentEncoding"));
client.close();
}

the output will be

content-encoding: compress

167

168

Chapter 33.

Chapter 33. CORS
RESTEasy has a ContainerRequestFilter that can be used to handle CORS preflight and actual requests. org.jboss.resteasy.plugins.interceptors.CorsFilter. You must allocate this
and register it as a singleton provider from your Application class. See the javadoc or its various
settings.

CorsFilter filter = new CorsFilter();
filter.getAllowedOrigins().add("http://localhost");

169

170

Chapter 34.

Chapter 34. Content-Range Support
RESTEasy supports Range requests for java.io.File response entities.

@Path("/")
public class Resource {
@GET
@Path("file")
@Produces("text/plain")
public File getFile()
{
return file;
}
}
Response response = client.target(generateURL("/file")).request()
.header("Range", "1-4").get();
Assert.assertEquals(response.getStatus(), 206);
Assert.assertEquals(4, response.getLength());
System.out.println("Content-Range: " + response.getHeaderString("ContentRange"));

171

172

Chapter 35.

Chapter 35. RESTEasy Caching
Features
RESTEasy provides numerous annotations and facilities to support HTTP caching semantics.
Annotations to make setting Cache-Control headers easier and both server-side and client-side
in-memory caches are available.

35.1. @Cache and @NoCache Annotations
RESTEasy provides an extension to JAX-RS that allows you to automatically set Cache-Control
headers on a successful GET request. It can only be used on @GET annotated methods. A
successful @GET request is any request that returns 200 OK response.

package org.jboss.resteasy.annotations.cache;
public @interface Cache
{
int maxAge() default -1;
int sMaxAge() default -1;
boolean noStore() default false;
boolean noTransform() default false;
boolean mustRevalidate() default false;
boolean proxyRevalidate() default false;
boolean isPrivate() default false;
}
public @interface NoCache
{
String[] fields() default {};
}

While @Cache builds a complex Cache-Control header, @NoCache is a simplified notation to
say that you don't want anything cached i.e. Cache-Control: nocache.
These annotations can be put on the resource class or interface and specifies a default cache
value for each @GET resource method. Or they can be put individually on each @GET resource
method.

173

Chapter 35. RESTEasy Caching ...

35.2. Client "Browser" Cache
RESTEasy has the ability to set up a client-side, browser-like, cache. You can use it with the
Client Proxy Framework, or with raw ClientRequests. This cache looks for Cache-Control headers
sent back with a server response. If the Cache-Control headers specify that the client is allowed
to cache the response, RESTEasy caches it within local memory. The cache obeys max-age requirements and will also automatically do HTTP 1.1 cache revalidation if either or both the LastModified and/or ETag headers are sent back with the original response. See the HTTP 1.1 specification for details on how Cache-Control or cache revalidation works.
It is very simple to enable caching. Here's an example of using the client cache with the Client
Proxy Framework

@Path("/orders")
public interface OrderServiceClient {
@Path("{id}")
@GET
@Produces("application/xml")
public Order getOrder(@PathParam("id") String id);
}

To create a proxy for this interface and enable caching for that proxy requires only a few simple
steps:

import org.jboss.resteasy.client.ProxyFactory;
import org.jboss.resteasy.client.cache.CacheFactory;
import org.jboss.resteasy.client.cache.LightweightBrowserCache;
public static void main(String[] args) throws Exception
{
RegisterBuiltin.register(ResteasyProviderFactory.getInstance());
OrderServiceClient proxy = ProxyFactory.create(OrderServiceClient.class,
generateBaseUrl());
// This line enables caching
LightweightBrowserCache cache = CacheFactory.makeCacheable(proxy);
}

If you are using the ClientRequest class to make invocations rather than the proxy framework,
it is just as easy

174

Local Server-Side Response Cache

import org.jboss.resteasy.client.ProxyFactory;
import org.jboss.resteasy.client.cache.CacheFactory;
import org.jboss.resteasy.client.cache.LightweightBrowserCache;
public static void main(String[] args) throws Exception
{
RegisterBuiltin.register(ResteasyProviderFactory.getInstance());
// This line enables caching
LightweightBrowserCache cache = new LightweightBrowserCache();
ClientRequest request = new ClientRequest("http://example.com/orders/333");
CacheFactory.makeCacheable(request, cache);
}

The LightweightBrowserCache, by default, has a maximum 2 megabytes of caching space. You
can change this programmatically by callings its setMaxBytes() method. If the cache gets full, the
cache completely wipes itself of all cached data. This may seem a bit draconian, but the cache
was written to avoid unnecessary synchronizations in a concurrent environment where the cache
is shared between multiple threads. If you desire a more complex caching solution or if you want
to plug in a thirdparty cache please contact our resteasy-developers list and discuss it with the
community.

35.3. Local Server-Side Response Cache
RESTEasy has a server-side cache that can sit in front of your JAX-RS services. It automatically
caches marshalled responses from HTTP GET JAX-RS invocations if, and only if your JAX-RS
resource method sets a Cache-Control header. When a GET comes in, the RESTEasy Server
Cache checks to see if the URI is stored in the cache. If it does, it returns the already marshalled
response without invoking your JAX-RS method. Each cache entry has a max age to whatever
is specified in the Cache-Control header of the initial request. The cache also will automatically
generate an ETag using an MD5 hash on the response body. This allows the client to do HTTP 1.1
cache revalidation with the IF-NONE-MATCH header. The cache is also smart enough to perform
revalidation if there is no initial cache hit, but the jax-rs method still returns a body that has the
same ETag.
The cache is also automatically invalidated for a particular URI that has PUT, POST,
or DELETE invoked on it. You can also obtain a reference to the cache by injecting a
org.jboss.resteasy.plugins.cache.ServerCache via the @Context annotation

@Context
ServerCache cache;

175

Chapter 35. RESTEasy Caching ...

@GET
public String get(@Context ServerCache cache) {...}

To
set
up
the
server-side
cache
you
must
register
an
instance
of
org.jboss.resteasy.plugins.cache.server.ServerCacheFeature via your Application getSingletons() or getClasses() methods. The underlying cache is Infinispan. By default, RESTEasy will
create an Infinispan cache for you. Alternatively, you can create and pass in an instance of your
cache to the ServerCacheFeature constructor. You can also configure Infinispan by specifying
various context-param variables in your web.xml. First, if you are using Maven you must depend
on the resteasy-cache-core artifact:


org.jboss.resteasy
resteasy-cache-core
3.6.2.Final


The next thing you should probably do is set up the Infinispan configuration in your web.xml.



server.request.cache.infinispan.config.file
infinispan.xml


server.request.cache.infinispan.cache.name
MyCache



server.request.cache.infinispan.config.file can either be a classpath or a file path.
server.request.cache.infinispan.cache.name is the name of the cache you want to reference that
is declared in the config file.

176

HTTP preconditions

35.4. HTTP preconditions
JAX-RS provides an API for evaluating HTTP preconditions based on "If-Match", "If-NoneMatch", "If-Modified-Since" and "If-Unmodified-Since" headers.

Response.ResponseBuilder
request.evaluatePreconditions(lastModified, etag);

rb

=

By default RESTEasy will return status code 304 (Not modified) or 412 (Precondition failed) if any
of conditions fails. However it is not compliant with RFC 7232 which states that headers "IfMatch", "If-None-Match" MUST have higher precedence. You can enable RFC 7232 compatible
mode by setting resteasy.rfc7232preconditions context parameter to true

177

178

Chapter 36.

Chapter 36. Filters and Interceptors
JAX-RS 2.0 has two different concepts for interceptions: Filters and Interceptors. Filters are mainly
used to modify or process incoming and outgoing request headers or response headers. They
execute before and after request and response processing.

36.1. Server Side Filters
On the server-side you have two different types of filters. ContainerRequestFilters run before your
JAX-RS resource method is invoked. ContainerResponseFilters run after your JAX-RS resource
method is invoked. As an added caveat, ContainerRequestFilters come in two flavors: pre-match
and post-matching. Pre-matching ContainerRequestFilters are designated with the @PreMatching annotation and will execute before the JAX-RS resource method is matched with the incoming
HTTP request. Pre-matching filters often are used to modify request attributes to change how it
matches to a specific resource method (i.e. strip .xml and add an Accept header). ContainerRequestFilters can abort the request by calling ContainerRequestContext.abortWith(Response). A
filter might want to abort if it implements a custom authentication protocol.
After the resource class method is executed, JAX-RS will run all ContainerResponseFilters. These
filters allow you to modify the outgoing response before it is marshalling and sent to the client. So
given all that, here's some pseudo code to give some understanding of how things work.

// execute pre match filters
for (ContainerRequestFilter filter : preMatchFilters) {
filter.filter(requestContext);
if (isAborted(requestContext)) {
sendAbortionToClient(requestContext);
return;
}
}
// match the HTTP request to a resource class and method
JaxrsMethod method = matchMethod(requestContext);
// Execute post match filters
for (ContainerRequestFilter filter : postMatchFilters) {
filter.filter(requestContext);
if (isAborted(requestContext)) {
sendAbortionToClient(requestContext);
return;
}
}
// execute resource class method
method.execute(request);

179

Chapter 36. Filters and Inter...

// execute response filters
for (ContainerResponseFilter filter : responseFilters) {
filter.filter(requestContext, responseContext);
}

36.1.1. Asynchronous filters
It is possible to turn filters into asynchronous filters, if you need to suspend execution of your filter
until a certain resource has become available. This turns the request asynchronous, but requires
no change to your resource method declaration. In particular, synchronous and asynchronous
resource methods continue to work as specified, regardless of whether or not a filter turned the
request asynchronous. Similarly, one filter turning the request asynchronous requires no change
in the declaration of further filters.
In order to turn a filter's execution asynchronous, you need to cast the ContainerRequestContext
into a SuspendableContainerRequestContext (for pre/post request filters), or cast the ContainerResponseContext into a SuspendableContainerResponseContext (for response filters).
These context objects can turn the current filter's execution to asynchronous by calling the suspend() method. Once asynchronous, the filter chain is suspended, and will only resume after one
of the following method is called on the context object:

abortWith(Response)

Terminate the filter chain, return the given Response to the client (only for ContainerRequestFilter).
resume()

Resume execution of the filter chain by calling the next filter.
resume(Throwable)

Abort execution of the filter chain by throwing the given exception. This behaves as if the filter
were synchronous and threw the given exception.

36.2. Client Side Filters
On the client side you also have two types of filters: ClientRequestFilter and ClientResponseFilter.
ClientRequestFilters run before your HTTP request is sent over the wire to the server. ClientResponseFilters run after a response is received from the server, but before the response body
is unmarshalled. ClientRequestFilters are also allowed to abort the execute of the request and
provide a canned response without going over the wire to the server. ClientResponseFilters can
modfiy the Response object before it is handed back to application code. Here's some pseudo
code to illustrate things.

180

Reader and Writer Interceptors

// execute request filters
for (ClientRequestFilter filter : requestFilters) {
filter.filter(requestContext);
if (isAborted(requestContext)) {
return requestContext.getAbortedResponseObject();
}
}
// send request over the wire
response = sendRequest(request);
// execute response filters
for (ClientResponseFilter filter : responseFilters) {
filter.filter(requestContext, responseContext);
}

36.3. Reader and Writer Interceptors
While filters modify request or response headers, interceptors deal with message bodies. Interceptors are executed in the same call stack as their corresponding reader or writer. ReaderInterceptors wrap around the execution of MessageBodyReaders. WriterInterceptors wrap around the
execution of MessageBodyWriters. They can be used to implement a specific content-encoding.
They can be used to generate digital signatures or to post or pre-process a Java object model
before or after it is marshalled.

36.4. Per Resource Method Filters and Interceptors
Sometimes you want a filter or interceptor to only run for a specific resource method. You can do
this in two different ways: register an implementation of DynamicFeature or use the @NameBinding annotation. The DynamicFeature interface is executed at deployment time for each resource
method. You just use the Configurable interface to register the filters and interceptors you want
for the specific resource method. @NameBinding works a lot like CDI interceptors. You annotate
a custom annotation with @NameBinding and then apply that custom annotation to your filter
and resource method. The custom annotation must use @Retention(RetentionPolicy.RUNTIME)
in order for the attribute to be picked up by the RESTEasy runtime code when it is deployed.

@NameBinding
@Retention(RetentionPolicy.RUNTIME)
public @interface DoIt {}
@DoIt
public class MyFilter implements ContainerRequestFilter {...}
@Path("/root")

181

Chapter 36. Filters and Inter...

public class MyResource {
@GET
@DoIt
public String get() {...}
}

36.5. Ordering
Ordering is accomplished by using the @BindingPriority annotation on your filter or interceptor
class.

182

Chapter 37.

Chapter 37. Asynchronous HTTP
Request Processing
Asynchronous HTTP Request Processing is a relatively new technique that allows you to process
a single HTTP request using non-blocking I/O and, if desired in separate threads. Some refer to
it as COMET capabilities. The primary use case for Asynchronous HTTP is in the case where the
client is polling the server for a delayed response. The usual example is an AJAX chat client where
you want to push/pull from both the client and the server. These scenarios have the client blocking
a long time on the server’s socket waiting for a new message. What happens in synchronous
HTTP where the server is blocking on incoming and outgoing I/O is that you end up having a thread
consumed per client connection. This eats up memory and valuable thread resources. Not such
a big deal in 90% of applications (in fact using asynchronous processing may actually hurt your
performance in most common scenarios), but when you start getting a lot of concurrent clients that
are blocking like this, there’s a lot of wasted resources and your server does not scale that well.

37.1. Using the @Suspended annotation
The JAX-RS 2.0 specification has added asynchronous HTTP support via two classes. The @Suspended annotation, and AsyncResponse interface.
Injecting an AsynchronousResponse as a parameter to your jax-rs methods tells RESTEasy that
the HTTP request/response should be detached from the currently executing thread and that the
current thread should not try to automatically process the response.
The AsyncResponse is the callback object. The act of calling one of the resume() methods will
cause a response to be sent back to the client and will also terminate the HTTP request. Here is
an example of asynchronous processing:

import javax.ws.rs.Suspend;
import javax.ws.rs.core.AsynchronousResponse;
@Path("/")
public class SimpleResource
{
@GET
@Path("basic")
@Produces("text/plain")
public void getBasic(@Suspended final AsyncResponse response) throws Exception
{
Thread t = new Thread()
{
@Override

183

Chapter 37. Asynchronous HTTP...

public void run()
{
try
{
Response

jaxrs

=

Response.ok("basic").type(MediaType.TEXT_PLAIN).build();
response.resume(jaxrs);
}
catch (Exception e)
{
response.resume(e);
}
}
};
t.start();
}
}

AsyncResponse also has other methods to cancel the execution. See javadoc for more details.
NOTE:
The
old
RESTEasy
proprietary
API
for
async
http
has
been
deprecated
and
may
be
removed
as
soon
as
RESTEasy
3.1.
In
particular,
the
RESTEasy
@Suspend
annotation
is
replaced
by
javax.ws.rs.container.Suspended, and org.jboss.resteasy.spi.AsynchronousResponse
is replaced by javax.ws.rs.container.AsyncResponse. Note that @Suspended does not have
a value field, which represented a timeout limit. Instead, AsyncResponse.setTimeout() may be
called.

37.2. Using Reactive return types
The JAX-RS 2.1 specification adds support for declaring asynchronous resource methods by returning a CompletionStage instead of using the @Suspended annotation.
Whenever a resource method returns a CompletionStage, it will be subscribed to, the request
will be suspended, and only resumed when the CompletionStage is resolved either to a value
(which is then treated as the return value for the method), or as an error case, in which case the
exception will be processed as if it were thrown by the resource method.
Here is an example of asynchronous processing using CompletionStage:

import javax.ws.rs.Suspend;
import javax.ws.rs.core.AsynchronousResponse;
@Path("/")
public class SimpleResource

184

Asynchronous filters

{
@GET
@Path("basic")
@Produces("text/plain")
public CompletionStage getBasic() throws Exception
{
final CompletableFuture response = new CompletableFuture<>();
Thread t = new Thread()
{
@Override
public void run()
{
try
{
Response
jaxrs
=
Response.ok("basic").type(MediaType.TEXT_PLAIN).build();
response.complete(jaxrs);
}
catch (Exception e)
{
response.completeExceptionally(e);
}
}
};
t.start();
return response;
}
}

Note
RESTEasy supports more reactive types for asynchronous programming.

37.3. Asynchronous filters
It is possible to write filters that also turn the request asynchronous. Whether or not filters turned
the request asynchronous before execution of your method makes absolutely no difference to
your method: it does not need to be declared asynchronous in order to function as specified.
Synchronous methods and asynchronous methods will work as specified by the spec.

185

186

Chapter 38.

Chapter 38. Asynchronous Job
Service
The RESTEasy Asynchronous Job Service is an implementation of the Asynchronous Job pattern
defined in O'Reilly's "Restful Web Services" book. The idea of it is to bring asynchronicity to a
synchronous protocol.

38.1. Using Async Jobs
While HTTP is a synchronous protocol it does have a faint idea of asynchronous invocations.
The HTTP 1.1 response code 202, "Accepted" means that the server has received and accepted
the response for processing, but the processing has not yet been completed. The RESTEasy
Asynchronous Job Service builds around this idea.

POST http://example.com/myservice?asynch=true

For example, if you make the above post with the asynch query parameter set to true, RESTEasy
will return a 202, "Accepted" response code and run the invocation in the background. It also
sends back a Location header with a URL pointing to where the response of the background
method is located.

HTTP/1.1 202 Accepted
Location: http://example.com/asynch/jobs/3332334

The URI will have the form of:

/asynch/jobs/{job-id}?wait={millisconds}|nowait=true

You can perform the GET, POST, and DELETE operations on this job URL. GET returns whatever
the JAX-RS resource method you invoked returned as a response if the job was completed. If
the job has not completed, this GET will return a response code of 202, Accepted. Invoking GET
does not remove the job, so you can call it multiple times. When RESTEasy's job queue gets full,
it will evict the least recently used job from memory. You can manually clean up after yourself by
calling DELETE on the URI. POST does a read of the JOB response and will remove the JOB
it has been completed.

187

Chapter 38. Asynchronous Job ...

Both GET and POST allow you to specify a maximum wait time in milliseconds, a "wait" query
parameter. Here's an example:

POST http://example.com/asynch/jobs/122?wait=3000

If you do not specify a "wait" parameter, the GET or POST will not wait at all if the job is not
complete.
NOTE!! While you can invoke GET, DELETE, and PUT methods asynchronously, this breaks the
HTTP 1.1 contract of these methods. While these invocations may not change the state of the
resource if invoked more than once, they do change the state of the server as new Job entries with
each invocation. If you want to be a purist, stick with only invoking POST methods asynchronously.
Security NOTE! RESTEasy role-based security (annotations) does not work with the Asynchronous Job Service. You must use XML declarative security within your web.xml file. Why? It is
impossible to implement role-based security portably. In the future, we may have specific JBoss
integration, but will not support other environments.
NOTE. A SecureRandom object is used to generate unique job ids. For security purposes, the
SecureRandom is periodically reseeded. By default, it is reseeded after 100 uses. This value may
be configured with the servlet init parameter "resteasy.secure.random.max.use".

38.2. Oneway: Fire and Forget
RESTEasy also supports the notion of fire and forget. This will also return a 202, Accepted response, but no Job will be created. This is as simple as using the oneway query parameter instead
of asynch. For example:

POST http://example.com/myservice?oneway=true

Security NOTE! RESTEasy role-based security (annotations) does not work with the Asynchronous Job Service. You must use XML declaritive security within your web.xml file. Why? It is impossible to implement role-based security portably. In the future, we may have specific JBoss
integration, but will not support other environments.

38.3. Setup and Configuration
You must enable the Asynchronous Job Service in your web.xml file as it is not turned on by
default.

188

Setup and Configuration




resteasy.async.job.service.enabled
true




resteasy.async.job.service.max.job.results
100



resteasy.async.job.service.max.wait
300000



resteasy.async.job.service.thread.pool.size
100



resteasy.async.job.service.base.path
/asynch/jobs

...


189

190

Chapter 39.

Chapter 39. Reactive programming
support
With version 2.1, the JAX-RS specification (https://jcp.org/en/jsr/detail?id=370) takes its first steps
into the world of Reactive Programming. There are many discussions of reactive programming
on the internet, and a general introduction is beyond the scope of this document, but there are a
few things worth discussing. Some primary aspects of reactive programming are the following:

• Reactive programming supports the declarative creation of rich computational structures. The
representations of these structures can be passed around as first class objects such as method
parameters and return values.
• Reactive programming supports both synchronous and asynchronous computation, but it is
particularly helpful in facilitating, at a relatively high level of expression, asynchronous computation. Conceptually, asynchronous computation in reactive program typically involves pushing
data from one entity to another, rather than polling for data.

39.1. CompletionStage
In java 1.8 and JAX-RS 2.1, the support for reactive programming is fairly limited. Java 1.8 introduces the interface java.util.concurrent.CompletionStage, and JAX-RS 2.1 mandates support for the javax.ws.rs.client.CompletionStageRxInvoker, which allows a client to obtain
a response in the form of a CompletionStage.
One implementation of CompletionStage is the java.util.concurrent.CompleteableFuture.
For example:

@Test
public void testCompletionStage() throws Exception {
CompletionStage stage = getCompletionStage();
log.info("result: " + stage.toCompletableFuture().get());
}
private CompletionStage getCompletionStage() {
CompletableFuture future = new CompletableFuture();
future.complete("foo");
return future;
}

Here, a CompleteableFuture is created with the value "foo", and its value is extracted by the
method CompletableFuture.get(). That's fine, but consider the altered version:

191

Chapter 39. Reactive programm...

@Test
public void testCompletionStageAsync() throws Exception {
log.info("start");
CompletionStage stage = getCompletionStageAsync();
String result = stage.toCompletableFuture().get();
log.info("do some work");
log.info("result: " + result);
}
private CompletionStage getCompletionStageAsync() {
CompletableFuture future = new CompletableFuture();
Executors.newCachedThreadPool().submit(()
->
{sleep(2000);
future.complete("foo");});
return future;
}
private void sleep(long l) {
try {
Thread.sleep(l);
} catch (InterruptedException e) {
e.printStackTrace();
}
}

with output something like:

3:10:51 PM INFO: start
3:10:53 PM INFO: do some work
3:10:53 PM INFO: result: foo

It also works, but it illustrates the fact that CompletableFuture.get() is a blocking call. The
CompletionStage is constructed and returned immediately, but the value isn't returned for two
seconds. A version that is more in the spirit of the reactive style is:

@Test
public void testCompletionStageAsyncAccept() throws Exception {
log.info("start");
CompletionStage stage = getCompletionStageAsync();
stage.thenAccept((String s) -> log.info("s: " + s));
log.info("do some work");
...

192

CompletionStage

}

In this case, the lambda (String s) -> log.info("s: " + s) is registered with the CompletionStage as
a "subscriber", and, when the CompletionStage eventually has a value, that value is passed to
the lambda. Note that the output is something like

3:23:05 INFO: start
3:23:05 INFO: do some work
3:23:07 INFO: s: foo

Executing CompletionStages asynchronously is so common that there are several supporting
convenience methods. For example:

@Test
public void testCompletionStageSupplyAsync() throws Exception {
CompletionStage stage = getCompletionStageSupplyAsync();;
stage.thenAccept((String s) -> log.info("s: " + s));
}
private CompletionStage getCompletionStageSupplyAsync() {
return CompletableFuture.supplyAsync(() -> "foo");
}

The static method ComputableFuture.supplyAsync() creates a ComputableFuture, the value
of which is supplied asynchronously by the lambda () -> "foo", running, by default, in the default
pool of java.util.concurrent.ForkJoinPool.
One final example illustrates a more complex computational structure:

@Test
public void testCompletionStageComplex() throws Exception {
ExecutorService executor = Executors.newCachedThreadPool();
CompletionStage stage1 = getCompletionStageSupplyAsync1("foo",
executor);
CompletionStage stage2 = getCompletionStageSupplyAsync1("bar",
executor);
CompletionStage stage3 = stage1.thenCombineAsync(stage2, (String s,
String t) -> s + t, executor);
stage3.thenAccept((String s) -> log.info("s: " + s));
}

193

Chapter 39. Reactive programm...

private

CompletionStage

getCompletionStageSupplyAsync1(String

s,

ExecutorService executor) {
return CompletableFuture.supplyAsync(() -> s, executor);
}

stage1 returns "foo", stage2 returns "bar", and stage3, which runs when both stage1 and stage2

have completed, returns the concatenation of "foo" and "bar". Note that, in this example, an explict
ExecutorService is provided for asynchronous processing.

39.2. CompletionStage in JAX-RS
On the client side, the JAX-RS 2.1 specification mandates an implementation of the interface
javax.ws.rs.client.CompletionStageRxInvoker:

public interface CompletionStageRxInvoker extends RxInvoker {
@Override
public CompletionStage get();
@Override
public  CompletionStage get(Class responseType);
@Override
public  CompletionStage get(GenericType responseType);
...

That is, there are invocation methods for the standard HTTP verbs, just as in the standard
javax.ws.rs.client.SyncInvoker. A CompletionStageRxInvoker is obtained by calling rx()
on a javax.ws.rs.client.Invocation.Builder, which extends SyncInvoker. For example,

Invocation.Builder

builder

=

client.target(generateURL("/get/

string")).request();
CompletionStageRxInvoker invoker = builder.rx(CompletionStageRxInvoker.class);
CompletionStage stage = invoker.get();
Response response = stage.toCompletableFuture().get();
log.info("result: " + response.readEntity(String.class));

or

194

CompletionStage in JAX-RS

CompletionStageRxInvoker

invoker

=

client.target(generateURL("/get/

string")).request().rx(CompletionStageRxInvoker.class);
CompletionStage stage = invoker.get(String.class);
String s = stage.toCompletableFuture().get();
log.info("result: " + s);

On the server side, the JAX-RS 2.1 specification requires support for resource methods with return
type CompletionStage. For example,

@GET
@Path("get/async")
public CompletionStage longRunningOpAsync() {
CompletableFuture cs = new CompletableFuture<>();
executor.submit(
new Runnable() {
public void run() {
executeLongRunningOp();
cs.complete("Hello async world!");
}
});
return cs;
}

The way to think about longRunningOpAsync() is that it is asynchronously creating and returning
a String. After cs.complete() is called, the server will return the String "Hello async world!"
to the client.
An important thing to understand is that the decision to produce a result asynchronously on the
server and the decision to retrieve the result asynchronously on the client are independent. Suppose that there is also a resource method

@GET
@Path("get/sync")
public String longRunningOpSync() {
return "Hello async world!";
}

Then all three of the following invocations are valid:

public void testGetStringAsyncAsync() throws Exception {

195

Chapter 39. Reactive programm...

CompletionStageRxInvoker

invoker

=

client.target(generateURL("/get/

async")).request().rx();
CompletionStage stage = invoker.get(String.class);
log.info("s: " + stage.toCompletableFuture().get());
}

public void testGetStringSyncAsync() throws Exception {
Builder request = client.target(generateURL("/get/async")).request();
String s = request.get(String.class);
log.info("s: " + s);
}

and

public void testGetStringAsyncSync() throws Exception {
CompletionStageRxInvoker invoker = client.target(generateURL("/get/
sync")).request().rx();
CompletionStage stage = invoker.get(String.class);
log.info("s: " + stage.toCompletableFuture().get());
}

Note
CompletionStage in JAX-RS is also discussed in the chapter Asynchronous HTTP

Request Processing.

Note
Since running code asynchronously is so common in this context, it is worth pointing out that objects obtained by way of the annotation @Context or by way of calling ResteasyProviderFactory.getContextData() are sensitive to the executing thread. For example, given resource method

@GET
@Path("test")
@Produces("text/plain")
public CompletionStage text(@Context HttpRequest request) {
System.out.println("request (inline): " + request);

196

CompletionStage in JAX-RS

System.out.println("application

(inline):

"

+

ResteasyProviderFactory.getContextData(Application.class));
CompletableFuture cs = new CompletableFuture<>();
ExecutorService executor = Executors.newSingleThreadExecutor();
executor.submit(
new Runnable() {
public void run() {
try {
System.out.println("request (async): " + request);
System.out.println("application (async): " +
ResteasyProviderFactory.getContextData(Application.class));
cs.complete("hello");
} catch (Exception e) {
e.printStackTrace();
}
}
});
return cs;
}

the output will look something like

application

(inline):

$TestApp@23c57474
request
(inline):
org.jboss.resteasy.plugins.server.servlet.Servlet3AsyncHttpRequest@2ce23138
application (async): null
org.jboss.resteasy.spi.LoggableFailure: RESTEASY003880: Unable to
find contextual data of type: org.jboss.resteasy.spi.HttpRequest

The point is that it is the developer's responsibility to extract information from these
context objects in advance. For example:

@GET
@Path("test")
@Produces("text/plain")
public CompletionStage text(@Context HttpRequest req) {
System.out.println("request (inline): " + request);
System.out.println("application
(inline):
"
+
ResteasyProviderFactory.getContextData(Application.class));
CompletableFuture cs = new CompletableFuture<>();
ExecutorService executor = Executors.newSingleThreadExecutor();
final String httpMethodFinal = request.getHttpMethod();

197

Chapter 39. Reactive programm...

final

Map

mapFinal

=

ResteasyProviderFactory.getContextData(Application.class).getProperties();
executor.submit(
new Runnable() {
public void run() {
System.out.println("httpMethod (async): " +
httpMethodFinal);
System.out.println("map (async): " + mapFinal);
cs.complete("hello");
}
});
return cs;
}

39.3. Beyond CompletionStage
The picture becomes more complex and interesting when sequences are added. A CompletionStage holds no more than one potential value, but other reactive objects can hold multiple, even
unlimited, values. Currently, most Java implementations of reactive programming are based on
the project Reactive Streams (http://www.reactive-streams.org/), which defines a set of four interfaces and a specification, in the form of a set of rules, describing how they interact:

public interface Publisher {
public void subscribe(Subscriber s);
}
public interface Subscriber {
public void onSubscribe(Subscription s);
public void onNext(T t);
public void onError(Throwable t);
public void onComplete();
}
public interface Subscription {
public void request(long n);
public void cancel();
}
public interface Processor extends Subscriber, Publisher {
}

A Producer pushes objects to a Subscriber, a Subscription mediates the relationship between
the two, and a Processor which is derived from both, helps to construct pipelines through which
objects pass.

198

Pluggable reactive types: RxJava 2 in RESTEasy

One important aspect of the specification is flow control, the ability of a Suscriber to control the
load it receives from a Producer by calling Suscription.request(). The general term in this
context for flow control is backpressure.
There are a number of implementations of Reactive Streams, including
1. RxJava: https://github.com/ReactiveX/RxJava (end of life, superceded by RxJava 2)
2. RxJava 2: https://github.com/ReactiveX/RxJava
3. Reactor: http://projectreactor.io/
4. Flow: https://community.oracle.com/docs/DOC-1006738/ [https://community.oracle.com/docs/
DOC-1006738]: (Java JDK 9+)
RESTEasy currently supports RxJava (deprecated) and RxJava2.

39.4. Pluggable reactive types: RxJava 2 in RESTEasy
JAX-RS 2.1 doesn't require support for any Reactive Streams implementations, but it does allow
for extensibility to support various reactive libraries. RESTEasy's optional modules resteasy-rxjava1 and resteasy-rxjava2 add support for RxJava 1 and 2 [https://github.com/ReactiveX/RxJava]. [Only resteasy-rxjava2 will be discussed here, since resteasy-rxjava1 is deprecated,
but the treatment of the two is quite similar.]
In particular, resteasy-rxjava2 contributes support for reactive types io.reactivex.Single,
io.reactivex.Flowable, and io.reactivex.Observable. Of these, Single is similar to
CompletionStage in that it holds at most one potential value. Flowable implements
io.reactivex.Publisher, and Observable is very similar to Flowable except that it doesn't
support backpressure. So, if you import resteasy-rxjava2, you can just start returning these reactive types from your resource methods on the server side and receiving them on the client side.

1. Server side
Given the class Thing, which can be represented in JSON:

public class Thing {
private String name;
public Thing() {
}
public Thing(String name) {
this.name = name;
}
...

199

Chapter 39. Reactive programm...

}

the method postThingList() in the following is a valid resource method:
...

@POST
@Path("post/thing/list")
@Produces(MediaType.APPLICATION_JSON)
@Stream
public Flowable> postThingList(String s) {
return buildFlowableThingList(s, 2, 3);
}
static Flowable> buildFlowableThingList(String s, int listSize, int
elementSize) {
return Flowable.create(
new FlowableOnSubscribe>() {
@Override
public void subscribe(FlowableEmitter> emitter) throws
Exception {
for (int i = 0; i < listSize; i++) {
List list = new ArrayList();
for (int j = 0; j < elementSize; j++) {
list.add(new Thing(s));
}
emitter.onNext(list);
}
emitter.onComplete();
}
},
BackpressureStrategy.BUFFER);
}

The somewhat imposing method buildFlowableThingList() probably deserves some explanation. First,

Flowable> Flowable.create(FlowableOnSubscribe> source,
BackpressureStrategy mode);

200

Server side

creates

a

by
subscribed

Flowable>

Flowable>

is

describing what should happen when the
to. FlowableEmitter> extends

io.reactivex.Emitter>:

/**
* Base interface for emitting signals in a push-fashion in various generatorlike source
* operators (create, generate).
*
* @param  the value type emitted
*/
public interface Emitter {
/**
* Signal a normal value.
* @param value the value to signal, not null
*/
void onNext(@NonNull T value);
/**
* Signal a Throwable exception.
* @param error the Throwable to signal, not null
*/
void onError(@NonNull Throwable error);
/**
* Signal a completion.
*/
void onComplete();
}

and FlowableOnSubscribe uses a FlowableEmitter to send out values from the
Flowable>:

/**
* A functional interface that has a {@code subscribe()} method that receives
* an instance of a {@link FlowableEmitter} instance that allows pushing
* events in a backpressure-safe and cancellation-safe manner.
*
* @param  the value type pushed
*/
public interface FlowableOnSubscribe {
/**

201

Chapter 39. Reactive programm...

* Called for each Subscriber that subscribes.
* @param e the safe emitter instance, never null
* @throws Exception on error
*/
void subscribe(@NonNull FlowableEmitter e) throws Exception;
}

So, what will happen when a subscription to the Flowable> is created is, the
FlowableEmitter.onNext() will be called, once for each > created, followed by a
call to FlowableEmitter.onComplete() to indicate that the sequence has ended. Under the covers, RESTEasy subscribes to the Flowable> and handles each element passed
in by way of onNext().

2. Client side
On the client side, JAX-RS 2.1 supports extensions for reactive classes by adding the method

/**
* Access a reactive invoker based on a {@link RxInvoker} subclass provider. Note
* that corresponding {@link RxInvokerProvider} must be registered in the client
runtime.
*
* This method is an extension point for JAX-RS implementations to support
other types
* representing asynchronous computations.
*
* @param clazz {@link RxInvoker} subclass.
* @return reactive invoker instance.
* @throws IllegalStateException when provider for given class is not registered.
* @see javax.ws.rs.client.Client#register(Class)
* @since 2.1
*/
public  T rx(Class clazz);

to interface javax.ws.rs.client.Invocation.Builder. Resteasy module resteasy-rxjava2
adds support for classes:

1. org.jboss.resteasy.rxjava2.SingleRxInvoker,
2. org.jboss.resteasy.rxjava2.FlowableRxInvoker
3. org.jbosss.resteasy.rxjava2.ObservableRxInvoker
which allow accessing Singles, Observables, and Flowables on the client side.

202

Representation on the wire

For example, given the resource method postThingList() above, a Flowable>
can be retrieved from the server by calling

@SuppressWarnings("unchecked")
@Test
public void testPostThingList() throws Exception {
CountDownLatch latch = new CountdownLatch(1);
FlowableRxInvoker invoker = client.target(generateURL("/post/thing/
list")).request().rx(FlowableRxInvoker.class);
Flowable>
flowable
=
(Flowable>)
invoker.post(Entity.entity("a",
MediaType.TEXT_PLAIN_TYPE),
GenericType>() {});
flowable.subscribe(
(List l) -> thingListList.add(l),
(Throwable t) -> latch.countDown(),
() -> latch.countDown());
latch.await();
Assert.assertEquals(aThingListList, thingListList);
}

where aThingListList is

[[Thing[a], Thing[a], Thing[a]], [Thing[a], Thing[a], Thing[a]]]

Note the call to Flowable.suscribe(). On the server side, RESTEasy subscribes to a returning
Flowable in order to receive its elements and send them over the wire. On the client side, the user
subscribes to the Flowable in order to receive its elements and do whatever it wants to with them.
In this case, three lambdas determine what should happen 1) for each element, 2) if a Throwable
is thrown, and 3) when the Flowable is done passing elements.

3. Representation on the wire
Neither Reactive Streams nor JAX-RS have anything to say about representing reactive types
on the network. RESTEasy offers a number of representations, each suitable for different circumstances. The wire protocol is determined by 1) the presence or absence of the @Stream annotation
on the resource method, and 2) the value of the value field in the @Stream annotation:

@Target({ElementType.TYPE, ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface Stream
{

203

new

Chapter 39. Reactive programm...

public enum MODE {RAW, GENERAL};
public String INCLUDE_STREAMING_PARAMETER = "streaming";
public MODE value() default MODE.GENERAL;
public boolean includeStreaming() default false;
}

Note

that

MODE.GENERAL

is

the

default

value,

so

@Stream

is

equivalent

to

@Stream(Stream.MODE.GENERAL).

No @Stream annotation on the resource method
Resteasy will collect every value until the stream is complete, then wrap them into a
java.util.List entity and send to the client.
@Stream(Stream.MODE.GENERAL)

This case uses a variant of the SSE format, modified to eliminate some restrictions inherent in SSE. (See the specification at https://html.spec.whatwg.org/multipage/server-sentevents.html [https://html.spec.whatwg.org/multipage/server-sent-events.html] for details.) In
particular, 1) SSE events are meant to hold text data, represented in character set UTF-8. In
the general streaming mode, certain delimiting characters in the data ('\r', '\n', and '\') are escaped so that arbitrary binary data can be transmitted. Also, 2) the SSE specification requires
the client to reconnect if it gets disconnected. If the stream is finite, reconnecting will induce
a repeat of the stream, so SSE is really meant for unlimited streams. In general streaming
mode, the client will close, rather than automatically reconnect, at the end of the stream. It
follows that this mode is suitable for finite streams.
Note. The Content-Type header in general streaming mode is set to

applicaton/x-stream-general;"element-type="

where  is the media type of the data elements in the stream. The element
media type is derived from the @Produces annotation. For example,

@GET
@Path("flowable/thing")
@Stream
@Produces("application/json")
public Flowable getFlowable() { ... }

induces the media type

204

Representation on the wire

application/x-stream-general;"element-type=application/json"

which describes a stream of JSON elements.
@Stream(Stream.MODE.RAW)

In this case each value is written directly to the wire, without any formatting, as it becomes
available. This is most useful for values that can be cut in pieces, such as strings, bytes,
buffers, etc., and then re-concatenated on the client side. Note that without delimiters as in
general mode, it isn't possible to reconstruct something like List>.
Note. The Content-Type header in raw streaming mode is derived from the @Produces annotation. The @Stream annotation offers the possibility of an optional MediaType parameter
called "streaming". The point is to be able to suggest that the stream of data emanating from
the server is unbounded, i.e., that the client shouldn't try to read it all as a single byte array, for
example. The parameter is set by explicitly setting the @Stream parameter includeStreaming() to true. For example,

@GET
@Path("byte/default")
@Produces("application/octet-stream;x=y")
@Stream(Stream.MODE.RAW)
public Flowable aByteDefault() {
return Flowable.fromArray((byte) 0, (byte) 1, (byte) 2);
}

induces the MediaType "application/octet-stream;x=y", and

@GET
@Path("byte/true")
@Produces("application/octet-stream;x=y")
@Stream(value=Stream.MODE.RAW, includeStreaming=true)
public Flowable aByteTrue() {
return Flowable.fromArray((byte) 0, (byte) 1, (byte) 2);
}

induces the MediaType "application/octet-stream;x=y;streaming=true".
Note that browsers such as Firefox and Chrome seem to be comfortable with reading unlimited
streams without any additional hints.

205

Chapter 39. Reactive programm...

4. Examples.
Example 1.

@POST
@Path("post/thing/list")
@Produces(MediaType.APPLICATION_JSON)
@Stream(Stream.MODE.GENERAL)
public Flowable> postThingList(String s) {
return buildFlowableThingList(s, 2, 3);
}
...
@SuppressWarnings("unchecked")
@Test
public void testPostThingList() throws Exception {
CountDownLatch latch = new CountdownLatch(1);
FlowableRxInvoker invoker = client.target(generateURL("/post/thing/
list")).request().rx(FlowableRxInvoker.class);
Flowable>
flowable
=
(Flowable>)
invoker.post(Entity.entity("a",
MediaType.TEXT_PLAIN_TYPE),
GenericType>() {});
flowable.subscribe(
(List l) -> thingListList.add(l),
(Throwable t) -> latch.countDown(),
() -> latch.countDown());
latch.await();
Assert.assertEquals(aThingListList, thingListList);
}

This is the example given previously, except that the mode in the @Stream annotation
(which defaults to MODE.GENERAL) is given explicitly. In this scenario, the Flowable emits
> elements on the server, they are transmitted over the wire as SSE events:

data: [{"name":"a"},{"name":"a"},{"name":"a"}]
data: [{"name":"a"},{"name":"a"},{"name":"a"}]

and the FlowableRxInvoker reconstitutes a Flowable on the client side.
Example 2.

@POST

206

new

Examples.

@Path("post/thing/list")
@Produces(MediaType.APPLICATION_JSON)
public Flowable> postThingList(String s) {
return buildFlowableThingList(s, 2, 3);
}
...
@Test
public void testPostThingList() throws Exception {
Builder request = client.target(generateURL("/post/thing/list")).request();
List>
list
=
request.post(Entity.entity("a",
MediaType.TEXT_PLAIN_TYPE), new GenericType>>() {});
Assert.assertEquals(aThingListList, list);
}

In this scenario, in which the resource method has no @Stream annotation, the Flowable emits
stream elements which are accumulated by the server until the Flowable is done, at which point
the entire JSON list is transmitted over the wire:

[[{"name":"a"},{"name":"a"},{"name":"a"}],[{"name":"a"},{"name":"a"},
{"name":"a"}]]

and the list is reconstituted on the client side by an ordinary invoker.
Example 3.

@GET
@Path("get/bytes")
@Produces(MediaType.APPLICATION_OCTET_STREAM)
@Stream(Stream.MODE.RAW)
public Flowable getBytes() {
return Flowable.create(
new FlowableOnSubscribe() {
@Override
public void subscribe(FlowableEmitter emitter) throws Exception {
for (int i = 0; i < 3; i++) {
byte[] b = new byte[10];
for (int j = 0; j < 10; j++) {
b[j] = (byte) (i + j);
}
emitter.onNext(b);
}
emitter.onComplete();
}

207

Chapter 39. Reactive programm...

},
BackpressureStrategy.BUFFER);
}
...
@Test
public void testGetBytes() throws Exception {
Builder request = client.target(generateURL("/get/bytes")).request();
InputStream is = request.get(InputStream.class);
int n = is.read();
while (n > -1) {
System.out.print(n);
n = is.read();
}
}

Here, the byte arrays are written to the network as they are created by the Flowable. On the
network, they are concatenated, so the client sees one stream of bytes.

Note
Given that asynchronous code is common in this context, it is worth looking at the
earlier Note.

5. Rx and SSE
Since general streaming mode and SSE share minor variants of the same wire protocol, they are,
modulo the SSE restriction to character data, interchangeable. That is, an SSE client can connect
to a resource method that returns a Flowable or an Observable, and a FlowableRxInvoker, for
example, can connect to an SSE resource method.
Note. SSE requires a @Produces("text/event-stream") annotation, so, unlike the cases of raw
and general streaming, the element media type cannot be derived from the @Produces annotation.
To solve this problem, Resteasy introduces the

@Target({ElementType.TYPE, ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface SseElementType
{
public String value();
}

annotation, from which the element media type is derived.
Example 1.

208

Rx and SSE

@GET
@Path("eventStream/thing")
@Produces("text/event-stream")
@SseElementType("application/json")
public void eventStreamThing(@Context SseEventSink eventSink, @Context Sse sse) {
new ScheduledThreadPoolExecutor(5).execute(() -> {
try (SseEventSink sink = eventSink) {
OutboundSseEvent.Builder builder = sse.newEventBuilder();
eventSink.send(builder.data(new Thing("e1")).build());
eventSink.send(builder.data(new Thing("e2")).build());
eventSink.send(builder.data(new Thing("e3")).build());
}
});
}
...
@SuppressWarnings("unchecked")
@Test
public void testFlowableToSse() throws Exception {
CountDownLatch latch = new CountDownLatch(1);
final AtomicInteger errors = new AtomicInteger(0);
FlowableRxInvoker invoker = client.target(generateURL("/eventStream/
thing")).request().rx(FlowableRxInvoker.class);
Flowable flowable = (Flowable) invoker.get(Thing.class);
flowable.subscribe(
(Thing t) -> thingList.add(t),
(Throwable t) -> errors.incrementAndGet(),
() -> latch.countDown());
boolean waitResult = latch.await(30, TimeUnit.SECONDS);
Assert.assertTrue("Waiting for event to be delivered has timed out.",
waitResult);
Assert.assertEquals(0, errors.get());
Assert.assertEquals(eThingList, thingList);
}

Here, a FlowableRxInvoker is connecting to an SSE resource method. On the network, the data
looks like

data: {"name":"e1"}
data: {"name":"e2"}
data: {"name":"e3"}

Note that the character data is suitable for an SSE resource method.
Also, note that the eventStreamThing() method in this example induces the media type

209

Chapter 39. Reactive programm...

text/event-stream;element-type="application/json"

Example 2.

@GET
@Path("flowable/thing")
@Produces("text/event-stream")
@SseElementType("application/json")
public Flowable flowableSSE() {
return Flowable.create(
new FlowableOnSubscribe() {
@Override
public void subscribe(FlowableEmitter emitter) throws Exception {
emitter.onNext(new Thing("e1"));
emitter.onNext(new Thing("e2"));
emitter.onNext(new Thing("e3"));
emitter.onComplete();
}
},
BackpressureStrategy.BUFFER);
}
...
@Test
public void testSseToFlowable() throws Exception {
final CountDownLatch latch = new CountDownLatch(3);
final AtomicInteger errors = new AtomicInteger(0);
WebTarget target = client.target(generateURL("/flowable/thing"));
SseEventSource msgEventSource = SseEventSource.target(target).build();
try (SseEventSource eventSource = msgEventSource)
{
eventSource.register(
event
->
{thingList.add(event.readData(Thing.class,
MediaType.APPLICATION_JSON_TYPE)); latch.countDown();},
ex -> errors.incrementAndGet());
eventSource.open();
boolean waitResult = latch.await(30, TimeUnit.SECONDS);
Assert.assertTrue("Waiting for event to be delivered has timed out.",
waitResult);
Assert.assertEquals(0, errors.get());
Assert.assertEquals(eThingList, thingList);
}
}

210

To stream or not to stream

Here, an SSE client is connecting to a resource method that returns a Flowable. Again, the server
is sending character data, which is suitable for the SSE client, and the data looks the same on
the network.

6. To stream or not to stream
Whether or not it is appropriate to stream a list of values is a judgment call. Certainly, if the list is
unbounded, then it isn't practical, or even possible, perhaps, to collect the entire list and send it
at once. In other cases, the decision is less obvious.
Case 1. Suppose that all of the elements are producible quickly. Then the overhead of sending
them independently is probably not worth it.
Case 2. Suppose that the list is bounded but the elements will be produced over an extended
period of time. Then returning the initial elements when they become available might lead to a
better user experience.
Case 3. Suppose that the list is bounded and the elements can be produced in a relatively short span of time but only after some delay. Here is a situation that illustrates the fact
that asynchronous reactive processing and streaming over the network are independent concepts. In this case it's worth considering having the resource method return something like
CompletionStage> rather than Flowable>. This has the benefit of
creating the list asynchronously but, once it is available, sending it to the client in one piece.

39.5. Proxies
Proxies, discussed in RESTEasy Proxy Framework, are a RESTEasy extension that supports
a natural programming style in which generic JAX-RS invoker calls are replaced by application
specific interface calls. The proxy framework is extended to include both CompletionStage and
the RxJava2 types Single, Observable, and Flowable.
Example 1.

@Path("")
public interface RxCompletionStageResource {
@GET
@Path("get/string")
@Produces(MediaType.TEXT_PLAIN)
public CompletionStage getString();
}
@Path("")
public class RxCompletionStageResourceImpl {
@GET
@Path("get/string")

211

Chapter 39. Reactive programm...

@Produces(MediaType.TEXT_PLAIN)
public CompletionStage getString() { .... }
}
public class RxCompletionStageProxyTest {
private static ResteasyClient client;
private static RxCompletionStageResource proxy;
static {
client = new ResteasyClientBuilder().build();
proxy
client.target(generateURL("/")).proxy(RxCompletionStageResource.class);
}
@Test
public void testGet() throws Exception {
CompletionStage completionStage = proxy.getString();
Assert.assertEquals("x", completionStage.toCompletableFuture().get());
}
}

Example 2.

public interface Rx2FlowableResource {
@GET
@Path("get/string")
@Produces(MediaType.TEXT_PLAIN)
@Stream
public Flowable getFlowable();
}
@Path("")
public class Rx2FlowableResourceImpl {
@GET
@Path("get/string")
@Produces(MediaType.TEXT_PLAIN)
@Stream
public Flowable getFlowable() { ... }
}
public class Rx2FlowableProxyTest {
private static ResteasyClient client;

212

=

Adding extensions

private static Rx2FlowableResource proxy;
static {
client = new ResteasyClientBuilder().build();
proxy = client.target(generateURL("/")).proxy(Rx2FlowableResource.class);
}
@Test
public void testGet() throws Exception {
Flowable flowable = proxy.getFlowable();
flowable.subscribe(
(String o) -> stringList.add(o),
(Throwable t) -> errors.incrementAndGet(),
() -> latch.countDown());
boolean waitResult = latch.await(30, TimeUnit.SECONDS);
Assert.assertTrue("Waiting for event to be delivered has timed out.",
waitResult);
Assert.assertEquals(0, errors.get());
Assert.assertEquals(xStringList, stringList);
}
}

39.6. Adding extensions
RESTEasy implements a framework that supports extensions for additional reactive classes. To
understand the framework, it is necessary to understand the existing support for CompletionStage and other reactive classes.
Server

side.

pletionStage,

When
RESTEasy

a

resource
subscribes

to

method
it

returns
using

a
the

Com-

class
org.jboss.resteasy.core.AsyncResponseConsumer.CompletionStageResponseConsumer.
When the CompletionStage completes, it calls CompletionStageResponseConsumer.accept(),
which sends the result back to the client.
Support for CompletionStage is built in to RESTEasy, but it's not hard to extend that support to a class like Single by providing a mechanism for transforming a Single into a CompletionStage. In module resteasy-rxjava2, that mechanism is
supplied by org.jboss.resteasy.rxjava2.SingleProvider, which implements interface
org.jboss.resteasy.spi.AsyncResponseProvider>:

public interface AsyncResponseProvider {
public CompletionStage toCompletionStage(T asyncResponse);
}

213

Chapter 39. Reactive programm...

Given SingleProvider, RESTEasy can take a Single, transform it into a CompletionStage, and
then use CompletionStageResponseConsumer to handle the eventual value of the Single.
Similarly, when a resource method returns a streaming reactive class like Flowable, RESTEasy
subscribes to it, receives a stream of data elements, and sends them to the client. AsyncResponseConsumer has several supporting classes, each of which implements a different mode of streaming. For example, AsyncResponseConsumer.AsyncGeneralStreamingSseResponseConsumer
handles general streaming and SSE streaming. Subscribing is done by calling org.reactivestreams.Publisher.subscribe(), so a mechanism is needed
for turning, say, a Flowable into a Publisher. That is, an implementation of org.jboss.resteasy.spi.AsyncStreamProvider is called for, where
AsyncStreamProvider is defined:

public interface AsyncStreamProvider {
public Publisher toAsyncStream(T asyncResponse);
}

In module resteasy-rxjava2, org.jboss.resteasy.FlowableProvider provides that mechanism
for Flowable. [Actually, that's not too hard since, in rxjava2, a Flowable is a Provider.]
So, on the server side, adding support for other reactive types can be done by declaring a
@Provider for the interface AsyncStreamProvider (for streams) or AsyncResponseProvider (for
single values), which both have a single method to convert the new reactive type into (respectively) a Publisher (for streams) or a CompletionStage (for single values).
Client side. The JAX-RS specification version 2.1 imposes two requirements for support of reactive classes on the client side:

1. support for CompletionStage in the form of an implementation of the interface
javax.ws.rs.client.CompletionStageRxInvoker, and
2. extensibility in the form of support for registering providers that implement

public interface RxInvokerProvider {
public boolean isProviderFor(Class clazz);
public T getRxInvoker(SyncInvoker syncInvoker,
executorService);
}

ExecutorService

Once an RxInvokerProvider is registered, an RxInvoker can be requested by calling the
javax.ws.rs.client.Invocation.Builder method

214

Adding extensions

public  T rx(Class clazz);

That RxInvoker can then be used for making an invocation that returns the appropriate reactive
class. For example,

FlowableRxInvoker
invoker
=
client.target(generateURL("/get/
string")).request().rx(FlowableRxInvoker.class);
Flowable flowable = (Flowable) invoker.get();

RESTEasy
provides
partial
support
for
For
example,
SingleProvider,
mentioned

implementing
RxInvokers.
above,
also
implements
org.jboss.resteasy.spi.AsyncClientResponseProvider>, where AsyncClientResponseProvider is defined

public interface AsyncClientResponseProvider {
public T fromCompletionStage(CompletionStage completionStage);
}

SingleProvider's ability to turn a CompletionStage into a Single is used in the implementation

of org.jboss.resteasy.rxjava2.SingleRxInvokerImpl.
The same concept might be useful in implementing other RxInvokers. Note, though, that ObservableRxInvokerImpl and FlowableRxInvokerImpl in module resteasy-rxjava2 are each derived
directly from the SSE implementation.

215

216

Chapter 40.

Chapter 40. Embedded Containers
RESTEasy has a few different plugins for different embedabble HTTP and/or Servlet containers if
use RESTEasy in a test environment, or within an environment where you do not want a Servlet
engine dependency.

40.1. Undertow
Undertow is a new Servlet Container that is used by WildFly (JBoss Community Server). You can
embed Undertow as you wish. Here's a a test that shows it in action.

import
import
import
import

io.undertow.servlet.api.DeploymentInfo;
org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer;
org.jboss.resteasy.test.TestPortProvider;
org.junit.AfterClass;

import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import
import
import
import
import
import
import
import
import

javax.ws.rs.ApplicationPath;
javax.ws.rs.GET;
javax.ws.rs.Path;
javax.ws.rs.Produces;
javax.ws.rs.client.Client;
javax.ws.rs.client.ClientBuilder;
javax.ws.rs.core.Application;
java.util.HashSet;
java.util.Set;

/**
* @author Bill Burke
* @version $Revision: 1 $
*/
public class UndertowTest
{
private static UndertowJaxrsServer server;
@Path("/test")
public static class Resource
{
@GET
@Produces("text/plain")
public String get()
{
return "hello world";
}

217

Chapter 40. Embedded Containers

}
@ApplicationPath("/base")
public static class MyApp extends Application
{
@Override
public Set> getClasses()
{
HashSet> classes = new HashSet>();
classes.add(Resource.class);
return classes;
}
}
@BeforeClass
public static void init() throws Exception
{
server = new UndertowJaxrsServer().start();
}
@AfterClass
public static void stop() throws Exception
{
server.stop();
}
@Test
public void testApplicationPath() throws Exception
{
server.deploy(MyApp.class);
Client client = ClientBuilder.newClient();
String val = client.target(TestPortProvider.generateURL("/base/test"))
.request().get(String.class);
Assert.assertEquals("hello world", val);
client.close();
}
@Test
public void testApplicationContext() throws Exception
{
server.deploy(MyApp.class, "/root");
Client client = ClientBuilder.newClient();
String val = client.target(TestPortProvider.generateURL("/root/test"))
.request().get(String.class);
Assert.assertEquals("hello world", val);
client.close();
}
@Test

218

Sun JDK HTTP Server

public void testDeploymentInfo() throws Exception
{
DeploymentInfo di = server.undertowDeployment(MyApp.class);
di.setContextPath("/di");
di.setDeploymentName("DI");
server.deploy(di);
Client client = ClientBuilder.newClient();
String val = client.target(TestPortProvider.generateURL("/di/base/test"))
.request().get(String.class);
Assert.assertEquals("hello world", val);
client.close();
}
}

40.2. Sun JDK HTTP Server
The
Sun
JDK
comes
with
a
simple
HTTP
server
(com.sun.net.httpserver.HttpServer) which you can run RESTEasy on top of.

implementation

HttpServer httpServer = HttpServer.create(new InetSocketAddress(port), 10);
contextBuilder = new HttpContextBuilder();
contextBuilder.getDeployment().getActualResourceClasses().add(SimpleResource.class);
HttpContext context = contextBuilder.bind(httpServer);
context.getAttributes().put("some.config.info", "42");
httpServer.start();
contextBuilder.cleanup();
httpServer.stop(0);

Create
your
HttpServer
the
way
you
want
then
use
the
org.jboss.resteasy.plugins.server.sun.http.HttpContextBuilder to initialize Resteasy and bind
it to an HttpContext. The HttpContext attributes are available by injecting in a
org.jboss.resteasy.spi.ResteasyConfiguration interface using @Context within your provider and
resource classes.
Maven project you must include is:


org.jboss.resteasy
resteasy-jdk-http

219

Chapter 40. Embedded Containers

3.6.2.Final


40.3. TJWS Embeddable Servlet Container
RESTEasy integrates with the TJWS Embeddable Servlet container. It comes with this distribution,
or you can reference the Maven artifact. You must also provide a servlet API dependency as well.


org.jboss.resteasy
tjws
3.6.2.Final


javax.servlet
servlet-api
2.5


From the distribution, move the jars in resteasy-jaxrs.war/WEB-INF/lib into your classpath. You
must both programmatically register your JAX-RS beans using the embedded server's Registry.
Here's an example:

@Path("/")
public class MyResource {
@GET
public String get() { return "hello world"; }

public static void main(String[] args) throws Exception
{
TJWSEmbeddedJaxrsServer tjws = new TJWSEmbeddedJaxrsServer();
tjws.setPort(8080);
tjws.start();
tjws.getRegistry().addPerRequestResource(RestEasy485Resource.class);
}
}

220

Netty

The server can either host non-encrypted or SSL based resources, but not both. See the Javadoc
for TJWSEmbeddedJaxrsServer as well as its superclass TJWSServletServer. The TJWS website
is also a good place for information.

If you want to use Spring, see the SpringBeanProcessor. Here's a pseudo-code example

public static void main(String[] args) throws Exception
{
final TJWSEmbeddedJaxrsServer tjws = new TJWSEmbeddedJaxrsServer();
tjws.setPort(8081);
tjws.start();
org.jboss.resteasy.plugins.server.servlet.SpringBeanProcessor
processor
=
new
SpringBeanProcessor(tjws.getDeployment().getRegistry(),
tjws.getDeployment().getFactory();
ConfigurableBeanFactory factory = new XmlBeanFactory(...);
factory.addBeanPostProcessor(processor);
}

NOTE: TJWS is now deprecated. Consider using the more modern Undertow.

40.4. Netty
RESTEasy has integration with the popular Netty project as well..

public static void start(ResteasyDeployment deployment) throws Exception
{
netty = new NettyJaxrsServer();
netty.setDeployment(deployment);
netty.setPort(TestPortProvider.getPort());
netty.setRootResourcePath("");
netty.setSecurityDomain(null);
netty.start();
}

Maven project you must include is:


org.jboss.resteasy

221

Chapter 40. Embedded Containers

resteasy-netty
3.6.2.Final


40.5. Vert.x
RESTEasy has integration with the popular Vert.x project as well..

public static void start(VertxResteasyDeployment deployment) throws Exception
{
VertxJaxrsServer server = new VertxJaxrsServer();
server.setDeployment(deployment);
server.setPort(TestPortProvider.getPort());
server.setRootResourcePath("");
server.setSecurityDomain(null);
server.start();
}

Maven project you must include is:


org.jboss.resteasy
resteasy-vertx
3.6.2.Final


The server will bootstrap its own Vert.x instance and Http server.
When a resource is called, it is done with the Vert.x Event Loop thread, keep in mind to not block
this thread and respect the Vert.x programming model, see the related Vert.x manual page [http://
vertx.io/docs/vertx-core/java/#_don_t_block_me].
Vert.x extends the RESTEasy registry to provide a new binding scope that creates resources per
Event Loop:

VertxResteasyDeployment deployment = new VertxResteasyDeployment();
// Create an instance of resource per Event Loop
deployment.getRegistry().addPerInstanceResource(Resource.class);

222

Vert.x

The per instance binding scope caches the same resource instance for each event loop providing
the same concurrency model than a verticle deployed multiple times.
Vert.x can also embed a RESTEasy deployment, making easy to use Jax-RS annotated controller
in Vert.x applications:

Vertx vertx = Vertx.vertx();
HttpServer server = vertx.createHttpServer();
// Set an handler calling Resteasy
server.requestHandler(new VertxRequestHandler(vertx, deployment));
// Start the server
server.listen(8080, "localhost");

Vert.x objects can be injected in annotated resources:

@GET
@Path("/somepath")
@Produces("text/plain")
public String context(
@Context io.vertx.core.Context context,
@Context io.vertx.core.Vertx vertx,
@Context io.vertx.core.http.HttpServerRequest req,
@Context io.vertx.core.http.HttpServerResponse resp) {
return "the-response";
}

223

224

Chapter 41.

Chapter 41. Server-side Mock
Framework
Although RESTEasy has an Embeddable Container, you may not be comfortable with the idea of
starting and stopping a web server within unit tests (in reality, the embedded container starts in milli
seconds), or you might not like the idea of using Apache HTTP Client or java.net.URL to test your
code. RESTEasy provides a mock framework so that you can invoke on your resource directly.

import org.jboss.resteasy.mock.*;
...
Dispatcher dispatcher = MockDispatcherFactory.createDispatcher();
POJOResourceFactory
noDefaults
POJOResourceFactory(LocatingResource.class);
dispatcher.getRegistry().addResourceFactory(noDefaults);

=

new

{
MockHttpRequest request = MockHttpRequest.get("/locating/basic");
MockHttpResponse response = new MockHttpResponse();
dispatcher.invoke(request, response);

Assert.assertEquals(HttpServletResponse.SC_OK, response.getStatus());
Assert.assertEquals("basic", response.getContentAsString());
}

See the RESTEasy Javadoc for all the ease-of-use methods associated with MockHttpRequest,
and MockHttpResponse.

225

226

Chapter 42.

Chapter 42. Securing JAX-RS and
RESTEasy
Because RESTEasy is deployed as a servlet, you must use standard web.xml constraints to enable authentication and authorization.
Unfortunately, web.xml constraints do not mesh very well with JAX-RS in some situations. The
problem is that web.xml URL pattern matching is very very limited. URL patterns in web.xml only
support simple wildcards, so JAX-RS resources like:

/{pathparam1}/foo/bar/{pathparam2}

Cannot be mapped as a web.xml URL pattern like:

/*/foo/bar/*

To get around this problem you will need to use the security annotations defined below on your
JAX-RS methods. You will still need to set up some general security constraint elements in
web.xml to turn on authentication.

RESTEasy JAX-RS supports the @RolesAllowed, @PermitAll and @DenyAll annotations on JAXRS methods. By default though, RESTEasy does not recognize these annotations. You have to
configure RESTEasy to turn on role-based security by setting a context parameter. NOTE!!! Do
not turn on this switch if you are using EJBs. The EJB container will provide this functionality
instead of RESTEasy.


...

resteasy.role.based.security
true



There is a bit of quirkiness with this approach. You will have to declare all roles used within the
RESTEasy JAX-RS war file that you are using in your JAX-RS classes and set up a security

227

Chapter 42. Securing JAX-RS a...

constraint that permits all of these roles access to every URL handled by the JAX-RS runtime.
You'll just have to trust that RESTEasy JAX-RS authorizes properly.
How does RESTEasy do authorization? Well, its really simple. It just sees if a method is annotated
with @RolesAllowed and then just does HttpServletRequest.isUserInRole. If one of the @RolesAllowed passes, then allow the request, otherwise, a response is sent back with a 401 (Unauthorized) response code.
So, here's an example of a modified RESTEasy WAR file. You'll notice that every role declared is
allowed access to every URL controlled by the RESTEasy servlet.



resteasy.role.based.security
true



Resteasy
/security


admin
user



BASIC
Test


admin


user

...


228

Chapter 43.

Chapter 43. JSON Web Signature
and Encryption (JOSE-JWT)
JSON Web Signature and Encryption (JOSE JWT) is a new specification that can be used to
encode content as a string and either digitally sign or encrypt it. I won't go over the spec here Do
a Google search on it if you're interested

43.1. JSON Web Signature (JWS)
To digitally sign content using JWS, use the org.jboss.resteasy.jose.jws.JWSBuilder class.
To unpack and verify a JWS, use the org.jboss.resteasy.jose.jws.JWSInput class. (TODO,
write more doco here!) Here's an example:

@Test
public void testRSAWithContentType() throws Exception
{
KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
String encoded = new JWSBuilder()
.contentType(MediaType.TEXT_PLAIN_TYPE)
.content("Hello World", MediaType.TEXT_PLAIN_TYPE)
.rsa256(keyPair.getPrivate());
System.out.println(encoded);
JWSInput
input
=
new
JWSInput(encoded,
ResteasyProviderFactory.getInstance());
System.out.println(input.getHeader());
String msg = (String)input.readContent(String.class);
Assert.assertEquals("Hello World", msg);
Assert.assertTrue(RSAProvider.verify(input, keyPair.getPublic()));
}

43.2. JSON Web Encryption (JWE)
To encrypt content using JWE, use the org.jboss.resteasy.jose.jwe.JWEBuilder class. To
decrypt content using JWE, use the org.jboss.resteasy.jose.jwe.JWEInput class. (TODO,
write more doco here!) Here's an example:

229

Chapter 43. JSON Web Signatur...

@Test
public void testRSA() throws Exception
{
KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
String content = "Live long and prosper.";
{

String
encoded
=
new
JWEBuilder().contentBytes(content.getBytes()).RSA1_5((RSAPublicKey)keyPair.getPublic());
System.out.println("encoded: " + encoded);
byte[]
raw
=
new
JWEInput(encoded).decrypt((RSAPrivateKey)keyPair.getPrivate()).getRawContent();
String from = new String(raw);
Assert.assertEquals(content, from);
}
{
String
encoded
=
new
JWEBuilder().contentBytes(content.getBytes()).RSA_OAEP((RSAPublicKey)keyPair.getPublic());
System.out.println("encoded: " + encoded);
byte[]
raw
=
new
JWEInput(encoded).decrypt((RSAPrivateKey)keyPair.getPrivate()).getRawContent();
String from = new String(raw);
Assert.assertEquals(content, from);
}
{
String
encoded
=
new
JWEBuilder().contentBytes(content.getBytes()).A128CBC_HS256().RSA1_5((RSAPublicKey)keyPair.get
System.out.println("encoded: " + encoded);
byte[]
raw
=
new
JWEInput(encoded).decrypt((RSAPrivateKey)keyPair.getPrivate()).getRawContent();
String from = new String(raw);
Assert.assertEquals(content, from);
}
{

String
encoded
=
new
JWEBuilder().contentBytes(content.getBytes()).A128CBC_HS256().RSA_OAEP((RSAPublicKey)keyPair.g
System.out.println("encoded: " + encoded);
byte[]
raw
=
new
JWEInput(encoded).decrypt((RSAPrivateKey)keyPair.getPrivate()).getRawContent();
String from = new String(raw);
Assert.assertEquals(content, from);
}
}
@Test

230

JSON Web Encryption (JWE)

public void testDirect() throws Exception
{
String content = "Live long and prosper.";
String
encoded
=
new
JWEBuilder().contentBytes(content.getBytes()).dir("geheim");
System.out.println("encoded: " + encoded);
byte[] raw = new JWEInput(encoded).decrypt("geheim").getRawContent();
String from = new String(raw);
Assert.assertEquals(content, from);
}

231

232

Chapter 44.

Chapter 44. Doseta Digital
Signature Framework
Digital signatures allow you to protect the integrity of a message. They are used to verify that a
message sent was sent by the actual user that sent the message and was modified in transit.
Most web apps handle message integrity by using TLS, like HTTPS, to secure the connection
between the client and server. Sometimes though, we have representations that are going to
be forwarded to more than one recipient. Some representations may hop around from server to
server. In this case, TLS is not enough. There needs to be a mechanism to verify who sent the
original representation and that they actually sent that message. This is where digital signatures
come in.
While the mime type multiple/signed exists, it does have drawbacks. Most importantly it requires
the receiver of the message body to understand how to unpack. A receiver may not understand
this mime type. A better approach would be to put signatures in an HTTP header so that receivers
that don't need to worry about the digital signature, don't have to.
The email world has a nice protocol called Domain Keys Identified Mail [http://dkim.org] (DKIM).
Work is also being done to apply this header to protocols other than email (i.e. HTTP) through
the DOSETA specifications [https://tools.ietf.org/html/draft-crocker-doseta-base-02]. It allows you
to sign a message body and attach the signature via a DKIM-Signature header. Signatures are
calculated by first hashing the message body then combining this hash with an arbitrary set of
metadata included within the DKIM-Signature header. You can also add other request or response
headers to the calculation of the signature. Adding metadata to the signature calculation gives
you a lot of flexibility to piggyback various features like expiration and authorization. Here's what
an example DKIM-Signature header might look like.

DKIM-Signature: v=1;
s=burke;
x=0023423111111;
v=1;
a=rsa-sha256;
d=example.com;
s=burke;
c=simple/simple;
h=Content-Type;
x=0023423111111;
bh=2342322111;

a=rsa-sha256;
c=simple/simple;
bh=2342322111;

d=example.com;
h=Content-Type;
b=M232234=

As you can see it is a set of name value pairs delimited by a ';'. While its not THAT important to
know the structure of the header, here's an explanation of each parameter:

233

Chapter 44. Doseta Digital Si...

v
Protocol version. Always 1.
a
Algorithm used to hash and sign the message. RSA signing and SHA256 hashing is the only
supported algorithm at the moment by RESTEasy.
d
Domain of the signer. This is used to identify the signer as well as discover the public key to
use to verify the signature.
s
Selector of the domain. Also used to identify the signer and discover the public key.
c
Canonical algorithm. Only simple/simple is supported at the moment. Basically this allows you
to transform the message body before calculating the hash
h
Semi-colon delimited list of headers that are included in the signature calculation.
x
When the signature expires. This is a numeric long value of the time in seconds since epoch.
Allows signer to control when a signed message's signature expires
t
Timestamp of signature. Numeric long value of the time in seconds since epoch. Allows the
verifier to control when a signature expires.
bh
Base 64 encoded hash of the message body.
b
Base 64 encoded signature.
To verify a signature you need a public key. DKIM uses DNS text records to discover a public
key. To find a public key, the verifier concatenates the Selector (s parameter) with the domain
(d parameter)
._domainKey.
It then takes that string and does a DNS request to retrieve a TXT record under that entry. In
our above example burke._domainKey.example.com would be used as a string. This is a every
interesting way to publish public keys. For one, it becomes very easy for verifiers to find public
keys. There's no real central store that is needed. DNS is a infrastructure IT knows how to deploy.
Verifiers can choose which domains they allow requests from. RESTEasy supports discovering
public keys via DNS. It also instead allows you to discover public keys within a local Java KeyStore
if you do not want to use DNS. It also allows you to plug in your own mechanism to discover keys.

234

Maven settings

If you're interested in learning the possible use cases for digital signatures, here's a blog [http://
bill.burkecentral.com/2011/02/21/multiple-uses-for-content-signature/] you might find interesting.

44.1. Maven settings
You must include the resteasy-crypto project to use the digital signature framework.


org.jboss.resteasy
resteasy-crypto
3.6.2.Final

pendency>
org.jboss.resteasy
resteasy-crypto
3.6.2.Final

44.2. Signing API
To sign a request or response using the RESTEasy client or server framework you need to create an instance of org.jboss.resteasy.security.doseta.DKIMSignature. This class represents the
DKIM-Signature header. You instantiate the DKIMSignature object and then set the "DKIM-Signature" header of the request or response. Here's an example of using it on the server-side:

import
org.jboss.resteasy.security.doseta.DKIMSignature;import
java.security.PrivateKey;@Path("/signed")public static class SignedResource{
@GET
@Path("manual")
@Produces("text/plain")
public Response getManual()
{
PrivateKey privateKey = ....; // get the private key to sign
message
DKIMSignature signature = new DKIMSignature();
signature.setSelector("test");
signature.setDomain("samplezone.org");
signature.setPrivateKey(privateKey);
Response.ResponseBuilder builder =
Response.ok("hello world");
builder.header(DKIMSignature.DKIM_SIGNATURE,
signature);
return builder.build();
}}// client exampleDKIMSignature
signature = new DKIMSignature();PrivateKey privateKey = ...; // go find
request = new ClientRequest("http://...");request.header("DKIM-Signature",
signature);request.body("text/plain", "some body to sign");ClientResponse
response = request.put();
org.jboss.resteasy.security.doseta.DKIMSignature;import

java.security.PrivateKey;@Path("/
signed")public static class
SignedResource
{
@GET
@Path("manual")
@Produces("text/

235

Chapter 44. Doseta Digital Si...

plain")

public Response

getManual()
{
PrivateKey privateKey = ....; // get the private key to sign
message
DKIMSignature signature = new
DKIMSignature();
signature.setSelector("test");
signature.setDomain("samplezone.org");

signature.setPrivateKey(privateKey);
Response.ResponseBuilder builder = Response.ok("hello
world");
builder.header(DKIMSignature.DKIM_SIGNATURE,
signature);
return
builder.build();
}
}// client
exampleDKIMSignature signature = new
DKIMSignature();PrivateKey privateKey = ...; // go find
it
signature.setSelector("test");
signature.setDomain("samplezone.org");
signature.setPrivateKey(privateKey);ClientRequest request = new
ClientRequest("http://...");request.header("DKIM-Signature",
signature);request.body("text/plain", "some body to
sign");ClientResponse response =

To sign a message you need a PrivateKey. This can be generated by KeyTool or manually using
regular, standard JDK Signature APIs. RESTEasy currently only supports RSA key pairs. The
DKIMSignature class also allows you to add and control how various pieces of metadata are added
to the DKIM-Signature header and the signature calculation. See the javadoc for more details.
If you are including more than one signature, then just add additional DKIMSignature instances
to the headers of the request or response.

44.2.1. @Signed annotation
Instead of using the API, RESTEasy also provides you an annotation alternative
to the manual way of signing using a DKIMSignature instances is to use the
@org.jboss.resteasy.annotations.security.doseta.Signed annotation. It is required that you configure a KeyRepository as described later in this chapter. Here's an example:

@GET
@Produces("text/plain")
@Path("signedresource")

236

Signature Verification API

@Signed(selector="burke",

domain="sample.com",

timestamped=true,

expires=@After(hours=24))
public String getSigned()
{
return "hello world";
}

The above example using a bunch of the optional annotation attributes of @Signed to create the
following Content-Signature header:

DKIM-Signature: v=1;
a=rsa-sha256;
domain=sample.com;
t=02342342341;
x=02342342322;
b=mababaddbb==
v=1;
a=rsa-sha256;

c=simple/simple;
s=burke;
bh=m0234fsefasf==;

c=simple/simple;
domain=sample.com;
s=burke;
t=02342342341;
x=02342342322;
bh=m0234fsefasf==;
b=mababaddbb==

This annotation also works with the client proxy framework.

44.3. Signature Verification API
If you want fine grain control over verification, this is an API to verify signatures manually. Its a
little tricky because you'll need the raw bytes of the HTTP message body in order to verify the
signature. You can get at an unmarshalled message body as well as the underlying raw bytes
by using a org.jboss.resteasy.spi.MarshalledEntity injection. Here's an example of doing this on
the server side:

import
org.jboss.resteasy.spi.MarshalledEntity;@POST@Consumes("text/
plain")@Path("verify-manual")public void verifyManual(@HeaderParam("ContentSignature") DKIMSignature signature,
@Context
KeyRepository repository,
@Context HttpHeaders
headers,
MarshalledEntity input)
throws Exception{
Verifier verifier = new Verifier();
Verification
verification = verifier.addNew();
verification.setRepository(repository);
verification.setStaleCheck(true);
verification.setStaleSeconds(100);
try {
verifier.verifySignature(headers.getRequestHeaders(),

237

Chapter 44. Doseta Digital Si...

input.getMarshalledBytes, signature);
}

} catch (SignatureException ex) {

System.out.println("The text message posted is: " + input.getEntity());}

org.jboss.resteasy.spi.MarshalledEntity;
@POST@Consumes("text/
plain")@Path("verifymanual")public
void
verifyManual(@HeaderParam("Content-Signature")
DKIMSignature
signature,
@Context KeyRepository repository,
@Context HttpHeaders headers,
MarshalledEntity input) throws
Exception
{
Verifier verifier = new
Verifier();
Verification verification =
verifier.addNew();
verification.setRepository(repository);
verification.setStaleCheck(true);
verification.setStaleSeconds(100);
try
{
verifier.verifySignature(headers.getRequestHeaders(), input.getMarshalledBytes,
signature);
} catch (SignatureException ex)
{
}
System.out.println("The text message posted is: " +
input.getEntity());

MarshalledEntity is a generic interface. The template parameter should be the Java type you want
the message body to be converted into. You will also have to configure a KeyRepository. This is
describe later in this chapter.
The client side is a little bit different:

ClientRequest
request
=
new
host:9095/signed"));ClientResponse
request.get(String.class);Verifier verifier

ClientRequest("http://local
response
=
= new Verifier();Verification
verification

verifier);// signature verification happens when you get the entityString entity
= response.getEntity();

ClientRequest("http://localhost:9095/signed"));ClientResponse
response = request.get(String.class);Verifier verifier
= new Verifier();Verification
verification
=

verifier.addNew();verification.setRepository(repository);response.getProperties().put(Verifier.

238

Annotation-based verification

get the entityString

On the client side, you create a verifier and add it as a property to the
ClientResponse. This will trigger the verification interceptors.

44.3.1. Annotation-based verification
The easiest way to verify a signature sent in a HTTP request on the server side is to use the
@@org.jboss.resteasy.annotations.security.doseta.Verify (or @Verifications which is used to verify multiple signatures). Here's an example:

@POST
@Consumes("text/plain")
@Verify
public void post(String input)
{
}

In the above example, any DKIM-Signature headers attached to the posted message body will
be verified. The public key to verify is discovered using the configured KeyRepository (discussed
later in this chapter). You can also specify which specific signatures you want to verify as well
as define multiple verifications you want to happen via the @Verifications annotation. Here's a
complex example:

@POST
@Consumes("text/plain")
@Verifications(
@Verify(identifierName="d",
identiferValue="inventory.com",
stale=@After(days=2)),
@Verify(identifierName="d", identiferValue="bill.com")
}
public void post(String input) {...}

The above is expecting 2 different signature to be included within the DKIM-Signature header.
Failed
verifications
will
throw
an
org.jboss.resteasy.security.doseta.UnauthorizedSignatureException. This causes a 401 error
code to be sent back to the client. If you catch this exception using an ExceptionHandler you can
browse the failure results.

239

Chapter 44. Doseta Digital Si...

44.4. Managing Keys via a KeyRepository
RESTEasy manages keys for you through a org.jboss.resteasy.security.doseta.KeyRepository.
By default, the KeyRepository is backed by a Java KeyStore. Private keys are always discovered
by looking into this KeyStore. Public keys may also be discovered via a DNS text (TXT) record
lookup if configured to do so. You can also implement and plug in your own implementation of
KeyRepository.

44.4.1. Create a KeyStore
Use the Java keytool to generate RSA key pairs. Key aliases MUST HAVE the form of:
._domainKey.
For example:

$ keytool -genkeypair -alias burke._domainKey.example.com -keyalg RSA -keysize
1024 -keystore my-apps.jks

You can always import your own official certificates too. See the JDK documentation for more
details.

44.4.2. Configure Restreasy to use the KeyRepository
Next you need to configure the KeyRepository in your web.xml file so that it is created and
made available to RESTEasy to discover private and public keys.You can reference a Java key store you want the Resteasy signature framework to use within web.xml using either
resteasy.keystore.classpath or resteasy.keystore.filename context parameters. You
must also specify the password (sorry its clear text) using the resteasy.keystore.password
context parameter. The resteasy.context.objects is used to create the instance of the repository.
For example:


resteasy.doseta.keystore.classpath
test.jks


resteasy.doseta.keystore.password
geheim


resteasy.context.objects
org.jboss.resteasy.security.doseta.KeyRepository :
value>
param>
name>
value>
param>
param>
name>

240


resteasy.doseta.keystore.classpathtest.jksresteasy.doseta.keystore.passwordgeheim


param>
name>
:
paramvalue>

resteasy.context.objectsorg.jboss.resteasy.security.doseta.KeyRepository

>
classes = new HashSet>();
private KeyRepository repository;
public
SignatureApplication(@Context
Dispatcher
dispatcher)
{
classes.add(SignedResource.class);
repository
=
new DosetaKeyRepository();
repository.setKeyStorePath("test.jks");
repository.setKeyStorePassword("password");
repository.setUseDns(false);
repository.start();
dispatcher.getDefaultContextObjects().put(KeyRepository.class, repository);
}
@Override
public Set> getClasses()
{
return classes;
}}
org.jboss.resteasy.core.Dispatcher;import
org.jboss.resteasy.security.doseta.KeyRepository;import
org.jboss.resteasy.security.doseta.DosetaKeyRepository;import
javax.ws.rs.core.Application;import
javax.ws.rs.core.Context;public class SignatureApplication extends
Application
{
private HashSet> classes = new HashSet>();
private KeyRepository
repository;
dispatcher)
{

public SignatureApplication(@Context Dispatcher

classes.add(SignedResource.class);
repository = new
DosetaKeyRepository();
repository.setKeyStorePath("test.jks");
repository.setKeyStorePassword("password");
repository.setUseDns(false);
repository.start();

dispatcher.getDefaultContextObjects().put(KeyRepository.class,

241

Chapter 44. Doseta Digital Si...

repository);
}
@Override
public Set>
getClasses()
{
return
classes;
}

On the client side, you can load a KeyStore manually, by instantiating an instance of
org.jboss.resteasy.security.doseta.DosetaKeyRepository. You then set a request attribute,
"org.jboss.resteasy.security.doseta.KeyRepository", with the value of the created instance. Use
the ClientRequest.getAttributes() method to do this. For example:

DosetaKeyRepository
keyRepository
=
new
DoestaKeyReposito
ry();repository.setKeyStorePath("test.jks");repository.setKeyStorePassword("password");reposito
signature
DKIMSignature();signature.setDomain("example.com");ClientRequest

=
request
=

repository);request.header("DKIM-Signature", signatures);
ry
=

new DoestaKeyRepository();repository.setKeyStorePath("test.jks");repository.setKeyStorePassword
repository.setUseDns(false);
repository.start();DKIMSignature signature = new
DKIMSignature();signature.setDomain("example.com");ClientRequest
request =

44.4.3. Using DNS to Discover Public Keys
Public keys can also be discover by a DNS text record lookup. You must configure web.xml to
turn this feature:


resteasy.doseta.use.dns
true


resteasy.doseta.dns.uri
dns://
localhost:9095

param>
resteasy.doseta.use.dns
true


param>
name>
value>

resteasy.doseta.dns.uridns://localhost:9095 bill.pem
bill.der $ openssl x509 -noout -pubkey -in bill.der -inform der

The output will look something like:

-----BEGIN

PUBLIC

EOPfVb9mD73Wn+CJYXvnryhqo99Y/q47urWYWAF/bqH9AMyMfibPr6IlP8mO9pNYf/
Zsqup/7oJxrvzJU7T0IGdLN1hHcC
+qRnwkKddNmD8UPEQ4BXiX4xFxbTjNvKWLZVKGQMyy6EFVQIDAQAB-----END PUBLIC KEY----KEY----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCKxct5GHz8dFw0mzAMfvNju2b3oeAv/EOPfVb9mD73Wn+CJYXvnryhqo9
bqH9AMyMfibPr6IlP8mO9pNYf/Zsqup/7oJxrvzJU7T0IGdLN1hHcC
+qRnwkKddNmD8UPEQ4BXiX4xFxbTj
NvKWLZVKGQMyy6EFVQIDAQAB-----END PUBLIC

The DNS text record entry would look like this:

test2._domainKey
IN
TXT
"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCIKFLFWuQfDfBug688BJ0dazQ/x
+GEnH443KpnBK8agpJXSgFAPhlRvf0yhqHeuI
+J5onsSOo9Rn4fKaFQaQNBfCQpHSMnZpBC3X0G5Bc1HWq1AtBl6Z1rbyFen4CmGYOyRzDBUOIW6n8QK47bf3hvoSxqpY1pH
+wIDAQAB; t=s"

Notice that the newlines are take out. Also, notice that the text record is a name value ';' delimited
list of parameters. The p field contains the public key.

243

244

Chapter 45.

Chapter 45. Body Encryption and
Signing via SMIME
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption
and signing of MIME data. MIME data being a set of headers and a message body. Its most often
seen in the email world when somebody wants to encrypt and/or sign an email message they
are sending across the internet. It can also be used for HTTP requests as well which is what the
RESTEasy integration with S/MIME is all about. RESTEasy allows you to easily encrypt and/or
sign an email message using the S/MIME standard. While the API is described here, you may
also want to check out the example projects that come with the RESTEasy distribution. It shows
both Java and Python clients exchanging S/MIME formatted messages with a JAX-RS service.

45.1. Maven settings
You must include the resteasy-crypto project to use the smime framework.


org.jboss.resteasy
resteasy-crypto
3.6.2.Final

pendency>
org.jboss.resteasy
resteasy-crypto
3.6.2.Final

45.2. Message Body Encryption
While HTTPS is used to encrypt the entire HTTP message, S/MIME encryption is used solely
for the message body of the HTTP request or response. This is very useful if you have a representation that may be forwarded by multiple parties (for example, HornetQ's REST Messaging
integration!) and you want to protect the message from prying eyes as it travels across the network. RESTEasy has two different interfaces for encrypting message bodies. One for output, one
for input. If your client or server wants to send an HTTP request or response with an encrypted
body, it uses the org.jboss.resteasy.security.smime.EnvelopedOutput type. Encrypting a
body also requires an X509 certificate which can be generated by the Java keytool command-line
interface, or the openssl tool that comes installed on many OS's. Here's an example of using the
EnvelopedOutput interface:

// server side
@Path("encrypted")@GETpublic EnvelopedOutput getEncrypted(){
Customer cust = new Customer();
cust.setName("Bill");
X509Certificate
certificate = ...;
EnvelopedOutput output = new EnvelopedOutput(cust,

245

Chapter 45. Body Encryption a...

MediaType.APPLICATION_XML_TYPE);

output.setCertificate(certificate);

return output;}// client sideX509Certificate cert = ...; Customer
cust = new Customer();cust.setName("Bill");EnvelopedOutput output = new
EnvelopedOutput(cust, "application/xml");output.setCertificate(cert);Response
res
=
target.request().post(Entity.entity(output,
"application/pkcs7mime").post();

@Path("encrypted")
@GETpublic EnvelopedOutput
getEncrypted()
{
Customer cust = new
Customer();
cust.setName("Bill");
X509Certificate certificate =
...;
EnvelopedOutput
EnvelopedOutput(cust,
MediaType.APPLICATION_XML_TYPE);
output.setCertificate(certificate);
output;

output

=

new

return

}// client
sideX509Certificate cert = ...;
Customer cust = new
Customer();
cust.setName("Bill");EnvelopedOutput output = new EnvelopedOutput(cust, "application/
xml");
output.setCertificate(cert);Response res = target.request().post(Entity.entity(output, "applic
pkcs7-

An EnvelopedOutput instance is created passing in the entity you want to marshal and the media
type you want to marshal it into. So in this example, we're taking a Customer class and marshalling
it into XML before we encrypt it. RESTEasy will then encrypt the EnvelopedOutput using the
BouncyCastle framework's SMIME integration. The output is a Base64 encoding and would look
something like this:

Content-Type:
application/pkcs7-mime;
ta;
name="smime.p7m"Content-Transfer-Encoding:

smime-type=enveloped-da
base64Content-Disposition:

O34DFl2p2zm+xZQ6R+94BqZHdtEWQN2evrcgtAng+f2ltILxr/PiK+8bE8wDO5GuCg
+k92uYp2rLKlZ5BxCGb8tRM4kYC9sHbH2dPaqzUBhMxjgWdMCX6Q7E130u9MdGcP74Ogwj8fNl3lD4sx/0k02/
QwgaukeY7uNHzCABgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECDRozFLsPnSgoIAEQHmqjSKAWlQbuGQL9w4nKw4l
+44WgTjKf7mGWZvYY8tOCcdmhDxRSM1Ly682Imt+LTZf0LXzuFGTsCGOUo742N8AAAAAAAAAAAAA
type=enveloped-data; name="smime.p7m"

246

Message Body Encryption

Content-Transfer-Encoding: base64ContentDisposition:

attachment; filename="smime.p7m"MIAGCSqGSIb3DQEHA6CAMIACAQAxgewwgekCAQAwUjBFMQswCQYDVQQGEwJBVTE
DQYJKoZIhvcNAQEBBQAEgYCfnqPK/O34DFl2p2zm+xZQ6R+94BqZHdtEWQN2evrcgtAng
+f2ltILxr/
PiK+8bE8wDO5GuCg
+k92uYp2rLKlZ5BxCGb8tRM4kYC9sHbH2dPaqzUBhMxjgWdMCX6Q7E130u9MdGcP74Ogwj8fNl3lD4sx/0k02/

Decrypting
an
S/MIME
encrypted
message
requires
using
the
org.jboss.resteasy.security.smime.EnvelopedInput interface. You also need both the private key
and X509Certificate used to encrypt the message. Here's an example:

//

server
side@Path("encrypted")@POSTpublic
void
postEncrypted(EnvelopedInput
input){
PrivateKey
privateKey
= ...;
X509Certificate certificate = ...;
Customer cust =

input.getEntity(privateKey, certificate);}// client sideClientRequest request
= new ClientRequest("http://localhost:9095/smime/encrypted");EnvelopedInput
input
=
request.getTarget(EnvelopedInput.class);Customer
cust
=
(Customer)input.getEntity(Customer.class, privateKey, cert);
side
@Path("encrypted")
@POSTpublic void postEncrypted(EnvelopedInput
input)
{
PrivateKey privateKey =
...;
X509Certificate certificate =
...;
Customer cust = input.getEntity(privateKey,
certificate);
}// client

sideClientRequest
request
=
new
ClientRequest("http://localhost:9095/
smime/
encrypted");EnvelopedInput input =
request.getTarget(EnvelopedInput.class);Customer cust = (Customer)input.getEntity(Customer.clas

Both examples simply call the getEntity() method passing in the PrivateKey and X509Certificate
instances requires to decrypt the message. On the server side, a generic is used with EnvelopedInput to specify the type to marshal to. On the server side this information is passed as a parameter to getEntity(). The message is in MIME format: a Content-Type header and body, so the EnvelopedInput class now has everything it needs to know to both decrypt and unmarshall the entity.

247

Chapter 45. Body Encryption a...

45.3. Message Body Signing
S/MIME also allows you to digitally sign a message. It is a bit different than the Doseta Digital
Signing Framework. Doseta is an HTTP header that contains the signature. S/MIME uses the
multipart/signed data format which is a multipart message that contains the entity and the digital
signature. So Doseta is a header, S/MIME is its own media type. Generally I would prefer Doseta
as S/MIME signatures require the client to know how to parse a multipart message and Doseta
doesn't. Its up to you what you want to use.
RESTEasy has two different interfaces for creating a multipart/signed message. One for input,
one for output. If your client or server wants to send an HTTP request or response with an multipart/signed body, it uses the org.jboss.resteasy.security.smime.SignedOutput type. This
type requires both the PrivateKey and X509Certificate to create the signature. Here's an example
of signing an entity and sending a multipart/signed entity.

// server-side
@Path("signed")
@GET
@Produces("multipart/signed")
public SignedOutput getSigned()
{
Customer cust = new Customer();
cust.setName("Bill");
SignedOutput output = new SignedOutput(cust,
MediaType.APPLICATION_XML_TYPE);
output.setPrivateKey(privateKey);
output.setCertificate(certificate);
return output;
}//
client side
Client client = new ResteasyClient();
WebTarget target = client.target("http://localhost:9095/smime/signed");
Customer cust = new Customer();
cust.setName("Bill");
SignedOutput output = new SignedOutput(cust, "application/xml");
output.setPrivateKey(privateKey);
output.setCertificate(cert);
Response
res = target.request().post(Entity.entity(output, "multipart/signed");
side
@Path("signed")
@GET
@Produces("multipart/
signed")
public SignedOutput
getSigned()
{
Customer cust = new
Customer();
cust.setName("Bill");
SignedOutput(cust,
MediaType.APPLICATION_XML_TYPE);
output.setPrivateKey(privateKey);
output.setCertificate(certificate);
output;

SignedOutput

output

=

new

return

}// client
side
Client client = new
ResteasyClient();
WebTarget target = client.target("http://localhost:9095/smime/
signed");
Customer cust = new

248

Message Body Signing

Customer();
cust.setName("Bill");
SignedOutput output = new SignedOutput(cust, "application/
xml");
output.setPrivateKey(privateKey);
output.setCertificate(cert);
Response res = target.request().post(Entity.entity(output,
"multipart/

An SignedOutput instance is created passing in the entity you want to marshal and the media type
you want to marshal it into. So in this example, we're taking a Customer class and marshalling it
into XML before we sign it. RESTEasy will then sign the SignedOutput using the BouncyCastle
framework's SMIME integration. The output iwould look something like this:

Content-Type:
multipart/signed;
protocol="application/pkcs7-signature";
micalg=sha1;
boundary="----=_Part_0_1083228271.1313024422098"-----=_Part_0_1083228271.1313024422098Content-Type:
application/xmlContentTransfer-Encoding:
7bit------

=_Part_0_1083228271.1313024422098Content-Type:
application/pkcs7-signature;
name=smime.p7s;
smime-type=signed-dataContent-Transfer-Encoding:
base64Content-Disposition:
attachment;
filename="smime.p7s"ContentDescription:
S/MIME
Cryptographic
2BfR1l1vzDshtQvJrgvpGvjADMA0GCSqGSIb3DQEBAQUABIGAL3KVi3ul9cPRUMYcGgQmWtsZ0bLbAldO
+okrt8mQ87SrUv2LGkIJbEhGHsOlsgSU80/YumP+Q4lYsVanVfoI8GgQH3Iztp
+Rce2cy42f86ZypE7ueynI4HTPNHfr78EpyKGzWuZHW4yMo70LpXhk5RqfM9a/
n4TEa9QuTU76atAAAAAAAAA=------=_Part_0_1083228271.1313024422098-micalg=sha1;
boundary="----=_Part_0_1083228271.1313024422098"-----=_Part_0_1083228271.1313024422098Content-Type: application/

xmlContent-Transfer-Encoding:
7bit
------=_Part_0_1083228271.1313024422098Content-Type: application/pkcs7signature;
name=smime.p7s; smime-type=signeddataContent-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"Content-Description:
S/
MIME
Cryptographic

SignatureMIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAMYIBVzCCAVMCAQEwUjBFMQ
FH32BfR1l1vzDshtQvJrgvpGvjADMA0GCSqGSIb3DQEBAQUABIGAL3KVi3ul9cPRUMYcGgQmWtsZ0bLbAldO
+okrt8mQ87SrUv2LGkIJbEhGHsOlsgSU80/

249

Chapter 45. Body Encryption a...

YumP+Q4lYsVanVfoI8GgQH3Iztp

To

unmarshal

and

verify

a

signed

message
org.jboss.resteasy.security.smime.SignedInput
interface.

requires
using
You only need

the
the

X509Certificate to verify the message. Here's an example of unmarshalling and verifying a multipart/signed entity.

// server side
@Path("signed")
@POST
@Consumes("multipart/signed")
public void postSigned(SignedInput input) throws Exception
{
Customer cust = input.getEntity();
if (!input.verify(certificate))
{
throw new WebApplicationException(500);
}
}// client side
Client client = new ResteasyClient();
WebTarget target = client.target("http://localhost:9095/smime/signed");
SignedInput input = target.request().get(SignedInput.class);
Customer cust
= (Customer)input.getEntity(Customer.class)
input.verify(cert);
side
@Path("signed")
@POST
@Consumes("multipart/
signed")
public void postSigned(SignedInput input) throws
Exception
{
Customer cust =
input.getEntity();
if (!
input.verify(certificate))
{
throw new
WebApplicationException(500);
}
}// client
side
Client client = new
ResteasyClient();
WebTarget target = client.target("http://localhost:9095/smime/
signed");
SignedInput input =
target.request().get(SignedInput.class);
Customer cust =
(Customer)input.getEntity(Customer.class)

45.4. application/pkcs7-signature
application/pkcs7-signature is a data format that includes both the data and the signature in one
ASN.1 binary encoding.
SignedOutput and SignedInput can be used to return application/pkcs7-signature format in binary
form. Just change the @Produces or @Consumes to that media type to send back that format.
Also, if your @Produces or @Consumes is text/plain instead, SignedOutput will be base64 encoded and sent as a string.

250

Chapter 46.

Chapter 46. EJB Integration
To integrate with EJB you must first modify your EJB's published interfaces. RESTEasy currently only has simple portable integration with EJBs so you must also manually configure your
RESTEasy WAR.

RESTEasy currently only has simple integration with EJBs. To make an EJB a JAX-RS resource,
you must annotate an SLSB's @Remote or @Local interface with JAX-RS annotations:

@Local
@Path("/Library")
public interface Library {
@GET
@Path("/books/{isbn}")
public String getBook(@PathParam("isbn") String isbn);
}
@Stateless
public class LibraryBean implements Library {
...
}

Next, in RESTEasy's web.xml file you must manually register the EJB with RESTEasy using the
resteasy.jndi.resources 


Archetype Created Web Application

resteasy.jndi.resources
LibraryBean/local

...


251

Chapter 46. EJB Integration

This is the only portable way we can offer EJB integration. Future versions of RESTEasy will have
tighter integration with WildFly so you do not have to do any manual registrations or modifications
to web.xml. For right now though, we're focusing on portability.

If you're using RESTEasy with an EAR and EJB, a good structure to have is:

my-ear.ear
|------myejb.jar
|------resteasy-jaxrs.war
|
----WEB-INF/web.xml
----WEB-INF/lib (nothing)
|------lib/
|
----All RESTEasy jar files

From the distribution, remove all libraries from WEB-INF/lib and place them in a common EAR lib.
OR. Just place the RESTEasy jar dependencies in your application server's system classpath.
(i.e. In JBoss put them in server/default/lib)
An example EAR project is available from our testsuite here.

252

Chapter 47.

Chapter 47. Spring Integration
RESTEasy integrates with Spring 3.0.x. We are interested in other forms of Spring integration,
so please help contribute.

47.1. Basic Integration
For Maven users, you must use the resteasy-spring artifact. Otherwise, the jar is available in the
downloaded distribution.


org.jboss.resteasy
resteasy-spring
whatever version you are using


RESTEasy comes with its own Spring ContextLoaderListener that registers a RESTEasy specific
BeanPostProcessor that processes JAX-RS annotations when a bean is created by a BeanFactory. What does this mean? RESTEasy will automatically scan for @Provider and JAX-RS resource
annotations on your bean class and register them as JAX-RS resources.
Here is what you have to do with your web.xml file


Archetype Created Web Application

org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap


org.jboss.resteasy.plugins.spring.SpringContextLoaderListener

...


253

Chapter 47. Spring Integration

The SpringContextLoaderListener must be declared after ResteasyBootstrap as it uses ServletContext attributes initialized by it.
If you do not use a Spring ContextLoaderListener to create your bean factories, then you can manually register the RESTEasy BeanFactoryPostProcessor by allocating an instance of org.jboss.resteasy.plugins.spring.SpringBeanProcessor.
You
can
obtain
instances
of
a
ResteasyProviderFactory
and
Registry
from the ServletContext attributes org.jboss.resteasy.spi.ResteasyProviderFactory and
org.jboss.resteasy.spi.Registry. (Really the string FQN of these classes). There is also a
org.jboss.resteasy.plugins.spring.SpringBeanProcessorServletAware, that will automatically inject references to the Registry and ResteasyProviderFactory from the Servlet Context. (that is, if
you have used RestasyBootstrap to bootstrap Resteasy).
Our Spring integration supports both singletons and the "prototype" scope. RESTEasy handles
injecting @Context references. Constructor injection is not supported though. Also, with the "prototype" scope, RESTEasy will inject any @*Param annotated fields or setters before the request
is dispatched.
NOTE: You can only use auto-proxied beans with our base Spring integration. You will have
undesirable affects if you are doing handcoded proxying with Spring, i.e., with ProxyFactoryBean.
If you are using auto-proxied beans, you will be ok.

47.2. Spring MVC Integration
RESTEasy can also integrate with the Spring DispatcherServlet. The advantages of using this are
that you have a simpler web.xml file, you can dispatch to either Spring controllers or RESTEasy
from under the same base URL, and finally, the most important, you can use Spring ModelAndView
objects as return arguments from @GET resource methods. Setup requires you using the Spring
DispatcherServlet in your web.xml file, as well as importing the springmvc-resteasy.xml file into
your base Spring beans xml file. Here's an example web.xml file:


Archetype Created Web Application

Spring
org.springframework.web.servlet.DispatcherServlet


Spring
/*


254

Spring MVC Integration



Then within your main Spring beans xml, import the springmvc-resteasy.xml file




....

You can specify resteasy configuration options by overriding the resteasy.deployment bean which
is an instance of org.jboss.resteasy.spi.ResteasyDeployment. Here's an example of adding media
type suffix mappings as well as enabling the RESTEasy asynchronous job service.



http://
http://
http://




255

Chapter 47. Spring Integration











...

47.3. JAX-RS with Spring MVC
A JAX-RS Application subclass can be combined with a Spring DispatcherServlet and used in the
same web application. An application combined in this way allows you to dispatch to either the
Spring controller or the JAX-RS resource using the same base URL. In addition you can use the
Spring ModelAndView objects as return arguments from @GET resource methods.
Configuring a web application of this type requires a web.xml and spring-servlet.xml file and
a reference to springmvc-resteasy.xml. A servlet definition is required for both the Spring DispatcherServlet and the Application subclass in the web.xml, as well as RESTEasy Configuration
Switch, resteasy.scan.resources. Here is an example of the minimum configuration information
needed in the web.xml.



mySpring
org.springframework.web.servlet.DispatcherServlet


mySpring
/*


myAppSubclass
org.my.app.EntryApplicationSubclass



256

JAX-RS with Spring MVC

myAppSubclass
/*



resteasy.scan.resources
true



If your web application contains JAX-RS provider classes the RESTEasy Configuration Switch,
resteasy.scan.providers, will also be needed. And if the url-pattern for the JAX-RS Application subclass is other than /* you will need to declare the RESTEasy Configuration Switch,
resteasy.servlet.mapping.prefix. This switch can be declare either as a context-param or as a
servlet init-param. It's value must be the text that preceeds the /*. Here is an example of such
a web.xml.



spring
org.springframework.web.servlet.DispatcherServlet


spring
/*


myAppSubclass
org.my.app.EntryApplicationSubclass

resteasy.servlet.mapping.prefix
/resources



myAppSubclass
/resources/*


257

Chapter 47. Spring Integration


resteasy.scan.resources
true


resteasy.scan.providers
true



The spring-servlet.xml file must import springmvc-resteasy.xml, however this file does not need
to be present in the archive. In addition a component-scan, declaration of the packages that contain you application classes is needed. At minimum your spring-servlet.xml should contain these
statements.






47.4. Spring Boot starter
The RESTEasy project does not include its own component for Spring Boot integration, however PayPal has developed a very interesting RESTEasy Spring Boot starter [https://github.com/
paypal/resteasy-spring-boot] and shared it with the community. You can see below an example
of how to use it. Please refer to the relevant documentation [https://github.com/paypal/resteasyspring-boot/blob/master/mds/USAGE.md] on GitHub for further information.
First, add dependency com.paypal.springboot:resteasy-spring-boot-starter to your
Spring Boot application. It is recommended to you use the latest version [http://search.maven.org/
#search%7Cga%7C1%7Cg:com.paypal.springboot]. Second, optionally you can register one or
more JAX-RS application classes. To do so, just define it as a Spring bean, and it will be automatically registered. See the example below.

package com.sample.app;
import org.springframework.stereotype.Component;
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;

258

Upgrading in WildFly

@Component
@ApplicationPath("/sample-app/")
public class JaxrsApplication extends Application {
}

Finally, to register JAX-RS resources and providers, just define them as Spring beans, and they
will be automatically registered. Notice that JAX-RS resources can be singleton or request scoped,
while JAX-RS providers must be singletons.

47.5. Upgrading in WildFly
Note. As noted in Section 3.1.2, “Upgrading RESTEasy within WildFly”, the RESTEasy distribution
comes with a zip file called resteasy-jboss-modules-.zip, which can be unzipped into
the modules/system/layers/base/ directory of WildFly to upgrade to a new version of RESTEasy.
Because of the way resteasy-spring is used in WildFly, after unzipping the zip file, it is also necessary to remove the old resteasy-spring jar from modules/system/layers/base/org/jboss/resteasy/
resteasy-spring/main/bundled/resteasy-spring-jar.

259

260

Chapter 48.

Chapter 48. CDI Integration
This module provides integration with JSR-299 (Contexts and Dependency Injection for the Java
EE platform)

48.1. Using CDI beans as JAX-RS components
Both the JAX-RS and CDI specifications introduce their own component model. On the one hand,
every class placed in a CDI archive that fulfills a set of basic constraints is implicitly a CDI bean.
On the other hand, explicit decoration of your Java class with @Path or @Provider is required
for it to become a JAX-RS component. Without the integration code, annotating a class suitable
for being a CDI bean with JAX-RS annotations leads into a faulty result (JAX-RS component not
managed by CDI) The resteasy-cdi module is a bridge that allows RESTEasy to work with class
instances obtained from the CDI container.
During a web service invocation, resteasy-cdi asks the CDI container for the managed instance of
a JAX-RS component. Then, this instance is passed to RESTEasy. If a managed instance is not
available for some reason (the class is placed in a jar which is not a bean deployment archive),
RESTEasy falls back to instantiating the class itself.
As a result, CDI services like injection, lifecycle management, events, decoration and interceptor
bindings can be used in JAX-RS components.

48.2. Default scopes
A CDI bean that does not explicitly define a scope is @Dependent scoped by default. This pseudo scope means that the bean adapts to the lifecycle of the bean it is injected into. Normal
scopes (request, session, application) are more suitable for JAX-RS components as they designate component's lifecycle boundaries explicitly. Therefore, the resteasy-cdi module alters the
default scoping in the following way:
• If a JAX-RS root resource does not define a scope explicitly, it is bound to the Request scope.
• If a JAX-RS Provider or javax.ws.rs.Application subclass does not define a scope explicitly,
it is bound to the Application scope.

Warning
Since the scope of all beans that do not declare a scope is modified by resteasycdi, this affects session beans as well. As a result, a conflict occurs if the scope of a
stateless session bean or singleton is changed automatically as the spec prohibits
these components to be @RequestScoped. Therefore, you need to explicitly define
a scope when using stateless session beans or singletons. This requirement is
likely to be removed in future releases.

261

Chapter 48. CDI Integration

48.3. Configuration within WildFly
CDI integration is provided with no additional configuration with WildFly.

48.4. Configuration with different distributions
Provided you have an existing RESTEasy application, all that needs to be done is to add the
resteasy-cdi jar into your project's WEB-INF/lib directory. When using maven, this can be achieve
by defining the following dependency.

 org.jboss.resteasy resteasy-cdi ${project.version}
pendency>
org.jboss.resteasy
resteasy-cdi
${project.version}
resteasy.injector.factory
org.jboss.resteasy.cdi.CdiInjectorFactory


When deploying an application to a Servlet container that does not support CDI out of the box
(Tomcat, Jetty, Google App Engine), a CDI implementation needs to be added first. Weld-servlet
module [http://docs.jboss.org/weld/reference/latest/en-US/html/environments.html] can be used
for this purpose.

262

Chapter 49.

Chapter 49. Guice 3.0 Integration
RESTEasy has some simple integration with Guice 3.0. RESTEasy will scan the binding types
for a Guice Module for @Path and @Provider annotations. It will register these bindings with
RESTEasy. The guice-hello project that comes in the RESTEasy examples/ directory gives a nice
example of this.

@Path("hello")
public class HelloResource
{
@GET
@Path("{name}")
public String hello(@PathParam("name") final String name) {
return "Hello " + name;
}
}

First you start off by specifying a JAX-RS resource class. The HelloResource is just that. Next you
create a Guice Module class that defines all your bindings:

import com.google.inject.Module;
import com.google.inject.Binder;
public class HelloModule implements Module
{
public void configure(final Binder binder)
{
binder.bind(HelloResource.class);
}
}

You put all these classes somewhere within your WAR WEB-INF/classes or in a JAR within WEBINF/lib. Then you need to create your web.xml file. You need to use the GuiceResteasyBootstrapServletContextListener as follows


Guice Hello


263

Chapter 49. Guice 3.0 Integration

resteasy.guice.modules
org.jboss.resteasy.examples.guice.hello.HelloModule



org.jboss.resteasy.plugins.guice.GuiceResteasyBootstrapServletContextListener



Resteasy

org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher



Resteasy
/*



GuiceResteasyBootstrapServletContextListener is a subclass of ResteasyBootstrap, so you can
use any other RESTEasy configuration option within your web.xml file. Also notice that there is
a resteasy.guice.modules context-param. This can take a comma delimited list of class names
that are Guice Modules.

49.1. Request Scope
Add the RequestScopeModule to your modules to allow objects to be scoped to the HTTP request by adding the @RequestScoped annotation to your fields in resource classes. All the objects injectable via the @Context annotation are also injectable, except ServletConfig and ServletContext. Note that RequestScopeModule will already be added if any of your modules extends
com.google.inject.servlet.ServletModule. In such cases you should not add it again to avoid injector creation errors.

import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Context;

264

Binding JAX-RS utilities

import org.jboss.resteasy.plugins.guice.RequestScoped;
public class MyClass
{
@Inject @RequestScoped @Context
private HttpRequest request;
}

49.2. Binding JAX-RS utilities
Add
the
JaxrsModule
to
bind
javax.ws.rs.ext.RuntimeDelegate,
javax.ws.rs.core.Response.ResponseBuilder,
javax.ws.rs.core.UriBuilder,
javax.ws.rs.core.Variant.VariantListBuilder and org.jboss.resteasy.client.ClientExecutor.

49.3. Configuring Stage
You can configure the stage Guice uses to deploy your modules by specific a context param,
resteasy.guice.stage. If this value is not specified, RESTEasy uses whatever Guice's default is.


Guice Hello

resteasy.guice.modules
org.jboss.resteasy.examples.guice.hello.HelloModule


resteasy.guice.stage
PRODUCTION



org.jboss.resteasy.plugins.guice.GuiceResteasyBootstrapServletContextListener



Resteasy

org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher

265

Chapter 49. Guice 3.0 Integration




Resteasy
/*



49.4. Custom Injector creation
GuiceResteasyBootstrapServletContextListener can be extended to allow more flexibility in the
way the Injector and Modules are created. Three methods can be overridden: getModules(), withInjector() and getStage(). Register your subclass as the listener in the web.xml.
Override getModules() when you need to pass arguments to your modules' constructor or perform
more complex operations.
Override withInjector(Injector) when you need to interact with the Injector after it has been created.
Override getStage(ServletContext) to set the Stage yourself.





org.jboss.resteasy.plugins.guice.GuiceResteasyBootstrapServletContextListener



public
class
MyServletContextListener
GuiceResteasyBootstrapServletContextListener
{

extends

@Override
protected List getModules(ServletContext context)
{
return Arrays.asList(new JpaPersistModule("consulting_hours"), new
MyModule());
}
@Override

266

Custom Injector creation

public void withInjector(Injector injector)
{
injector.getInstance(PersistService.class).start();
}
}

267

268

Chapter 50.

Chapter 50. RESTEasy Client API
50.1. JAX-RS 2.0 Client API
JAX-RS 2.0 introduces a new client API so that you can make http requests to your remote RESTful web services. It is a 'fluent' request building API with really 3 main classes: Client, WebTarget,
and Response. The Client interface is a builder of WebTarget instances. WebTarget represents a
distinct URL or URL template from which you can build more sub-resource WebTargets or invoke
requests on.
There are really two ways to create a Client. Standard way, or you can use the ResteasyClientBuilder class. The advantage of the latter is that it gives you a few more helper methods to configure your client.

Client client = ClientBuilder.newClient();
... or...
Client client = ClientBuilder.newBuilder().build();
WebTarget target = client.target("http://foo.com/resource");
Response response = target.request().get();
String value = response.readEntity(String.class);
response.close(); // You should close connections!
ResteasyClient client = new ResteasyClientBuilder().build();
ResteasyWebTarget target = client.target("http://foo.com/resource");

RESTEasy will automatically load a set of default providers. (Basically all classes listed in all
META-INF/services/javax.ws.rs.ext.Providers files). Additionally, you can manually register other
providers, filters, and interceptors through the Configuration object provided by the method call
Client.configuration(). Configuration also lets you set various configuration properties that may be
needed.
Each WebTarget has its own Configuration instance which inherits the components and properties
registered with its parent. This allows you to set specific configuration options per target resource.
For example, username and password.
One RESTEasy extension to the client API is the ability to specify that requests should be
sent in "chunked" transfer mode. There are two ways of doing that. One is to configure an
org.jboss.resteasy.client.jaxrs.ResteasyWebTarget so that all requests to that target are
sent in chunked mode:

ResteasyClient client = new ResteasyClientBuilder().build();

269

Chapter 50. RESTEasy Client API

ResteasyWebTarget target = client.target("http://localhost:8081/test");
target.setChunked(b.booleanValue());
Invocation.Builder request = target.request();

Alternatively, it is possible to configure a particular request to be sent in chunked mode:

ResteasyClient client = new ResteasyClientBuilder().build();
ResteasyWebTarget target = client.target("http://localhost:8081/test");
ClientInvocationBuilder
request
=
(ClientInvocationBuilder)
target.request();
request.setChunked(b);

Note that org.jboss.resteasy.client.jaxrs.internal.ClientInvocationBuilder, unlike
javax.ws.rs.client.Invocation.Builder, is a RESTEasy class.

Note.
The
lying transport

ability
layer;

to
in

send in
particular,

chunked mode depends on the underit depends on which implementation of
org.jboss.resteasy.client.jaxrs.ClientHttpEngine is being used. Currently, only the default implementation, ApacheHttpClient43Engine and the older ApacheHttpClient4Engine,
both in package org.jboss.resteasy.client.jaxrs.engines, support chunked mode. See
Section Apache HTTP Client 4.x and other backends for more information.

50.2. RESTEasy Proxy Framework
The RESTEasy Proxy Framework is the mirror opposite of the JAX-RS server-side specification.
Instead of using JAX-RS annotations to map an incoming request to your RESTFul Web Service
method, the client framework builds an HTTP request that it uses to invoke on a remote RESTful
Web Service. This remote service does not have to be a JAX-RS service and can be any web
resource that accepts HTTP requests.
RESTEasy has a client proxy framework that allows you to use JAX-RS annotations to invoke on
a remote HTTP resource. The way it works is that you write a Java interface and use JAX-RS
annotations on methods and the interface. For example:

public interface SimpleClient
{
@GET
@Path("basic")
@Produces("text/plain")
String getBasic();

270

RESTEasy Proxy Framework

@PUT
@Path("basic")
@Consumes("text/plain")
void putBasic(String body);
@GET
@Path("queryParam")
@Produces("text/plain")
String getQueryParam(@QueryParam("param")String param);
@GET
@Path("matrixParam")
@Produces("text/plain")
String getMatrixParam(@MatrixParam("param")String param);
@GET
@Path("uriParam/{param}")
@Produces("text/plain")
int getUriParam(@PathParam("param")int param);
}

RESTEasy has a simple API based on Apache HttpClient. You generate a proxy then you can
invoke methods on the proxy. The invoked method gets translated to an HTTP request based on
how you annotated the method and posted to the server. Here's how you would set this up:

Client client = ClientBuilder.newClient();
WebTarget target = client.target("http://example.com/base/uri");
ResteasyWebTarget rtarget = (ResteasyWebTarget)target;
SimpleClient simple = rtarget.proxy(SimpleClient.class);
client.putBasic("hello world");

Alternatively you can use the RESTEasy client extension interfaces directly:

ResteasyClient client = new ResteasyClientBuilder().build();
ResteasyWebTarget target = client.target("http://example.com/
base/uri");
SimpleClient simple = target.proxy(SimpleClient.class);
client.putBasic("hello world");

271

Chapter 50. RESTEasy Client API

@CookieParam works the mirror opposite of its server-side counterpart and creates a cookie
header to send to the server. You do not need to use @CookieParam if you allocate your own
javax.ws.rs.core.Cookie object and pass it as a parameter to a client proxy method. The client
framework understands that you are passing a cookie to the server so no extra metadata is needed.
The framework also supports the JAX-RS locator pattern, but on the client side. So, if you have
a method annotated only with @Path, that proxy method will return a new proxy of the interface
returned by that method.

50.2.1. Abstract Responses
Sometimes you are interested not only in the response body of a client request, but also either
the response code and/or response headers. The Client-Proxy framework has two ways to get
at this information
You may return a javax.ws.rs.core.Response.Status enumeration from your method calls:

@Path("/")
public interface MyProxy {
@POST
Response.Status updateSite(MyPojo pojo);
}

Internally, after invoking on the server, the client proxy internals will convert the HTTP response
code into a Response.Status enum.
If you are interested in everything, you can get it with the javax.ws.rs.core.Response class:

@Path("/")
public interface LibraryService {
@GET
@Produces("application/xml")
Response getAllBooks();
}

50.2.2. Response proxies
A further extension implemented by the RESTEasy client proxy framework is the "response proxy
facility", where a client proxy method returns an interface that represents the information con-

272

Response proxies

tained in a javax.ws.rs.core.Response. Such an interface must be annotated with @ResponseObject from package org.jboss.resteasy.annotations, and its methods may be further
annotated with @Body, @LinkHeaderParam, and @Status from the same package, as well as
javax.ws.rs.HeaderParam. Consider the following example.

@ResponseObject
public interface TestResponseObject {
@Status
int status();
@Body
String body();
@HeaderParam("Content-Type")
String contentType();
ClientResponse response();
}
@Path("test")
public interface TestClient {
@GET
TestResponseObject get();
}
@Path("test")
public static class TestResource {
@GET
@Produces("text/plain")
public String get() {
return "ABC";
}
}

Here, TestClient will define the client side proxy for TestResource. Note that
TestResource.get() returns a String but the proxy based on TestClient will return a TestResponseObject on a call to get():

Client client = ClientBuilder.newClient();

273

Chapter 50. RESTEasy Client API

TestClient ClientInterface = ProxyBuilder.builder(TestClient.class,
client.target("http://localhost:8081")).build();
TestResponseObject tro = ClientInterface.get();

The methods of TestResponseObject provide access to various pieces of information about the
response received from TestResponse.get(). This is where the annotations on those methods
come into play. status() is annotated with @Status, and a call to status() returns the HTTP
status. Similarly, body() returns the returned entity, and contentType() returns the value of the
response header Content-Type:

System.out.println("status: " + tro.status());
System.out.println("entity: " + tro.body());
System.out.println("Content-Type: " + tro.contentType());

will yield

status: 200
entity: ABC
Content-Type: text/plain;charset=UTF-8

Note that there is one other method in TestResponseObject, response(), that has no annotation. When RESTEasy sees a method in an interface annotated with @ResponseObject that returns a javax.ws.rs.core.Response (or a subclass thereof), it will return a
org.jboss.resteasy.client.jaxrs.internal.ClientResponse. For example,

ClientResponse clientResponse =

tro.response();

System.out.println("Content-Length: " + clientResponse.getLength());

Perhaps the most interesting piece of the response proxy facility is the treatment of
methods annotated with @LinkHeaderParam. Its simplest use is to assist in accessing a
javax.ws.rs.core.Link returned by a resource method. For example, let's add

@GET

274

Response proxies

@Path("/link-header")
public Response getWithHeader(@Context UriInfo uri) {
URI subUri = uri.getAbsolutePathBuilder().path("next-link").build();
Link link = new LinkBuilderImpl().uri(subUri).rel("nextLink").build();
return Response.noContent().header("Link", link.toString()).build();
}

to TestResource, add

@GET
@Path("link-header")
ResponseObjectInterface performGetBasedOnHeader();

to ClientInterface, and add

@LinkHeaderParam(rel = "nextLink")
URI nextLink();

to ResponseObjectInterface. Then calling

ResponseObjectInterface obj = ClientInterface.performGetBasedOnHeader();
System.out.println("nextLink(): " + obj.nextLink());

will access the LinkHeader returned by TestResource.getWithHeader():

nextlink: http://localhost:8081/test/link-header/next-link

Last but not least, let's add

@GET

275

Chapter 50. RESTEasy Client API

@Produces("text/plain")
@Path("/link-header/next-link")
public String getHeaderForward() {
return "forwarded";
}

to TestResource and

@GET
@LinkHeaderParam(rel = "nextLink")
String followNextLink();

to ResponseObjectInterface. Note that, unlike ResponseObjectInterface.nextLink(), followNextLink() is annotated with @GET; that is, it qualifies as (the client proxy to) a resource

method. When executing followNextLink(), RESTEasy will retrieve the value of the Link returned by TestResource.getWithHeader() and then will make a GET invocation on the URL in
that Link. Calling

System.out.println("followNextLink(): " + obj.followNextLink());

causes RESTEasy to retrieve the URL http://localhost:8081/test/link-header/next-link from
the call to TestResource.getWithHeader() and then perform a GET on it, invoking
TestResource.getHeaderForward():

followNextLink(): forwarded

Note. This facility for extracting a URL and following it is a step toward supporting the Representation State Transfer principle of HATEOAS. For more information, see RESTful Java with JAXRS 2.0, 2nd Edition [http://shop.oreilly.com/product/0636920028925.do] by Bill Burke.

50.2.3. Giving client proxy an ad hoc URI
Client proxies figure out appropriate URIs for targeting resource methods by looking at @Path
annotations in the client side interface, but it is also possible to pass URIs explicitly to the proxy

276

Giving client proxy an ad hoc URI

through the use of the org.jboss.resteasy.annotations.ClientURI annotation. For example,
let TestResource be a client side interface and TestResourceImpl a server resource:

@Path("")
public interface TestResource {
@GET
@Path("dispatch")
public String dispatch(@ClientURI String uri);
}
@Path("")
public static class TestResourceImpl {
@GET
@Path("a")
public String a() {
return "a";
}
@GET
@Path("b")
public String b() {
return "b";
}
}

Calling TestResource.dispatch() allows specifying a specific URI for accessing a resource
method. In the following, let BASE_URL be the address of the TestResourceImpl resource.

private static String BASE_URL = "http://localhost:8081/";
...
public void test() throws Exception
{
ResteasyClient client = new ResteasyClientBuilder().build();
TestResource proxy = client.target(BASE_URL).proxy(TestResource.class);
String name = proxy.dispatch(BASE_URL + "a");
System.out.println("name: " + name);
name = proxy.dispatch(BASE_URL + "b");
System.out.println("name: " + name);
client.close();
}

277

Chapter 50. RESTEasy Client API

Then

passing

"http://localhost:8081/a" and "http://localhost/b" to dispatch()
TestResourceImp.a() and TestResourceImpl.b() respectively, yielding the output

invokes

name: a
name: b

50.2.4. Sharing an interface between client and server
It is generally possible to share an interface between the client and server. In this scenario, you just
have your JAX-RS services implement an annotated interface and then reuse that same interface
to create client proxies to invoke on the client-side.

50.3. Apache HTTP Client 4.x and other backends
Network communication between the client and server is handled by default in RESTEasy. The
interface between the RESTEasy Client Framework and the network is defined by RESTEasy's
ClientHttpEngine interface. RESTEasy ships with multiple implementations of this interface.
The default implementation is ApacheHttpClient43Engine, which uses version 4.3 of the HttpClient from the Apache HttpComponents project. ApacheHttpClient4Engine is an implementation that uses the pre-Apache 4.3 version, to provide backward compatibility. RESTEasy automatically selects one of these two ClientHttpEngine implementations based upon the detection
of the Apache version.
ApacheHttpAsyncClient4Engine, instead, is built on top of HttpAsyncClient (still from the Apache

HttpComponents project) with internally dispatches requests using a non-blocking IO model.
JettyClientEngine is built on top of Eclipse Jetty HTTP engine, which is possibly an interesting

option for those already running on the Jetty server.
Finally, InMemoryClientEngine is an implementation that dispatches requests to a
server in the same JVM and URLConnectionEngine is an implementation that uses
java.net.HttpURLConnection.

Table 50.1.
RESTEasy ClientHttpEngine implementations
ApacheHttpClient43Engine

Uses HttpComponents HttpClient 4.3 api

ApacheHttpClient4Engine

Uses HttpComponents HttpClient pre-4.3 api

ApacheHttpAsyncClient4Engine

Uses HttpComponents HttpAsyncClient

278

Apache HTTP Client 4.x and other backends

RESTEasy ClientHttpEngine implementations
JettyClientEngine

Uses Eclipse Jetty

InMemoryClientEngine

Dispatches requests to a server in the same
JVM

URLConnectionEngine

Uses java.net.HttpURLConnection

The RESTEasy Client Framework can also be customized. The user can provide their own implementations of ClientHttpEngine to the ResteasyClient.

ClientHttpEngine myEngine = new ClientHttpEngine() {
protected SSLContext sslContext;
protected HostnameVerifier hostnameVerifier;

@Override
public ClientResponse invoke(ClientInvocation request) {
// implement your processing code and return a
// org.jboss.resteasy.client.jaxrs.internal.ClientResponse
// object.
}
@Override
public SSLContext getSslContext() {
return sslContext;
}
@Override
public HostnameVerifier getHostnameVerifier() {
return hostnameVerifier;
}
@Override
public void close() {
// do nothing
}
};
ResteasyClient
client
RESTEasyClientBuilder().httpEngine(myEngine).build();

=

new

RESTEasy and HttpClient make reasonable default decisions so that it is possible to use the client framework without ever referencing HttpClient. For
some applications it may be necessary to drill down into the HttpClient de-

279

Chapter 50. RESTEasy Client API

tails. ApacheHttpClient43Engine and ApacheHttpClient4Engine can
with an instance of org.apache.http.client.HttpClient and an

be supplied
instance of

org.apache.http.protocol.HttpContext, which can carry additional configuration details into

the HttpClient layer.
HttpContextProvider is a RESTEasy provided interface through which a custom HttpContext

is supplied to ApacheHttpClient43Engine and ApacheHttpClient4Engine.

package org.jboss.resteasy.client.jaxrs.engines;
import org.apache.http.protocol.HttpContext;
public interface HttpContextProvider {
HttpContext getContext();
}

Here is an example of providing a custom HttpContext

DefaultHttpClient httpClient = new DefaultHttpClient();
ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(httpClient,
new HttpContextProvider() {
@Override
public HttpContext getContext() {
// Configure HttpClient to authenticate preemptively
// by prepopulating the authentication data cache.
// 1. Create AuthCache instance
AuthCache authCache = new BasicAuthCache();
// 2. Generate BASIC scheme object and add it to the local auth cache
BasicScheme basicAuth = new BasicScheme();
authCache.put(getHttpHost(url), basicAuth);
// 3. Add AuthCache to the execution context
BasicHttpContext localContext = new BasicHttpContext();
localContext.setAttribute(ClientContext.AUTH_CACHE, authCache);
return localContext;
}
});

50.3.1. HTTP redirect
The ClientHttpEngine implementations based on Apache HttpClient support HTTP redirection. The feaure is disabled by default and has to be enabled by users explicitly:

280

Apache HTTP Client pre-4.3 APIs

ApacheHttpClient43Engine engine = new ApacheHttpClient43Engine();
engine.setFollowRedirects(true);
Client client = new ResteasyClientBuilder().httpEngine(engine).build();

50.3.2. Apache HTTP Client pre-4.3 APIs
The

Apache

pre-4.3

implementation
uses
org.apache.http.impl.conn.SingleClientConnManager to manage a single socket and allows org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager to replace SingleClientConnManager for multithreaded applications. SingleClientConnManager manages a single socket at any given time and supports the use case in which one or more invocations are
made serially from a single thread.
HttpClient

Here is an example of replacing the SingleClientConnManager with ThreadSafeClientConnManager in ApacheHttpClient4Engine.

ClientConnectionManager cm = new ThreadSafeClientConnManager();
HttpClient httpClient = new DefaultHttpClient(cm);
ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(httpClient);

For more information about HttpClient (4.x), see the documentation at http://hc.apache.org/httpcomponents-client-ga/tutorial/html/ [http://hc.apache.org/httpcomponents-client-ga/tutorial/html/].
Note. It is important to understand the difference between "releasing" a connection and "closing"
a connection. Releasing a connection makes it available for reuse. Closing a connection frees
its resources and makes it unusable.
SingleClientConnManager manages a single socket, which it allocates to at most a single invo-

cation at any given time. Before that socket can be reused, it has to be released from its current
use, which can occur in one of two ways. If an execution of a request or a call on a proxy returns
a class other than Response, then RESTEasy will take care of releasing the connection. For example, in the fragments

WebTarget target = client.target("http://localhost:8081/customer/123");
String answer = target.request().get(String.class);

or

281

Chapter 50. RESTEasy Client API

ResteasyWebTarget target = client.target("http://localhost:8081/customer/123");
RegistryStats stats = target.proxy(RegistryStats.class);
RegistryData data = stats.get();

RESTEasy will release the connection under the covers. The only counterexample is the case in
which the response is an instance of InputStream, which must be closed explicitly.
On the other hand, if the result of an invocation is an instance of Response, then Response.close()
method must be used to released the connection.

WebTarget target = client.target("http://localhost:8081/customer/123");
Response response = target.request().get();
System.out.println(response.getStatus());
response.close();

You should probably execute this in a try/finally block. Again, releasing a connection only makes
it available for another use. It does not normally close the socket.
On the other hand, ApacheHttpClient4Engine.finalize() will close any open sockets, but
only if it created the HttpClient it has been using. If an HttpClient has been passed into the
ApacheHttpClient4Executor, then the user is responsible for closing the connections:

HttpClient httpClient = new DefaultHttpClient();
ApacheHttpClient4Engine executor = new ApacheHttpClient4Engine(httpClient);
...
httpClient.getConnectionManager().shutdown();

Note that if ApacheHttpClient4Engine has created its own instance of HttpClient, it is not
necessary to wait for finalize() to close open sockets. The ClientHttpEngine interface has
a close() method for this purpose.
Finally, if your javax.ws.rs.client.Client class has created the engine automatically for you, you
should call Client.close() and this will clean up any socket connections.

50.3.3. Apache HTTP Client 4.3 APIs
The

Apache

4.3

HttpClient

implementation

uses

org.apache.http.impl.conn.BasicHttpClientConnectionManager to manage a single sock-

282

Asynchronous HTTP Request Processing

et and org.apache.http.impl.conn.PoolingHttpClientConnectionManager to service connection requests from multiple execution threads. RESTEasy's ClientHttpclientBuilder43
and ApacheHttpClient43Engine uses them as well.

50.3.4. Asynchronous HTTP Request Processing
RESTEasy's default async engine implementation class is ApacheHttpAsyncClient4Engine. It can
be set as the active engine by calling method useAsyncHttpEngine in ResteasyClientBuilder.

Client asyncClient = new ResteasyClientBuilder().useAsyncHttpEngine()
.build();
Future future = asyncClient
.target("http://locahost:8080/test").request()
.async().get();
Response res = future.get();
Assert.assertEquals(HttpResponseCodes.SC_OK, res.getStatus());
String entity = res.readEntity(String.class);

50.3.4.1. InvocationCallbacks
InvocationCallbacks are called from within the io-threads and thus must not block or else the application may slow down to a halt. Reading the response is safe because the response is buffered
in memory, as are other async and in-memory client-invocations that submit-calls returning a future not containing Response, InputStream or Reader.

final CountDownLatch latch = new CountDownLatch(1);
Future future = nioClient.target(generateURL("/test")).request()
.async().get(new InvocationCallback()
{
@Override
public void completed(String s)
{
Assert.assertEquals("get", s);
latch.countDown();
throw new RuntimeException("for the test of it");
}
@Override
public void failed(Throwable error)
{
}
});
String entity = future.get();

283

Chapter 50. RESTEasy Client API

Assert.assertEquals("get", entity);

InvocationCallbacks may be called seemingly "after" the future-object returns. Thus, responses
should be handled solely in the InvocationCallback.
InvocationCallbacks will see the same result as the future-object and vice versa. Thus, if the
invocationcallback throws an exception, the future-object will not see it. This is the reason to
handle responses only in the InvocationCallback.

50.3.4.2. Async Engine Usage Considerations
Asynchronous IO means non-blocking IO utilizing few threads, typically at most as many threads
as number of cores. As such, performance may profit from fewer thread switches and less memory
usage due to fewer thread-stacks. But doing synchronous, blocking IO (the invoke-methods not
returning a future) may suffer, because the data has to be transferred piecewise to/from the iothreads.
Request-Entities are fully buffered in memory, thus HttpAsyncClient is unsuitable for very large uploads. Response-Entities are buffered in memory, except if requesting a Response, InputStream
or Reader as Result. Thus for large downloads or COMET, one of these three return types must
be requested, but there may be a performance penalty because the response-body is transferred
piecewise from the io-threads. When using InvocationCallbacks, the response is always fully
buffered in memory.

50.3.5. Jetty Client Engine
As a drop in replacement, RESTEasy allows selecting a Jetty 9.4+ based HTTP engine. The Jetty
implementation is newer and lessl tested, but if may end up being a good choice when relying
on Jetty as server side already. The Jetty Server can even share execution resources with Client
libraries if you configure them to use e.g. the same QueuedThreadPool.
The Jetty engine is enabled by adding a dependency to the org.jboss.resteasy:resteasy-clientjetty artifact to the Maven project; then the client can be built as follows:

ResteasyClient client = new ResteasyClientBuilder().clientEngine(
new JettyClientEngine(new HttpClient())).build();

284

Chapter 51.

Chapter 51. MicroProfile Rest Client
As the microservices style of system architecture (see, for example, Microservices [https://
martinfowler.com/articles/microservices.html] by Martin Fowler) gains increasing traction, new API
standards are coming along to support it. One set of such standards comes from the Microprofile
Project [https://microprofile.io/] supported by the Eclipse Foundation, and among those is one,
MicroProfile Rest Client [https://microprofile.io/project/eclipse/microprofile-rest-client], of particular interest to RESTEasy and JAX-RS. In fact, it is intended to be based on, and consistent with,
JAX-RS, and it includes ideas already implemented in RESTEasy. For a more detailed description of MicroProfile Rest Client, see https://github.com/eclipse/microprofile-rest-client. In particular, the API code is in https://github.com/eclipse/microprofile-rest-client/tree/master/api. and the
specification is in https://github.com/eclipse/microprofile-rest-client/tree/master/spec.

51.1. Client proxies
One of the central ideas in MicroProfile Rest Client is a version of distributed object communication, a concept implemented in, among other places, CORBA [http://www.corba.org/
orb_basics.htm], Java RMI, the JBoss Remoting project, and RESTEasy. Consider the resource

@Path("resource")
public class TestResource {
@Path("test")
@GET
String test() {
return "test";
}
}

The JAX-RS native way of accessing TestResource looks like

Client client = ClientBuilder.newClient();
String
response
=
client.target("http://localhost:8081/
test").request().get(String.class);

The call to TestResource.test() is not particularly onerous, but calling test() directly allows a
more natural syntax. That is exactly what Microprofile Rest Client supports:

@Path("resource")

285

Chapter 51. MicroProfile Rest...

public interface TestResourceIntf {
@Path("test")
@GET
public String test();
}
TestResourceIntf service = MicroprofileClientBuilderResolver.instance()
.newBuilder()
.baseUrl(http://localhost:8081/))
.build(TestResourceIntf.class);
String s = service.test();

The first four lines of executable code are spent creating a proxy, service, that implements
TestResourceIntf, but once that is done, calls on TestResource can be made very naturally in
terms of TestResourceIntf, as illustrated by the call service.test().
Beyond the natural syntax, another advantage of proxies is the way the proxy construction process
quietly gathers useful information from the implemented interface and makes it available for remote invocations. Consider a more elaborate version of TestResourceIntf:

@Path("resource")
public interface TestResourceIntf2 {
@Path("test/{path}")
@Consumes("text/plain")
@Produces("text/html")
@POST
public String test(@PathParam("path") String path, @QueryParam("query") String
query, String entity);
}

Calling service.test("p", "q", "e") results in an HTTP message that looks like

POST /resource/test/p/?query=q HTTP/1.1
Accept: text/html
Content-Type: text/plain
Content-Length: 1
e

286

Client proxies

The HTTP verb is derived from the @POST annotation, the request URI is derived from the two
instances of the @Path annotation (one on the class, one on the method) plus the first and second
parameters of test(), the Accept header is derived from the @Produces annotation, and the
Content-Type header is derived from the @Consumes annotation,
Using the JAX-RS API, service.test("p", "q", "e") would look like the more verbose

Client client = ClientBuilder.newClient();
String response = client.target("http://localhost:8081/resource/test/p")
.queryParam("query", "q")
.request()
.accept("text/html")
.post(Entity.entity("e", "text/plain"), String.class);

One other basic facility offered by MicroProfile Rest Client is the ability to configure the client
environment by registering providers:

TestResourceIntf service = MicroprofileClientBuilderResolver.instance()
.newBuilder()
.baseUrl(http://localhost:8081/))
.register(MyClientResponseFilter.class)
.register(MyMessageBodyReader.class)
.build(TestResourceIntf.class);

Naturally, the registered providers should be relevant to the client environment, rather than, say,
a ContainerResponseFilter.

Note
So far, the MicroProfile Rest Client should look familiar to anyone who has used
the RESTEasy client proxy facility (Section ""RESTEasy Proxy Framework"). The
construction in the previous listing would look like

ResteasyClient
client
=
(ResteasyClient)
ResteasyClientBuilder.newClient();
TestResourceIntf service = client.target("http://localhost:8081/")
.register(MyClientResponseFilter.class)
.register(MyMessageBodyReader.class)
.proxy(TestResourceIntf.class);

287

Chapter 51. MicroProfile Rest...

in RESTEasy.

51.2. Beyond RESTEasy
There are a few concepts in MicroProfile Rest Client that do not appear in RESTEasy.

1. Declarative registration of providers
In addition to programmatic registration of providers as illustrated above, it is
so possible to register providers declaratively with annotations introduced in
croProfile Rest Client. In particular, providers can be registered by adding
org.eclipse.microprofile.rest.client.annotation.RegisterProvider annotation to
target interface:

alMithe
the

@Path("resource")
@RegisterProvider(MyClientResponseFilter.class)
@RegisterProvider(MyMessageBodyReader.class)
public interface TestResourceIntf2 {
@Path("test/{path}")
@Consumes("text/plain")
@Produces("text/html")
@POST
public String test(@PathParam("path") String path, @QueryParam("query") String
query, String entity);
}

Declaring MyClientResponseFilter and MyMessageBodyReader with annotations eliminates the
need to call RestClientBuilder.register().

2. ResponseExceptionMapper
The org.eclipse.microprofile.rest.client.ext.ResponseExceptionMapper is the client
side inverse of the javax.ws.rs.ext.ExceptionMapper defined in JAX-RS. That is, where
ExceptionMapper.toResponse() turns an Exception thrown during server side processing into a Response, ResponseExceptionMapper.toThrowable() turns a Response received on the
client side with an HTTP error status into an Exception. ResponseExceptionMappers can be
registered in the same manner as other providers, that is, either programmatically or declaratively.
In the absence of a registered ResponseExceptionMapper, a default ResponseExceptionMapper
will map any response with status >= 400 to a WebApplicationException.

288

Proxy injection by CDI

3. Proxy injection by CDI
MicroProfile Rest Client mandates that implementations must support CDI injection of proxies.
At first, the concept might seem odd in that CDI is more commonly available on the server side.
However, the idea is very consistent with the microservices philosophy. If an application is composed of a number of small services, then it is to be expected that services will often act as clients
to other services.
CDI (Contexts and Dependency Injection) is a fairly rich subject and beyond the scope
of this Guide. For more information, see JSR 365: Contexts and Dependency Injection for
JavaTM 2.0 [https://www.jcp.org/en/jsr/detail?id=365] (the specification), Java EE 7 Tutorial
[https://docs.oracle.com/javaee/7/tutorial/cdi-basic.htm], or WELD - CDI Reference Implementation [https://docs.jboss.org/weld/reference/latest-master/en-US/html/].
The fundamental thing to know about CDI injection is that annotating a variable with
javax.inject.Inject will lead the CDI runtime (if it is present and enabled) to create an object
of the appropriate type and assign it to the variable. For example, in

public interface Book {
public String getTitle();
public void setTitle(String title);
}
public class BookImpl implements Book {
private String title;
@Override
public String getTitle() {
return title;
}
@Override
public void setTitle(String title) {
this.title = title;
}
}
public class Author {
@Inject private Book book;
public Book getBook() {
return book;
}

289

Chapter 51. MicroProfile Rest...

}

The CDI runtime will create an instance of BookImpl and assign it to the private field book when
an instance of Author is created;
In this example, the injection is done because BookImpl is assignable to book, but greater discrimination can be imposed by annotating the interface and the field with qualifier annotations.
For the injection to be legal, every qualifier on the field must be present on the injected interface.
For example:

@Qualifier
@Target({ElementType.TYPE, ElementType.METHOD,
ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
public @interface Text {}
@Qualifier
@Target({ElementType.TYPE, ElementType.METHOD,
ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
public @interface Graphic {}

ElementType.PARAMETER,

ElementType.PARAMETER,

@Text
public class TextBookImpl extends BookImpl { }
@Graphic
public class GraphicNovelImpl extends BookImpl { }
public class Genius {
@Inject @Graphic Book book;
}

Here, the class TextBookImpl is annotated with the @Text qualifier and GraphicNovelImpl is
annotated with @Graphic. It follows that an instance of GraphicNovelImpl is eligible for assignment to the field book in the Genius class, but an instance of TextBookImpl is not.
Now, in MicroProfile Rest Client, any interface that is to be managed as a CDI bean must be
annotated with @RegisterRestClient:

@Path("resource")
@RegisterProvider(MyClientResponseFilter.class)

290

Proxy injection by CDI

public static class TestResourceImpl {
@Inject TestDataBase db;
@Path("test/{path}")
@Consumes("text/plain")
@Produces("text/html")
@POST
public String test(@PathParam("path") String path, @QueryParam("query")
String query, String entity) {
return db.getByName(query);
}
}
@Path("database")
@RegisterRestClient
public interface TestDataBase {
@Path("")
@POST
public String getByName(String name);
}

Here, the MicroProfile Rest Client implementation creates a proxy for a TestDataBase service,
allowing easy access by TestResourceImpl. Notice, though, that there's no indication of where
the TestDataBase implementation lives. That information can be supplied externally with the system variable

/mp-rest/url=

For example,

com.bluemonkeydiamond.TestDatabase/mp-rest/url=https://localhost:8080/webapp

indicates that an implementation of com.bluemonkeydiamond.TestDatabase can be accessed
at https://localhost:8080/webapp.

291

292

Chapter 52.

Chapter 52. AJAX Client
RESTEasy resources can be accessed in JavaScript using AJAX using a proxy API generated
by RESTEasy.

52.1. Generated JavaScript API
RESTEasy can generate a JavaScript API that uses AJAX calls to invoke JAX-RS operations.

Example 52.1. First JAX-RS JavaScript API example
Let's take a simple JAX-RS API:

@Path("orders")
public interface Orders {
@Path("{id}")
@GET
public String getOrder(@PathParam("id") String id){
return "Hello "+id;
}
}

The preceding API would be accessible using the following JavaScript code:

var order = Orders.getOrder({id: 23});

52.1.1. JavaScript API servlet
In order to enable the JavaScript API servlet you must configure it in your web.xml file as such:


RESTEasy JSAPI
org.jboss.resteasy.jsapi.JSAPIServlet


RESTEasy JSAPI
/rest-js


293

Chapter 52. AJAX Client

52.1.2. JavaScript API usage
Each JAX-RS resource class will generate a JavaScript object of the same name as the declaring
class (or interface), which will contain every JAX-RS method as properties.

Example 52.2. Structure of JAX-RS generated JavaScript
For example, if the JAX-RS resource X defines methods Y and Z:

@Path("/")
public interface X{
@GET
public String Y();
@PUT
public void Z(String entity);
}

Then the JavaScript API will define the following functions:

var X = {
Y : function(params){…},
Z : function(params){…}
};

Each JavaScript API method takes an optional object as single parameter where each property
is a cookie, header, path, query or form parameter as identified by their name, or the following
special parameters:

Warning
The following special parameter names are subject to change.

Table 52.1. API parameter properties
Property name
$entity

Default

Description
The entity to send as a PUT,
POST request.

$contentType

As determined by @Con- The MIME type of the body ensumes.
tity sent as the Content-Type
header.

$accepts

Determined by @Provides, The accepted MIME types
defaults to */*.
sent as the Accept header.

294

JavaScript API usage

Property name

Default

$callback

Description
Set to a function(httpCode,
xmlHttpRequest, value) for
an asynchronous call. If not
present, the call will be synchronous and return the value.

$apiURL

Determined by container

$username

Set to the base URI of your
JAX-RS endpoint, not including the last slash.
If username and password are
set, they will be used for credentials for the request.

$password

If username and password are
set, they will be used for credentials for the request.

Example 52.3. Using the API
Here is an example of JAX-RS API:

@Path("foo")
public class Foo{
@Path("{id}")
@GET
public String get(@QueryParam("order") String order, @HeaderParam("XFoo") String header,
@MatrixParam("colour") String colour, @CookieParam("FooCookie") String cookie){
&
}
@POST
public void post(String text){
}
}

We can use the previous JAX-RS API in JavaScript using the following code:

var text = Foo.get({order: 'desc', 'X-Foo': 'hello',
colour: 'blue', 'Foo-Cookie': 123987235444});
Foo.put({$entity: text});

295

Chapter 52. AJAX Client

52.1.3. Work with @Form
@Form is a RESTEasy specific annotation that allows you to re-use any @*Param annotation
within an injected class. The generated JavaScript API will expand the parameters for use automatically. Support we have the following form:

public class MyForm {
@FormParam("stuff")
private String stuff;
@FormParam("number")
private int number;
@HeaderParam("myHeader")
private String header;
}

And the resource is like:

@Path("/")
public class MyResource {
@POST
public String postForm(@Form MyForm myForm) {...}
}

Then we could call the method from JavaScript API like following:

MyResource.postForm({stuff:"A", myHeader:"B", number:1});

Also, @Form supports prefix mappings for lists and maps:

public static class Person {
@Form(prefix="telephoneNumbers") List telephoneNumbers;
@Form(prefix="address") Map addresses;
}
public static class TelephoneNumber {
@FormParam("countryCode") private String countryCode;
@FormParam("number") private String number;
}

296

MIME types and unmarshalling.

public static class Address {
@FormParam("street") private String street;
@FormParam("houseNumber") private String houseNumber;
}
@Path("person")
public static class MyResource {
@POST
public void postForm(@Form Person p) {...}
}

From JavaScript we could call the API like this:

MyResource.postForm({
telephoneNumbers:[
{"telephoneNumbers[0].countryCode":31},
{"telephoneNumbers[0].number":12345678},
{"telephoneNumbers[1].countryCode":91},
{"telephoneNumbers[1].number":9717738723}
],
address:[
{"address[INVOICE].street":"Main Street"},
{"address[INVOICE].houseNumber":2},
{"address[SHIPPING].street":"Square One"},
{"address[SHIPPING].houseNumber":13}
]
});

52.1.4. MIME types and unmarshalling.
The Accept header sent by any client JavaScript function is controlled by the $accepts parameter,
which overrides the @Produces annotation on the JAX-RS endpoint. The returned value however
is controlled by the Content-Type header sent in the response as follows:

Table 52.2. Return values by MIME type
MIME

Description

text/xml,application/xml,application/*+xml

The response entity is parsed as XML before
being returned. The return value is thus a DOM
Document.

application/json

The response entity is parsed as JSON before being returned. The return value is thus a
JavaScript Object.

Anything else

The response entity is returned raw.

297

Chapter 52. AJAX Client

Example 52.4. Unmarshalling example
The RESTEasy JavaScript client API can automatically unmarshall JSON and XML:

@Path("orders")
public interface Orders {
@XmlRootElement
public static class Order {
@XmlElement
private String id;
public Order(){}
public Order(String id){
this.id = id;
}
}
@Path("{id}/xml")
@GET
@Produces("application/xml")
public Order getOrderXML(@PathParam("id") String id){
return new Order(id);
}
@Path("{id}/json")
@GET
@Produces("application/json")
public Order getOrderJSON(@PathParam("id") String id){
return new Order(id);
}
}

Let us look at what the preceding JAX-RS API would give us on the client side:

//

this returns a JSON objectvar orderJSON = Orders.getOrderJSON({id:
"23"});orderJSON.id
==
"23";//
this
one
returns
a
DOM
Document
whose
root
element
is
the
order,
with
one
child
(id)//
whose
child is the text node valuevar orderXML = Orders.getOrderXML({id:
"23"});orderXML.documentElement.childNodes[0].childNodes[0].nodeValue == "23";
objectvar orderJSON = Orders.getOrderJSON({id:
"23"});orderJSON.id ==
"23";// this one returns a DOM Document whose root element is the order, with
one child
(id)// whose child is the text node

298

MIME types and marshalling.

valuevar orderXML = Orders.getOrderXML({id:
"23"});orderXML.documentElement.childNodes[0].childNodes[0].nodeValue ==

52.1.5. MIME types and marshalling.
The Content-Type header sent in the request is controlled by the $contentType parameter which
overrides the @Consumes annotation on the JAX-RS endpoint. The value passed as entity body
using the $entity parameter is marshalled according to both its type and content type:

Table 52.3. Controlling sent entities
Type

MIME

Description

DOM Element

Empty or text/xml,application/ The DOM Element is marxml,application/*+xml
shalled to XML before being
sent.

JavaScript Object (JSON)

Empty or application/json

The JSON object is marshalled to a JSON string before being sent.

Anything else

Anything else

The entity is sent as is.

Example 52.5. Marshalling example
The RESTEasy JavaScript client API can automatically marshall JSON and XML:

@Path("orders")
public interface Orders {
@XmlRootElement
public static class Order {
@XmlElement
private String id;
public Order(){}
public Order(String id){
this.id = id;
}
}
@Path("{id}/xml")
@PUT
@Consumes("application/xml")
public void putOrderXML(Order order){
// store order
}

299

Chapter 52. AJAX Client

@Path("{id}/json")
@PUT
@Consumes("application/json")
public void putOrderJSON(Order order){
// store order
}
}

Let us look at what the preceding JAX-RS API would give us on the client side:

// this saves a JSON objectOrders.putOrderJSON({$entity: {id: "23"}});// It is
a bit more work with XMLvar order = document.createElement("order");var id =
order});
jectOrders.putOrderJSON({$entity: {id:
"23"}});// It is a bit more work with
XMLvar order =
document.createElement("order");var id =
document.createElement("id");
order.appendChild(id);
id.appendChild(document.createTextNode("23"));Orders.putOrderXML({$entity:

52.2. Using the JavaScript API to build AJAX queries
The RESTEasy JavaScript API can also be used to manually construct your requests.

52.2.1. The REST object
The REST object contains the following read-write properties:

Table 52.4. The REST object
Property

Description

apiURL

Set by default to the JAX-RS root URL, used
by every JavaScript client API functions when
constructing the requests.

log

Set to a function(string) in order to receive
RESTEasy client API logs. This is useful if you
want to debug your client API and place the
logs where you can see them.

Example 52.6. Using the REST object
The REST object can be used to override RESTEasy JavaScript API client behaviour:

300

The REST.Request class

// Change the base URL used by the API:
REST.apiURL = "http://api.service.com";
// log everything in a div element
REST.log = function(text){
jQuery("#log-div").append(text);
};

52.2.2. The REST.Request class
The REST.Request class is used to build custom requests. It has the following members:

Table 52.5. The REST.Request class
Member

Description

execute(callback)

Executes the request with all the information
set in the current object. The value is never
returned but passed to the optional argument
callback.

setAccepts(acceptHeader)

Sets the Accept request header. Defaults to */*.

setCredentials(username, password)

Sets the request credentials.

setEntity(entity)

Sets the request entity.

setContentType(contentTypeHeader)

Sets the Content-Type request header.

setURI(uri)

Sets the request URI. This should be an absolute URI.

setMethod(method)

Sets the request method. Defaults to GET.

setAsync(async)

Controls whether the request should be asynchronous. Defaults to true.

addCookie(name, value)

Sets the given cookie in the current document
when executing the request. Beware that this
will be persistent in your browser.

addQueryParameter(name, value)

Adds a query parameter to the URI query part.

addMatrixParameter(name, value)

Adds a matrix parameter (path parameter) to
the last path segment of the request URI.

addHeader(name, value)

Adds a request header.

Example 52.7. Using the REST.Request class
The REST.Request class can be used to build custom requests:

var r = new REST.Request();

301

Chapter 52. AJAX Client

r.setURI("http://api.service.com/orders/23/json");
r.setMethod("PUT");
r.setContentType("application/json");
r.setEntity({id: "23"});
r.addMatrixParameter("JSESSIONID", "12309812378123");
r.execute(function(status, request, entity){
log("Response is "+status);
});

52.3. Caching Features
RESTEasy AJAX Client works well with server side caching features. But the buggy browsers
cache will always prevent the function to work properly. If you'd like to use RESTEasy's caching
feature with its AJAX client, you can enable 'antiBrowserCache' option:

REST.antiBrowserCache = true;

The above setting should be set once before you call any APIs.

302

Chapter 53.

Chapter 53. RESTEasy WADL
Support
RESTEasy has its own support to generate WADL for its resources, and it supports several different containers. The following text will show you how to use this feature in different containers.

53.1. RESTEasy WADL Support for Servlet Container
RESTEasy WADL uses ResteasyWadlServlet to support servlet container. It can be registered into
web.xml to enable WADL feature. Here is an example to show the usages of ResteasyWadlServlet
in web.xml:


RESTEasy WADL
org.jboss.resteasy.wadl.ResteasyWadlServlet


RESTEasy WADL
/application.xml


The preceding configuration in web.xml shows how to enable ResteasyWadlServlet and mapped
it to /application.xml. And then the WADL can be accessed from the configured URL:

/application.xml

53.2. RESTEasy WADL support for Sun JDK HTTP Server
RESTEasy has provided a ResteasyWadlDefaultResource to generate WADL info for its embedded containers. Here is and example to show how to use it with RESTEasy's Sun JDK HTTP
Server container:

com.sun.net.httpserver.HttpServer
httpServer
com.sun.net.httpserver.HttpServer.create(new
contextBuilder

=
InetSocketAddress(port),

=

303

Chapter 53. RESTEasy WADL Support

.put("/",

ResteasyWadlGenerator

.generateServiceRegistry(contextBuilder.getDeployment()));httpServer.start();
= com.sun.net.httpserver.HttpServer.create(new InetSocketAddress(port),
10);org.jboss.resteasy.plugins.server.sun.http.HttpContextBuilder contextBuilder =
new
org.jboss.resteasy.plugins.server.sun.http.HttpContextBuilder();
contextBuilder.getDeployment().getActualResourceClasses()
.add(ResteasyWadlDefaultResource.class);
contextBuilder.bind(httpServer);
ResteasyWadlDefaultResource.getServices()
.put("/",
ResteasyWadlGenerator
.generateServiceRegistry(contextBuilder.getDeployment()));

From the above code example, we can see how ResteasyWadlDefaultResource is registered into
deployment:

contextBuilder.getDeployment().getActualResourceClasses()
.add(ResteasyWadlDefaultResource.class);

Another important thing is to use ResteasyWadlGenerator to generate the WADL info for the
resources in deployment at last:

ResteasyWadlDefaultResource.getServices()
.put("/",
ResteasyWadlGenerator
.generateServiceRegistry(contextBuilder.getDeployment()));

After the above configuration is set, then users can access "/application.xml" to fetch the WADL
info, because ResteasyWadlDefaultResource has @PATH set to "/application.xml" as default:

@Path("/application.xml")
public class ResteasyWadlDefaultResource

304

RESTEasy WADL support for Netty Container

53.3. RESTEasy WADL support for Netty Container
RESTEasy WADL support for Netty Container is simliar to the support for JDK HTTP Server. It
also uses ResteasyWadlDefaultResource to serve '/application.xml' and ResteasyWadlGenerator
to generate WADL info for resources. Here is the sample code:

ResteasyDeployment

deployment

=

new

ResteasyDeployment();netty

.addPerRequestResource(ResteasyWadlDefaultResource.class);
ResteasyWadlDefaultResource.getServices()
ResteasyWadlGenerator.generateServiceRegistry(deployment));

=

new

.put("/",

= new ResteasyDeploy
ment();
netty
=

new
NettyJaxrsServer();netty.setDeployment(deployment);netty.setPort(port);netty.setRootResourcePa

Please note for all the embedded containers like JDK HTTP Server and Netty Container, if the resources in the deployment changes at runtime, the
ResteasyWadlGenerator.generateServiceRegistry() need to be re-run to refresh the WADL info.

53.4. RESTEasy WADL Support for Undertow Container
The RESTEasy Undertow Container is a embedded Servlet Container, and RESTEasy WADL
provides a connector to it. To use RESTEasy Undertow Container together with WADL support,
you need to add these three components into your maven dependencies:


org.jboss.resteasy
resteasy-wadl
${project.version}


org.jboss.resteasy
resteasy-wadl-undertow-connector
${project.version}


305

Chapter 53. RESTEasy WADL Support


org.jboss.resteasy
resteasy-undertow
${project.version}


The resteasy-wadl-undertow-connector provides a WadlUndertowConnector to help you to use
WADL in RESTEasy Undertow Container. Here is the code example:

UndertowJaxrsServer server = new UndertowJaxrsServer().start();
WadlUndertowConnector connector = new WadlUndertowConnector();
connector.deployToServer(server, MyApp.class);

The MyApp class shown in above code is a standard JAX-RS 2.0 Application class in your project:

@ApplicationPath("/base")
public static class MyApp extends Application {
@Override
public Set> getClasses() {
HashSet> classes = new HashSet>();
classes.add(YourResource.class);
return classes;
}
}

After the Application is deployed to the UndertowJaxrsServer via WadlUndertowConnector, you
can access the WADL info at "/application.xml" prefixed by the @ApplicationPath in your Application class. If you want to override the @ApplicationPath, you can use the other method in WadlUndertowConnector:

public UndertowJaxrsServer deployToServer(UndertowJaxrsServer server, Class application, String contextPath)

The "deployToServer" method shown above accepts a "contextPath" parameter, which you can
use to override the @ApplicationPath value in the Application class.

306

Chapter 54.

Chapter 54. Validation
RESTEasy provides the support for validation mandated by the JAX-RS: Java API for RESTful
Web Services 2.0 [http://www.jcp.org/en/jsr/detail?id=339], given the presence of an implementation of the Bean Validation specification 1.1 [http://beanvalidation.org/1.1/spec/] such as Hibernate Validator 5.x [http://www.hibernate.org/subprojects/validator.html].
Validation provides a declarative way of imposing constraints on fields and properties of beans,
bean classes, and the parameters and return values of bean methods. For example, in

@Path("all")
@TestClassConstraint(5)
public class TestResource
{
@Size(min=2, max=4)
@PathParam("s")
String s;
private String t;
@Size(min=3)
public String getT()
{
return t;
}
@PathParam("t")
public void setT(String t)
{
this.t = t;
}
@POST
@Path("{s}/{t}/{u}")
@Pattern(regexp="[a-c]+")
public String post(@PathParam("u") String u)
{
return u;
}
}

the field s is constrained by the Bean Validation built-in annotation @Size to have between 2 and
4 characters, the property t is constrained to have at least 3 characters, and the TestResource
object is constrained by the application defined annotation @TestClassConstraint to have the
combined lengths of s and t less than 5:

307

Chapter 54. Validation

@Constraint(validatedBy = TestClassValidator.class)
@Target({TYPE})
@Retention(RUNTIME)
public @interface TestClassConstraint
{
String message() default "Concatenation of s and t must have length > {value}";
Class[] groups() default {};
Class[] payload() default {};
int value();
}
public
class
TestClassValidator
ConstraintValidator
{
int length;

implements

public void initialize(TestClassConstraint constraintAnnotation)
{
length = constraintAnnotation.value();
}
public boolean isValid(TestResource value, ConstraintValidatorContext context)
{
boolean b = value.retrieveS().length() + value.getT().length() < length;
}
}

See the links above for more about how to create validation annotations.
Also, the method parameter u is constrained to have no more than 5 characters, and the return
value of method post is constrained by the built-in annotation @Pattern to match the regular
expression "[a-c]+".
The sequence of validation constraint testing is as follows:

1. Create the resource and validate field, property, and class constraints.
2. Validate the resource method parameters.
3. If no violations have been detected, call the resource method and validate the return value

54.1. Violation reporting
If a validation
finitions or a

308

problem occurs, either a problem
constraint violation, RESTEasy will

with
set

the
the

validation dereturn header

Violation reporting

org.jboss.resteasy.api.validation.Validation.VALIDATION_HEADER ("validation-excep-

tion") to "true".
If RESTEasy detects a structural validation problem, such as a validation annotation with a missing validator class, it will return a String representation of a
javax.validation.ValidationException. For example

javax.validation.ValidationException: HV000028: Unexpected exception during
isValid
call.[org.jboss.resteasy.test.validation.TestValidationExceptions
$OtherValidationException]

If any constraint violations are detected, RESTEasy will return a report in one of a
variety of formats. If one of "application/xml" or "application/json" occur in the "Accept" request header, RESTEasy will return an appropriately marshalled instance of
org.jboss.resteasy.api.validation.ViolationReport:

@XmlRootElement(name="violationReport")
@XmlAccessorType(XmlAccessType.FIELD)
public class ViolationReport
{
...
public ArrayList getFieldViolations()
{
return fieldViolations;
}
public ArrayList getPropertyViolations()
{
return propertyViolations;
}
public ArrayList getClassViolations()
{
return classViolations;
}
public ArrayList getParameterViolations()
{
return parameterViolations;
}
public ArrayList getReturnValueViolations()
{

309

Chapter 54. Validation

return returnValueViolations;
}
...
}

where org.jboss.resteasy.api.validation.ResteasyConstraintViolation is defined:

@XmlRootElement(name="resteasyConstraintViolation")
@XmlAccessorType(XmlAccessType.FIELD)
public class ResteasyConstraintViolation implements Serializable
{
...
/**
* @return type of constraint
*/
public ConstraintType.Type getConstraintType()
{
return constraintType;
}
/**
* @return description of element violating constraint
*/
public String getPath()
{
return path;
}
/**
* @return description of constraint violation
*/
public String getMessage()
{
return message;
}
/**
* @return object in violation of constraint
*/
public String getValue()
{
return value;
}

310

Violation reporting

/**
* @return String representation of violation
*/
public String toString()
{
return "[" + type() + "]\r[" + path + "]\r[" + message + "]\r[" + value
+ "]\r";
}
/**
* @return String form of violation type
*/
public String type()
{
return constraintType.toString();
}
}

and org.jboss.resteasy.api.validation.ConstraintType is the enumeration

public class ConstraintType
{
public enum Type {CLASS, FIELD, PROPERTY, PARAMETER, RETURN_VALUE};
}

If both "application/xml" or "application/json" occur in the "Accept" request header, the media type
is chosen according to the ranking given by implicit or explicit "q" parameter values. In the case
of a tie, the returned media type is indeterminate.
If neither "application/xml" or "application/json" occur in the "Accept" request header, RESTEasy
returns a report with a String representation of each ResteasyConstraintViolation, where each
field is delimited by '[' and ']', followed by a '\r', with a final '\r' at the end. For example,

[FIELD]
[s]
[size must be between 2 and 4]
[a]
[PROPERTY]
[t]
[size must be between 3 and 5]
[z]
[CLASS]

311

Chapter 54. Validation

[]
[Concatenation of s and t must have length > 5]
[org.jboss.resteasy.validation.TestResource@68467a6f]
[PARAMETER]
[test.]
[Parameters must total <= 7]
[[5, 7]]
[RETURN_VALUE]
[g.]
[size must be between 2 and 4]
[abcde]

where the four fields are

1. type of constraint
2. path to violating element (e.g., field name, class name, method name and parameter name)
3. message
4. violating element
The ViolationReport can be reconsititued from the String as follows:

ResteasyClient client = new ResteasyClientBuilder().build();
Invocation.Builder request = client.target(...).request();
Response response = request.get();
if
(Boolean.valueOf(response.getHeaders().getFirst(Validation.VALIDATION_HEADER)))
{
String s = response.getEntity(String.class);
ViolationReport report = new ViolationReport(s);
}

If the path field is considered to be too much server side information, it can be surpressed by
setting the context parameter "resteasy.validation.suppress.path" to "true". In that case, "*" will
be returned in the path fields.

54.2. Validation Service Providers
The form of validation mandated by the JAX-RS 2.0 specification, based on Bean Validation 1.1,
is supported by the RESTEasy module resteasy-validator-provider-11, which produces the artifact resteasy-validator-provider-11-.jar. Validation is turned on by default (assuming

312

Validation Service Providers

resteasy-validator-provider-11-.jar is available), though parameter and return value validation can be turned off or modified in the validation.xml configuration file. See the Hibernate
Validator [http://docs.jboss.org/hibernate/validator/5.0/reference/en-US/html/] documentation for
the details. WildFly 8+ ships with Hibernate Validator 5.x.
RESTEasy
obtains
a
bean
validation
implemenation
by
looking
in
the
available META-INF/services/javax.ws.rs.Providers files for an implementation of
ContextResolver, where org.jboss.resteasy.spi.GeneralValidator
is

public interface GeneralValidator
{
/**
* Validates all constraints on {@code object}.
*
* @param object object to validate
* @param groups the group or list of groups targeted for validation (defaults to
*
{@link Default})
* @return constraint violations or an empty set if none
* @throws IllegalArgumentException if object is {@code null}
*
or if {@code null} is passed to the varargs groups
* @throws ValidationException if a non recoverable error happens
*
during the validation process
*/
public abstract void validate(HttpRequest request, Object object, Class... groups);
/**
* Validates all constraints placed on the parameters of the given method.
*
* @param  the type hosting the method to validate
* @param object the object on which the method to validate is invoked
* @param method the method for which the parameter constraints is validated
* @param parameterValues the values provided by the caller for the given
method's
*
parameters
* @param groups the group or list of groups targeted for validation (defaults to
*
{@link Default})
* @return a set with the constraint violations caused by this validation;
*
will be empty if no error occurs, but never {@code null}
* @throws IllegalArgumentException if {@code null} is passed for any of
the parameters
*
or if parameters don't match with each other
* @throws ValidationException if a non recoverable error happens during the
*
validation process
*/
public abstract void validateAllParameters(HttpRequest request, Object object,
Method method, Object[] parameterValues, Class... groups);

313

Chapter 54. Validation

/**
* Validates all return value constraints of the given method.
*
* @param  the type hosting the method to validate
* @param object the object on which the method to validate is invoked
* @param method the method for which the return value constraints is validated
* @param returnValue the value returned by the given method
* @param groups the group or list of groups targeted for validation (defaults to
*
{@link Default})
* @return a set with the constraint violations caused by this validation;
*
will be empty if no error occurs, but never {@code null}
* @throws IllegalArgumentException if {@code null} is passed for any of
the object,
*
method or groups parameters or if parameters don't match with
each other
* @throws ValidationException if a non recoverable error happens during the
*
validation process
*/
public abstract void validateReturnValue(
HttpRequest request, Object object, Method method, Object returnValue,
Class... groups);
/**
* Indicates if
*
* @param clazz
* @return true
*/
public abstract

validation is turned on for a class.
Class to be examined
if and only if validation is turned on for clazz
boolean isValidatable(Class clazz);

/**
* Indicates if validation is turned on for a method.
*
* @param method method to be examined
* @return true if and only if validation is turned on for method
*/
public abstract boolean isMethodValidatable(Method method);
void checkViolations(HttpRequest request);
}

The methods and the javadoc are adapted from the Bean Validation 1.1 classes
javax.validation.Validator and javax.validation.executable.ExecutableValidator.
RESTEasy
tation
of

314

module

resteasy-validator-provider-11
supplies
an
implemenGeneralValidator.
An
alternative
implementation
may

Validation Service Providers

be

supplied

by

implementing

ContextResolver

and

org.jboss.resteasy.spi.validation.GeneralValidator.

A validator intended to function in the presence of CDI must also implement the subinterface

public interface GeneralValidatorCDI extends GeneralValidator
{
/**
* Indicates if validation is turned on for a class.
*
* This method should be called from the resteasy-jaxrs module. It should
* test if injectorFactor is an instance of CdiInjectorFactory, which indicates
* that CDI is active. If so, it should return false. Otherwise, it should
* return the same value returned by GeneralValidator.isValidatable().
*
* @param clazz Class to be examined
* @param injectorFactory the InjectorFactory used for clazz
* @return true if and only if validation is turned on for clazz
*/
public boolean isValidatable(Class clazz, InjectorFactory injectorFactory);
/**
* Indicates if validation is turned on for a class.
* This method should be called only from the resteasy-cdi module.
*
* @param clazz Class to be examined
* @return true if and only if validation is turned on for clazz
*/
public abstract boolean isValidatableFromCDI(Class clazz);
/**
* Throws a ResteasyViolationException if any validation violations have
been detected.
* The method should be called only from the resteasy-cdi module.
* @param request
*/
public void checkViolationsfromCDI(HttpRequest request);
/**
* Throws a ResteasyViolationException if either a ConstraintViolationException
or a
* ResteasyConstraintViolationException is embedded in the cause hierarchy
of e.
*
* @param request
* @param e
*/

315

Chapter 54. Validation

public void checkForConstraintViolations(HttpRequest request, Exception e);
}

The validator in resteasy-validator-provider-11 implements GeneralValidatorCDI.

316

Chapter 55.

Chapter 55. Internationalization and
Localization
With the help of the JBoss Logging project, all log and exception messages in RESTEasy
are internationalized. That is, they have a default value in English which can be overridden
in any given locale by a file which gives translated values. For more information about internationalization and localization in Java, see, for example, http://docs.oracle.com/javase/tutorial/i18n. For more about JBoss Logging, see https://access.redhat.com/documentation/en-US/
JBoss_Enterprise_Application_Platform/6/html/Development_Guide/ [https://access.redhat.com/
documentation/en-US/JBoss_Enterprise_Application_Platform/6/html/Development_Guide/],
Chapters 4 and 5.

55.1. Internationalization
Each module in RESTEasy that produces any text in the form of logging messages or exception messages has an interface named org.jboss.resteasy...i18n.Messages which contains
the default messages. Those modules which do any logging also have an interface named
org.jboss.resteasy...i18n.LogMessages which gives access to an underlying logger. With the exception of the resteasy-jaxrs module, all messages are in the Messages class. resteasy-jaxrs has
exception messages in the Messages class and log messages in the LogMessages class.
Each message is prefixed by the project code "RESTEASY" followed by an ID which is unique to
RESTEasy. These IDs belong to the following ranges:

Table 55.1.
Range

Module

2000-2999

resteasy-jaxrs log messages

3000-4499

resteasy-jaxrs exception messages

4500-4999

resteasy-client

5000-5499

providers/resteasy-atom

5500-5999

providers/fastinfoset

6000-6499

providers/resteasy-html

6500-6999

providers/jaxb

7000-7499

providers/jettison

7500-7999

providers/multipart

8000-8499

providers/resteasy-hibernatevalidator-provider

8500-8999

providers/resteasy-validator-provider-11

9000-9499

providers/yaml

317

Chapter 55. Internationalizat...

Range

Module

9500-9999

async-http-servlet-3.0

10000-10499

resteasy-cache-core

10500-10999

resteasy-cdi

11000-11499

resteasy-guice

11500-11999

resteasy-jsapi

12000-12499

resteasy-links

12500-12999

resteasy-servlet-initializer

13000-13499

resteasy-spring

13500-13999

security/resteasy-crypto

14000-14499

security/jose-jwt

14500-14999

security/keystone/keystone-as7

15000-15499

security/keystone/keystone-core

15500-15999

security/resteasy-oauth

16000-16499

security/skeleton-key-idm/skeleton-key-as7

16500-16999

security/skeleton-key-idm/skeleton-key-core

17000-17499

security/skeleton-key-idm/skeleton-key-idp

17500-17999

server-adapters/resteasy-jdk-http

18000-18499

server-adapters/resteasy-netty

18500-18999

server-adapters/resteasy-netty4

For example, the jaxb provider contains the interface
org.jboss.resteasy.plugins.providers.jaxb.i18.Messages

which looks like

@MessageBundle(projectCode = "RESTEASY")
public interface Messages
{
Messages MESSAGES = org.jboss.logging.Messages.getBundle(Messages.class);
int BASE = 6500;
@Message(id = BASE + 00, value = "Collection wrapping failed, expected root
element name of {0} got {1}", format=Format.MESSAGE_FORMAT)
String collectionWrappingFailedLocalPart(String element, String localPart);
@Message(id = BASE + 05, value = "Collection wrapping failed, expect namespace
of {0} got {1}", format=Format.MESSAGE_FORMAT)
String collectionWrappingFailedNamespace(String namespace, String uri);
...

318

Localization

The value of a message is retrieved by referencing a method and passing the appropriate parameters. For example,

throw

new

ele.getName().getLocalPart()));

55.2. Localization
When RESTEasy is built with the "i18n" profile, a template properties file containing the default
messages is created in a subdirectory of target/generated-translation-files. In the jaxb provider,
for example, the
goes in the
directory, and the first few lines are

# Id: 6500
# Message: Collection wrapping failed, expected root element name of {0} got {1}
# @param 1: element # @param 2: localPart collectionWrappingFailedLocalPart=Collection wrapping failed, expected root
element name of {0} got {1}
# Id: 6505
# Message: Collection wrapping failed, expect namespace of {0} got {1}
# @param 1: namespace # @param 2: uri collectionWrappingFailedNamespace=Collection wrapping failed, expect namespace
of {0} got {1}

To provide the translation of the messages for a particular locale, the file should be renamed,
replacing "locale", "COUNTRY", and "VARIANT" as appropriate (possibly omitting the latter two),
and copied to the src/main/resources directory. In the jaxb provider, it would go in
For testing purposes, each module containing a Messages interface has two sample properties
files, for the locale "en" and the imaginary locale "xx", in the src/test/resources directory. They are
copied to src/main/resources when the module is built and deleted when it is cleaned.
The Messages.i18n_xx.properties file in the jaxb provider, for example, looks like

319

Chapter 55. Internationalizat...

# Id: 6500
# Message: Collection wrapping failed, expected root element name of {0} got {1}
# @param 1: element # @param 2: localPart collectionWrappingFailedLocalPart=Collection wrapping failed, expected root
element name of {0} got {1}
# Id: 6505
# Message: Collection wrapping failed, expect namespace of {0} got {1}
# @param 1: namespace # @param 2: uri collectionWrappingFailedNamespace=aaa {0} bbb {1} ccc
...

Note that the value of collectionWrappingFailedNamespace is modified.

320

Chapter 56.

Chapter 56. Maven and RESTEasy
JBoss's Maven Repository is at: http://repository.jboss.org/nexus/content/groups/public/
Here's the pom.xml fragment to use. RESTEasy is modularized into various components. Mix and
max as you see fit. Please replace 3.6.2.Final with the current RESTEasy version you want to use.



jboss
http://repository.jboss.org/nexus/content/groups/public/





org.jboss.resteasy
resteasy-jaxrs
3.6.2.Final


org.jboss.resteasy
resteasy-client
3.6.2.Final




org.jboss.resteasy
resteasy-jaxb-provider
3.6.2.Final



org.jboss.resteasy
resteasy-multipart-provider
3.6.2.Final



org.jboss.resteasy
resteasy-cache-core
3.6.2.Final

321

Chapter 56. Maven and RESTEasy




org.jboss.resteasy
resteasy-yaml-provider
3.6.2.Final



org.jboss.resteasy
resteasy-atom-provider
3.6.2.Final



org.jboss.resteasy
resteasy-spring
3.6.2.Final



org.jboss.resteasy
resteasy-guice
3.6.2.Final



org.jboss.resteasy
async-http-servlet-3.0
3.6.2.Final



There is also a pom that can be imported so the versions of the individual modules do not have
to be specified. Note that maven 2.0.9 is required for this.




org.jboss.resteasy
resteasy-bom
3.6.2.Final

322

pom
import




323

324

Chapter 57.

Chapter 57. Deprecated Security
Modules
The following security related modules are deprecated and meant to be removed in the future:

• keystone
• login-module-authenticator
• resteasy-oauth
• skeleton-key-idm
Please refer to http://www.keycloak.org/ for a modern solution for the usecases previously covered
by the deprecated modules.

325

326

Chapter 58.

Chapter 58. Migration to RESTEasy
3.5 series
RESTEasy 3.5 series is a spin-off of the old RESTEasy 3.0 series, featuring JAX-RS 2.1 implementation.
The reason why 3.5 comes from 3.0 instead of the 3.1 / 4.0 development streams is basically
providing users with a selection of RESTEasy 4 critical / strategic new features, while ensuring
full backward compatiblity. As a consequence, no major issues are expected when upgrading
RESTEasy from 3.0.x to 3.5.x.
The natural upgrade path for users already on RESTEasy 3.1 series is straight to RESTEasy 4
instead.

327

328

Chapter 59.

Chapter 59. Migration to RESTEasy
3.1 series
RESTEasy 3.1.0.Final release comes with many changes compared to previous 3.0 point releases. User discernible changes in RESTEasy 3.1.0.Final include
• module reorganization
• package reorganization
• new features
• minor behavioral changes
• miscellaneous changes
In this chapter we focus on changes that might cause existing code to fail or behave in new ways.
The audience for this discussion may be partitioned into three subsets, depending on the version
of RESTEasy currently in use, the API currently in use, and the API to be used after an upgrade
to RESTEasy 3.1. The following APIs are available:
1. RESTEasy 2: RESTEasy 2 conforms to the JAX-RS 1 specification, and adds a variety of
additional facilities, such as a client API, a caching system, an interceptor framework, etc. All
of these user facing classes and interfaces comprise the RESTEasy 2 API.
2. RESTEasy 3: RESTEasy 3 conforms to the JAX-RS 2 specification, and adds some additional
facilities. Many of the non-spec facilities from the RESTEasy 2 API are formalized, in altered
form, in JAX-RS 2, in which case the older facilites are deprecated. The non-deprecated user
facing classes and interfaces in RESTEasy 3 comprise the RESTEasy 3 API.
These definitions are rather informal and imprecise, since the user facing classes / interfaces in
Resteasy 3.0.19.Final, for example, are a proper superset of the user facing classes / interfaces
in RESTEasy 3.0.1.Final. For this discussion, we identify the API with the version currently in use
in a given project.
Now, there are three potential target audiences of users planning to upgrade to RESTEasy
3.1.0.Final:
1. Those currently using RESTEasy API 3 with some RESTEasy 3.0.x release
2. Those currently using RESTEasy API 2 with some RESTEasy 2.x or 3.0.x release and planning
to upgrade to RESTEasy API 3
3. Those currently using RESTEasy API 2 with some RESTEasy 2.x or 3.0.x release and planning
to continue to use RESTEasy API 2

329

Chapter 59. Migration to REST...

Of these, users in Group 2 have the most work to do in upgrading from RESTEasy API 2
to RESTEasy API 3. They should consult the separate guide Upgrading from RESTEasy 2 to
RESTEasy 3 [http://docs.jboss.org/resteasy/docs/resteasy-upgrade-guide-en-US.pdf].
Ideally, users in Groups 1 and 3 might make some changes to take advantage of new features
but would have no changes forced on them by reorganization or altered behavior. Indeed, that is
almost the case, but there are a few changes that they should be aware of.

59.1. Upgrading with RESTEasy 3 API
All RESTEasy changes are documented in JIRA issues. Issues that describe detectable changes
in release 3.1.0.Final that might impact existing applications include

• RESTEASY-1341:
Build
method
of
org.jboss.resteasy.client.jaxrs.internal.ClientInvocationBuilder always return the same instance. [https://issues.jboss.org/browse/RESTEASY-1341]
When a build() method from
• org.jboss.resteasy.client.jaxrs.internal.ClientInvocationBuilder in resteasyclient,
• org.jboss.resteasy.specimpl.LinkBuilderImpl in resteasy-jaxrs,
• org.jboss.resteasy.specimpl.ResteasyUriBuilder in resteasy-jaxrs
is called, it will return a new object. This behavior might be seen indirectly. For example,

Builder builder = client.target(generateURL(path)).request();
...
Link link = new LinkBuilderImpl().uri(href).build();
...
URI uri = uriInfo.getBaseUriBuilder().path("test").build();

• RESTEASY-1433: Compile with JDK 1.8 source/target version [https://issues.jboss.org/browse/
RESTEASY-1433]
As it says. Depending on the application, it might be necessary to recompile with a target of
JDK 1.8 so that calls to RESTEasy code can work.
• RESTEASY-1484: CVE-2016-6346: Abuse of GZIPInterceptor in can lead to denial of service
attack [https://issues.jboss.org/browse/RESTEASY-1484]
Prior to release 3.1.0.Final, the default behavior of RESTEasy was to use GZIP to compress
and decompress messages whenever "gzip" appeared in the Content-Encoding header. How-

330

Upgrading with RESTEasy 2 API

ever, decompressing messages can lead to security issues, so, as of release 3.1.0.Final, GZIP
compression has to be enabled explicitly. For details, see Chapter GZIP Compression/Decompression.
Note. Because of some package reorganization due to
(see
below),
the
GZIP
interceptors,
which
used
package
org.jboss.resteasy.plugins.interceptors.encoding
org.jboss.resteasy.plugins.interceptors.

RESTEASY-1531
to
be
in
are
now
in

• RESTEASY-1531: Restore removed RESTEasy internal classes into a deprecated/disabled
module [https://issues.jboss.org/browse/RESTEASY-1531]
This issue is related to refactoring deprecated elements of the RESTEasy 2 API into a separate
module, and, ideally, would have no bearing at all on RESTEasy 3. However, a reorganization of
packages has led to moving some non-deprecated API elements in the resteasy-jaxrs module:
•

org.jboss.resteasy.client.ClientURI is now
org.jboss.resteasy.annotations.ClientURI

•

org.jboss.resteasy.core.interception.JaxrsInterceptorRegistryListener is

now
org.jboss.resteasy.core.interception.jaxrs.JaxrsInterceptorRegistryListener

•

org.jboss.resteasy.spi.interception.DecoratorProcessor is now
org.jboss.resteasy.spi.DecoratorProcessor

•

All of the dynamic features and interceptors in the package
org.jboss.resteasy.plugins.interceptors.encoding are now in
org.jboss.resteasy.plugins.interceptors

59.2. Upgrading with RESTEasy 2 API
Most of the deprecated classes and interfaces from RESTEasy 2 have been segregated in a
separate module, resteasy-legacy, as of release 3.1.0.Final. A few remain in module resteasyjaxrs for technical reasons. Eventually, all such classes and interfaces will be removed from
RESTEasy. Most of the relocated elements are internal, so ensuring that resteasy-legacy is on
the classpath will make most changes undetectable. One way to do that, of course, is to include
it in an application's WAR. In the context of WildFly, it is also possible to use a jboss-deployment-structure.xml file in the WEB-INF directory of your WAR file. For example:




331

Chapter 59. Migration to REST...







There are a few API classes and interfaces from resteasy-jaxrs that have moved to a new package
in resteasy-legacy. These are

•

org.jboss.resteasy.annotations.ClientResponseType is now
org.jboss.resteasy.annotations.legacy.ClientResponseType

•

org.jboss.resteasy.spi.Link is now
org.jboss.resteasy.client.Link

•

org.jboss.resteasy.spi.LinkHeader is now
org.jboss.resteasy.client.LinkHeader

332

Chapter 60.

Chapter 60. Migration from older
versions
60.1. Migrating from RESTEasy 2 to RESTEasy 3
Many facilities from RESTEasy 2 appear in a different form in RESTEasy 3. For example, much
of the client framework in RESTEasy 2 is formalized, in modified form, in JAX-RS 2.0. RESTEasy
versions 3.0.x implement both the older deprecated form and the newer conformant form. The
deprecated form is moved to legacy module in RESTEasy 3.1 and finally removed in RESTEasy
4. For more information on upgrading from various deprecated facilities in RESTEasy 2, see http://
docs.jboss.org/resteasy/docs/resteasy-upgrade-guide-en-US.pdf

60.2. Migrating from 3.0.x to 4.0.0
• In releases 3.0.x, when bean validation (Chapter 54, Validation) threw instances of exceptions
• javax.validation.ConstraintDefinitionException,
• javax.validation.ConstraintDeclarationException, or
• javax.validation.GroupDefinitionException,
they

were

wrapped

in

a
org.jboss.resteasy.api.validation.Resteasy.ResteasyViolationException,
which
org.jboss.resteasy.api.validation.ResteasyViolationExceptionMapper, the built-in
implementation
of
javax.ws.rs.ext.ExceptionMapper,
then
turned into descriptive text. As of release 4.0.0, instances of ConstraintDefinitionException, etc., are thrown as is. They are still caught by ResteasyViolationExceptionMapper, so,
in general, there is no detectable change. It should be noted, however, that an implementation of
ExceptionMapper, which, prior to release 4.0.0, would have
caught wrapped instances of ConstraintDefinitionException, will not catch unwrapped instances.

333

334

Chapter 61.

Chapter 61. Books You Can Read
There are a number of great books that you can learn REST and JAX-RS from

• RESTful Web Services [http://oreilly.com/catalog/9780596529260/] by Leonard Richardson and
Sam Ruby. A great introduction to REST.
• RESTful Java with JAX-RS [http://oreilly.com/catalog/9780596158040/] by Bill Burke. Overview
of REST and detailed explanation of JAX-RS. Book examples are distributed with RESTEasy.
• RESTful Web Services Cookbook [http://oreilly.com/catalog/9780596808679/] by Subbu Allamaraju and Mike Amundsen. Detailed cookbook on how to design RESTful services.

335

336


Source Exif Data: 
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
Linearized                      : No
Page Count                      : 346
Profile CMM Type                : Little CMS
Profile Version                 : 2.1.0
Profile Class                   : Display Device Profile
Color Space Data                : RGB
Profile Connection Space        : XYZ
Profile Date Time               : 1998:02:09 06:49:00
Profile File Signature          : acsp
Primary Platform                : Apple Computer Inc.
CMM Flags                       : Not Embedded, Independent
Device Manufacturer             : Hewlett-Packard
Device Model                    : sRGB
Device Attributes               : Reflective, Glossy, Positive, Color
Rendering Intent                : Perceptual
Connection Space Illuminant     : 0.9642 1 0.82491
Profile Creator                 : Little CMS
Profile ID                      : 0
Profile Copyright               : Copyright (c) 1998 Hewlett-Packard Company
Profile Description             : sRGB IEC61966-2.1
Media White Point               : 0.95045 1 1.08905
Media Black Point               : 0 0 0
Red Matrix Column               : 0.43607 0.22249 0.01392
Green Matrix Column             : 0.38515 0.71687 0.09708
Blue Matrix Column              : 0.14307 0.06061 0.7141
Device Mfg Desc                 : IEC http://www.iec.ch
Device Model Desc               : IEC 61966-2.1 Default RGB colour space - sRGB
Viewing Cond Desc               : Reference Viewing Condition in IEC61966-2.1
Viewing Cond Illuminant         : 19.6445 20.3718 16.8089
Viewing Cond Surround           : 3.92889 4.07439 3.36179
Viewing Cond Illuminant Type    : D50
Luminance                       : 76.03647 80 87.12462
Measurement Observer            : CIE 1931
Measurement Backing             : 0 0 0
Measurement Geometry            : Unknown
Measurement Flare               : 0.999%
Measurement Illuminant          : D65
Technology                      : Cathode Ray Tube Display
Red Tone Reproduction Curve     : (Binary data 2060 bytes, use -b option to extract)
Green Tone Reproduction Curve   : (Binary data 2060 bytes, use -b option to extract)
Blue Tone Reproduction Curve    : (Binary data 2060 bytes, use -b option to extract)
Producer                        : jDocBook - Java-based DocBook processor
PDF Version                     : 1.4
Date                            : 2018:11:01 00:18:20+01:00
Creator Tool                    : jDocBook - Java-based DocBook processor
Metadata Date                   : 2018:11:01 00:18:20+01:00
Create Date                     : 2018:11:01 00:18:20+01:00
Language                        : en
Page Mode                       : UseOutlines
Creator                         : jDocBook - Java-based DocBook processor


EXIF Metadata provided by EXIF.tools









 






Navigation menu