Version
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
docs
reference
advanced-integration.mdcaching.mdconditional-endpoints.mdconfiguration.mdcsrf-protection.mddate-formatting.mdexception-mapping.mdfilters.mdjackson-integration.mdkotlin-serialization.mdmultipart.mdparameter-binding.mdqute-templates.mdresource-utilities.mdresponse-handling.mdrest-client.mdrest-links.mdstreaming.md
tessl/maven-io-quarkus--quarkus-resteasy-reactive
tessl install tessl/maven-io-quarkus--quarkus-resteasy-reactive@3.15.0A Jakarta REST implementation utilizing build time processing and Vert.x for high-performance REST endpoints with reactive capabilities in cloud-native environments.
filters.mddocs/reference/
Filters
Quarkus REST provides declarative request and response filters for cross-cutting concerns like authentication, authorization, logging, header manipulation, and request/response transformation.
Import
import org.jboss.resteasy.reactive.server.ServerRequestFilter;
import org.jboss.resteasy.reactive.server.ServerResponseFilter;
import org.jboss.resteasy.reactive.server.WithFormRead;
import jakarta.ws.rs.Priorities;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerResponseContext;
import jakarta.ws.rs.core.*;@ServerRequestFilter
Declarative request filter executed before the resource method. Can abort request processing by returning a Response.
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface ServerRequestFilter {
int priority() default Priorities.USER; // Execution priority
boolean preMatching() default false; // Execute before resource matching
boolean nonBlocking() default false; // Force non-blocking execution
boolean readBody() default false; // Deprecated: Read body before filter
}Supported Parameter Types
Filter methods can inject the following parameters:
ContainerRequestContext- Request contextUriInfo- URI informationHttpHeaders- HTTP headersRequest- HTTP requestResourceInfo- Resource method info (full)SimpleResourceInfo- Resource method info (lightweight)
Supported Return Types
void- Cannot abort requestResponse- Non-null aborts with responseRestResponse<T>- Non-null aborts with responseOptional<Response>- Present value aborts with responseOptional<RestResponse<T>>- Present value aborts with responseUni<Void>- Async, cannot abortUni<Response>- Async, non-null abortsUni<RestResponse<T>>- Async, non-null aborts
@ServerResponseFilter
Declarative response filter executed after the resource method. Can modify the response.
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface ServerResponseFilter {
int priority() default Priorities.USER; // Execution priority
}Supported Parameter Types
ContainerRequestContext- Request contextContainerResponseContext- Response context (required for modification)ResourceInfo- Resource method info (full)UriInfo- URI informationSimpleResourceInfo- Resource method info (lightweight)Throwable- Exception if thrown, null otherwise
Supported Return Types
void- Standard synchronous filterUni<Void>- Async filter
@WithFormRead
Forces form body to be read before filter or endpoint execution.
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface WithFormRead {
}Request Filter Patterns
Authentication Filter
@ServerRequestFilter(priority = Priorities.AUTHENTICATION)
public Optional<RestResponse<String>> authenticate(HttpHeaders headers) {
String authHeader = headers.getHeaderString("Authorization");
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
return Optional.of(RestResponse.status(401, "Missing or invalid token"));
}
String token = authHeader.substring(7);
if (!tokenService.isValid(token)) {
return Optional.of(RestResponse.status(401, "Invalid token"));
}
return Optional.empty(); // Continue request processing
}Authorization Filter
@ServerRequestFilter(priority = Priorities.AUTHORIZATION)
public Optional<Response> authorize(UriInfo uriInfo, SecurityContext securityContext) {
String path = uriInfo.getPath();
if (path.startsWith("/admin") && !securityContext.isUserInRole("ADMIN")) {
return Optional.of(Response.status(403).entity("Forbidden").build());
}
return Optional.empty();
}Logging Filter
@ServerRequestFilter
public void logRequest(UriInfo uriInfo, HttpHeaders headers) {
String method = headers.getHeaderString("X-HTTP-Method-Override");
String path = uriInfo.getPath();
logger.info("Request: {} {}", method, path);
}Pre-Matching Filter
Executes before resource method matching, useful for request transformation:
@ServerRequestFilter(preMatching = true)
public void preprocessRequest(ContainerRequestContext requestContext) {
// Modify URI before matching
String path = requestContext.getUriInfo().getPath();
if (path.startsWith("/v1/")) {
requestContext.setRequestUri(
requestContext.getUriInfo().getBaseUri(),
URI.create(path.replace("/v1/", "/api/"))
);
}
}Conditional Filter
@ServerRequestFilter
public Optional<Response> conditionalFilter(
UriInfo uriInfo,
SimpleResourceInfo resourceInfo
) {
// Only apply to specific resources
if (resourceInfo.getResourceClass().equals(SecureResource.class)) {
// Apply security check
if (!checkSecurity()) {
return Optional.of(Response.status(403).build());
}
}
return Optional.empty();
}Form Body Access
@ServerRequestFilter
@WithFormRead
public Optional<Response> validateForm(ContainerRequestContext context) {
// Form body is read and available
MultivaluedMap<String, String> formParams =
context.getUriInfo().getQueryParameters();
if (!formParams.containsKey("required_field")) {
return Optional.of(Response.status(400)
.entity("Missing required field")
.build());
}
return Optional.empty();
}Async Request Filter
@ServerRequestFilter(priority = Priorities.AUTHENTICATION)
public Uni<Optional<RestResponse<String>>> authenticateAsync(HttpHeaders headers) {
String token = headers.getHeaderString("Authorization");
if (token == null) {
return Uni.createFrom().item(
Optional.of(RestResponse.status(401, "Missing token"))
);
}
return tokenService.validateAsync(token)
.map(valid -> valid
? Optional.empty()
: Optional.of(RestResponse.status(401, "Invalid token"))
);
}Response Filter Patterns
Add Response Headers
@ServerResponseFilter
public void addHeaders(ContainerResponseContext responseContext) {
responseContext.getHeaders().add("X-Custom-Header", "value");
responseContext.getHeaders().add("X-Response-Time", System.currentTimeMillis());
}CORS Filter
@ServerResponseFilter
public void corsFilter(ContainerResponseContext response) {
response.getHeaders().add("Access-Control-Allow-Origin", "*");
response.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
response.getHeaders().add("Access-Control-Allow-Headers", "Content-Type, Authorization");
response.getHeaders().add("Access-Control-Max-Age", "3600");
}Logging Response
@ServerResponseFilter
public void logResponse(
ContainerRequestContext request,
ContainerResponseContext response,
Throwable thrown
) {
String path = request.getUriInfo().getPath();
int status = response.getStatus();
if (thrown != null) {
logger.error("Request failed: {} - {}", path, thrown.getMessage());
} else {
logger.info("Response: {} - {}", path, status);
}
}Modify Response Entity
@ServerResponseFilter
public void wrapResponse(ContainerResponseContext response) {
if (response.hasEntity() && response.getStatus() == 200) {
Object entity = response.getEntity();
// Wrap entity in envelope
ResponseEnvelope envelope = new ResponseEnvelope();
envelope.setData(entity);
envelope.setTimestamp(Instant.now());
response.setEntity(envelope);
}
}Error Response Filter
@ServerResponseFilter
public void handleErrors(
ContainerResponseContext response,
Throwable thrown
) {
if (thrown != null) {
ErrorResponse error = new ErrorResponse();
error.setMessage(thrown.getMessage());
error.setTimestamp(Instant.now());
response.setStatus(500);
response.setEntity(error);
}
}Conditional Response Filter
@ServerResponseFilter
public void conditionalModification(
ContainerResponseContext response,
ResourceInfo resourceInfo
) {
// Only modify responses from specific resources
if (resourceInfo.getResourceClass().equals(ApiResource.class)) {
response.getHeaders().add("X-API-Version", "1.0");
}
}Async Response Filter
@ServerResponseFilter
public Uni<Void> asyncFilter(ContainerResponseContext response) {
return metricsService.recordResponseAsync(response.getStatus())
.replaceWithVoid();
}Filter Priority
Filters execute in priority order. Use jakarta.ws.rs.Priorities constants:
public class Priorities {
public static final int AUTHENTICATION = 1000;
public static final int AUTHORIZATION = 2000;
public static final int HEADER_DECORATOR = 3000;
public static final int ENTITY_CODER = 4000;
public static final int USER = 5000;
}Request filters: Lower priority executes first (1000 before 5000) Response filters: Higher priority executes first (5000 before 1000)
@ServerRequestFilter(priority = Priorities.AUTHENTICATION) // Executes first
public Optional<Response> authenticate() { ... }
@ServerRequestFilter(priority = Priorities.AUTHORIZATION) // Executes second
public Optional<Response> authorize() { ... }
@ServerRequestFilter(priority = Priorities.USER) // Executes last
public void customFilter() { ... }Global vs Local Filters
Global Filters
Defined at the class level (outside resource classes) and apply to all requests:
@ApplicationScoped
public class GlobalFilters {
@ServerRequestFilter
public Optional<Response> globalAuth(HttpHeaders headers) {
// Applies to all requests
}
}Local Filters
Defined within resource classes and only apply to that resource:
@Path("/items")
public class ItemResource {
@ServerRequestFilter
public Optional<Response> localAuth(HttpHeaders headers) {
// Only applies to /items/* endpoints
}
@GET
public List<Item> list() { ... }
}Aborting Requests
Request filters can abort processing by returning a non-empty response:
// Abort with Response
@ServerRequestFilter
public Optional<Response> filter() {
if (shouldAbort()) {
return Optional.of(Response.status(403).build());
}
return Optional.empty();
}
// Abort with RestResponse
@ServerRequestFilter
public Optional<RestResponse<String>> filter() {
if (shouldAbort()) {
return Optional.of(RestResponse.status(403, "Forbidden"));
}
return Optional.empty();
}
// Cannot abort (void return)
@ServerRequestFilter
public void filter() {
// Can only modify request, cannot abort
}Non-Blocking Filters
By default, filters execute on the I/O thread. Use nonBlocking = false to force worker thread execution:
@ServerRequestFilter(nonBlocking = false)
public Optional<Response> blockingFilter() {
// Executes on worker thread
// Safe for blocking operations
}For reactive filters, use Uni return type:
@ServerRequestFilter
public Uni<Optional<Response>> reactiveFilter() {
return someAsyncOperation()
.map(result -> result.isValid()
? Optional.empty()
: Optional.of(Response.status(400).build())
);
}