6.1. Using Jax-RS

Jax-RS (JSR 311) is a Java API for developing applications using the REST architecture.

Assume that you want to create a demo REST service using Jax-RS that requires the followings:

  1. Create a Maven project named rest with the following structure:

  2. Declare the dependencies needed for the demo REST service in the pom.xml of the Java project (you can go to the eXo Platform repository to check the artifact versions).

    • exo.ws.rest.core: Used for REST service.

    • jsr250-api: Used for annotation.

    • json-rpc: Used for JSON.

    • exo.core.component.organization.api: Used for retrieving data.

    The pom.xml file now looks like:

    <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  3. Edit the java/exo/rest/service/RestUserService.java file.

    package exo.rest.service;
    import javax.ws.rs.GET;
    import javax.ws.rs.Path;
    import javax.ws.rs.PathParam;
    import javax.ws.rs.Produces;
    import javax.ws.rs.core.CacheControl;
    import javax.ws.rs.core.Context;
    import javax.ws.rs.core.MediaType;
    import javax.ws.rs.core.Response;
    import javax.ws.rs.core.SecurityContext;
    import javax.annotation.security.RolesAllowed;
    import org.exoplatform.commons.utils.ListAccess;
    import org.exoplatform.container.ExoContainer;
    import org.exoplatform.container.ExoContainerContext;
    import org.exoplatform.services.organization.OrganizationService;
    import org.exoplatform.services.organization.User;
    import org.exoplatform.services.organization.UserHandler;
    import org.exoplatform.services.rest.resource.ResourceContainer;
    import org.exoplatform.services.security.Identity;
    import org.exoplatform.services.security.IdentityRegistry;
    import org.json.JSONArray;
    import org.json.JSONObject;
     * Rest User Service!
    public class RestUserService implements ResourceContainer {
      public String hello(@PathParam("name")
      String name) {
        return "Hello " + name;
      public Response getListUserName(@Context  SecurityContext sc,@PathParam("offet") Integer offset) {
        JSONArray list = new JSONArray();
        JSONObject jsonObject = new JSONObject();
        String groupToCheck = "/platform/administrators";
    CacheControl cacheControl = new CacheControl();       cacheControl.setNoCache(true);
        if (sc.getUserPrincipal() == null || !this.isMemberOf(sc.getUserPrincipal().getName(), groupToCheck)) {
        } else {
          OrganizationService organizationService = (OrganizationService) ExoContainerContext.getCurrentContainer()
          UserHandler userHandler = organizationService.getUserHandler();
          try {
            ListAccess<User> allUsers = userHandler.findAllUsers();
            if(offset == null || offset < 0)
              offset = 0;
            int limit = 1000;
            int total = limit + offset;
            int totalUsers = allUsers.getSize();
            if(offset < totalUsers && total > totalUsers){
              total = totalUsers;
            User[] users = null;
            for (int i = offset; i < total; i++) {
              users = allUsers.load(i,1);
              jsonObject = new JSONObject();
              jsonObject.put("username", users[0].getUserName());
          } catch (Exception e) {
            // TODO Auto-generated catch block
        return Response.ok(list.toString(), MediaType.APPLICATION_JSON).cacheControl(cacheControl).build();
      private boolean isMemberOf(String username, String role) {
        ExoContainer container = ExoContainerContext.getCurrentContainer();
        IdentityRegistry identityRegistry = (IdentityRegistry) container.getComponentInstanceOfType(IdentityRegistry.class);
        Identity identity = identityRegistry.getIdentity(username);
        return identity.isMemberOf(role);

    In the above code, ResourceContainer needs to be implemented. This is used to make eXo services (for example, the components deployed inside eXo Container) simply and transparently accessible via HTTP in a RESTful manner. In other words, these services should be viewed as a set of REST Resources-endpoints of the HTTP request-response chain. Those services are called ResourceContainers.

    • The SecurityContext class is used to get the user information via the UserPrincipal method.

    • The following 2 methods are used to check authorization:

  4. Edit the resources/conf/portal/configuration.xml file that declares the REST service component in the portal container.

    <?xml version="1.0" encoding="ISO-8859-1"?>
  5. Build the Maven project using the command: mvn clean install.

  6. Put the .jar file into the eXo Platform package.

    • $PLATFORM_TOMCAT_HOME/lib (in Tomcat).

    • $PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear!/lib (in JBoss).

  7. Restart the server, then open http://mycompany.com:8080/portal/rest/demo/listusers/0 in your browser.

    • If you are not logged in as an admin yet, the [{"rights":"NOT-ALLOWED"}] text will be displayed. This means you do not have right to see the users list.

    • If you are logged in as an admin, the list of users will be shown, for example: [{"username":"david"},{"username":"james"},{"username":"john"},{"username":"mary"},{"username":"admin"},{"username":"paris"}].

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus