Jersey Injection Dependency example with HK2

3 min readNov 14, 2019


Example of a Jersey project using the dependency injection framework HK2 to inject logged user into the application via a custum annotation

Jersey is a Java Framework that is commonly used to help generate REST Api.
HK2 is a lightweight framework which allow Inversion of Control (IoC) and dependency injection (DI)

Step 1: Starting a new Jersey Project

Generate a project from Maven Archetype:

mvn archetype:generate -DarchetypeArtifactId=jersey-quickstart-grizzly2 \
-DarchetypeGroupId=org.glassfish.jersey.archetypes -DinteractiveMode=false \
-DgroupId=com.example -DartifactId=simple-service -Dpackage=com.example \

Step 2: Business Logic

Add some business logic to make this test more interesting in

  • User
  • UserSvc
  • UserDao

Step 3: Automatically bind classes to their implementation

We want to be able to do Dependency Injection of our services. We need to register a AbstractBinder to our jersey app that will automatically match the given injected class with the implementation.

Create a class ApplicationBinder:

public class ApplicationBinder extends AbstractBinder {
protected void configure() {

And register it with our application:

resourceConfig.register(new ApplicationBinder());

And an another class `JustInTimeServiceResolver` that will handle the automatic binding of services like Google Guice would do.

public class JustInTimeServiceResolver implements JustInTimeInjectionResolver {

private ServiceLocator serviceLocator;

public boolean justInTimeResolution(Injectee injectee) {
final Type requiredType = injectee.getRequiredType();

if (injectee.getRequiredQualifiers().isEmpty() && requiredType instanceof Class) {
final Class<?> requiredClass = (Class<?>) requiredType;

// IMPORTANT: check the package name, so we don't accidentally preempt other framework JIT resolvers
if (requiredClass.getName().startsWith("com.example")) {
final List<ActiveDescriptor<?>> descriptors = ServiceLocatorUtilities.addClasses(serviceLocator, requiredClass);

return !descriptors.isEmpty();
return false;

From there we can already make use of the dependency injection framework.
Create a new endpoint to get the list of users:

public List<User> getUsers() {
return userSvc.getList();

And in `MyResource` inject the UserSvc service this way:

private UserSvc userSvc;

We can do the same in the `UserSvc` class with the field `UserDao`:

private UserDao userDao;

Note that Injected resources need to have a no args constructor.

Wen can test ou API is responding well with the list of our users this way:

public void testGetUsers() {
List<User> users = target.path("myresource/users").request().get(new GenericType<List<User>>() {});
assertEquals(2, users.size());

Step 4: Extract the user from the JWT Token and make it available for injection with a custom annotation

Now we would like to be able to get information about the user that send requests to our API and use it where needed in our application.
Our API will have secured access managed by a JWT Token.

We will create a `@PreMatching` Jersey filter that will be run before any request and that:
* will validate the token that should be in `Authorization` header
* will create a user from the claims in the extracted token
* will put the user in the SecurityContext so that it can be accessed by the HK2 framework

public class PreMatchingCurrentUserFilter implements ContainerRequestFilter {

public void filter(ContainerRequestContext requestContext) {
try {
Jws<Claims> jws = new AuthorizationValidator(false).validate(requestContext);
AppSecurityContext appSecurityContext = new AppSecurityContext(
new HashSet<String>(),
new User(
(String) jws.getBody().get("login"),
(String) jws.getBody().get("compte")
catch (Exception ignored) {

And register the filter with our application:

resourceConfig.register(new PreMatchingCurrentUserFilter());

Next we will create an new custom annotation that will be used to inject the user anywhere we want.

First create the new annotation, available in Field and in Constructor:

@Target({ElementType.FIELD, ElementType.CONSTRUCTOR})
public @interface CurrentUser {

then a new `InjectionResolver`, where we will bind the `User` class with the new annotation.
We can access the `SecurityContext` using dependency injection and find the User we injected in the `@PreMatching` earlier.

public class CurrentUserInjectionResolver implements InjectionResolver<CurrentUser> {

private javax.inject.Provider<SecurityContext> securityContextProvider;

public CurrentUserInjectionResolver(
javax.inject.Provider<SecurityContext> securityContextProvider) {
this.securityContextProvider = securityContextProvider;

public Object resolve(Injectee injectee, ServiceHandle<?> sh) {
if (User.class == injectee.getRequiredType()) {
return securityContextProvider.get().getUserPrincipal();
return null;


And thats’it, wen can access the user using an injection like that:

private User user;

or in a constructor:

public UserSvc(User user){
this.user = user;

If user was found in the JWT Token if will be accessible here.