RESTEasy 3.x.x conforms to the JAX-RS 2.0 specification.
What you are trying to do could be accomplished (maybe better) with:
@Provider
public class SecurityInterceptor
implements javax.ws.rs.container.ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext requestContext){
if (not_authenticated){ requestContext.abortWith(response)};
}
}
since the ReaderInterceptor is invoked only if the underlying MessageBodyReader.readFrom is called by the standard JAX-RS pipeline, not fromthe application code.
The reason why your interceptor is not called, though, could be the @ServerInterceptor annotation, which is a RESTEasy extension.
The spec states at ยง6.5.2 that a interceptor is globally registered, unless the @Provider is annotated with a @NameBinding annotation, but I don’t know if RESTEasy can handle a @ServerInterceptor if it’s not explicitly registered as shown in RestEASY Interceptor Not Being Called