java - 在没有 web.xml 的情况下启用 ContainerRequestFilter
问题描述
我正在尝试使用过滤器启用基本身份验证。我喜欢在不使用 web.xml 文件的情况下启用它。我尝试了问题中的答案
在没有 web.xml 的 Jersey 中使用 ContainerRequestFilter
但我无法清楚地了解这一点。如何在没有 web.xml 文件的情况下启用过滤器?
package com.example.filter;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Base64;
import java.util.StringTokenizer;
import javax.annotation.security.PermitAll;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import com.example.ApiService;
public class AuthFilter implements ContainerRequestFilter {
private HttpServletRequest request;
@Context
private ResourceInfo resourceInfo;
private static final String AUTHORIZATION_PROPERTY = "Authorization";
private static final String AUTHENTICATION_SCHEME = "Basic";
private static final Response ACCESS_DENIED = Response.status(Response.Status.UNAUTHORIZED)
.entity("You cannot access this resource").build();
public boolean isAuthenticated(String authCredentials) {
if (null == authCredentials)
return false;
final String encodedUserPassword = authCredentials.replaceFirst(AUTHENTICATION_SCHEME + " ", "");
String usernameAndPassword = null;
try {
byte[] decodedBytes = Base64.getDecoder().decode(encodedUserPassword);
usernameAndPassword = new String(decodedBytes, "UTF-8");
} catch (IOException e) {
e.printStackTrace();
}
final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
final String username = tokenizer.nextToken();
if (request.getSession() != null) {
String mobile_number = (String) request.getSession().getAttribute(ApiService.CONTACT_ID_KEY);
if (mobile_number != username) {
return true;
}
}
return false;
}
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Method method = resourceInfo.getResourceMethod();
if (!method.isAnnotationPresent(PermitAll.class)) {
// Fetch authorization header
final String authorization = requestContext.getHeaderString(AUTHORIZATION_PROPERTY);
// If no authorization information present; block access
if (authorization == null || authorization.isEmpty()) {
requestContext.abortWith(ACCESS_DENIED);
return;
}
if(!isAuthenticated(authorization)) {
requestContext.abortWith(ACCESS_DENIED);
return;
}
}
}
}
这是我的应用程序类
package com.example;
import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;
@ApplicationPath("/rest")
public class ApiConfig extends Application {
public Map<String, Object> getProperties() {
Map<String, Object> properties = new HashMap<>();
properties.put("jersey.config.server.provider.packages", "com.example");
return properties;
}
}
谢谢你。
解决方案
你需要用@Provider
. @Provider
扫描会选择用和注释的类@Path
。@Context
如果你想注入它,你还需要添加HttpServletRequest
(你只有在 上ResourceInfo
)。
推荐阅读
- html - 将整个页面的 html 元素逆时针旋转 90 度
- linux - Linux内核中的线程本地存储
- android - Google Places API 在 recyclerview 上显示位置照片
- python - Python Mutiprocessing.pool 传递 touple 行
- javascript - 如何让 React 本机代码在 Visual Studio 中工作
- javascript - 隐藏 CSS 滚动条直到满足最大宽度和最大高度条件
- javascript - 制作 Discord Bot - 尝试启动时出现语法错误
- vba - 当表格中的单元格不为空时添加行
- c++ - 输出字符串数组
- inform7 - If statement won't work in Inform 7