Java 我可以向JAX-RS方法添加自定义注释以验证访问吗?
例如,我有以下方法:Java 我可以向JAX-RS方法添加自定义注释以验证访问吗?,java,annotations,jax-rs,Java,Annotations,Jax Rs,例如,我有以下方法: @GET @Path("/get/current") public Response getCurrentInfo(@HeaderParam("Authorization") String token){ Gson gson = new GsonBuilder() .setDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS") .setPrettyPrinting().create()
@GET
@Path("/get/current")
public Response getCurrentInfo(@HeaderParam("Authorization") String token){
Gson gson = new GsonBuilder()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS")
.setPrettyPrinting().create();
String email = SecurityProvider.decryptTokenAndGetEmail(token);
if(DB.isAccessPermitted(email)){
Info info = DB.getCurrentInfo();
String json = gson.toJson(info);
return Response.ok(json).build();
}else{
return Response.status(401).build();
}
}
因此,在每个方法中都要编写:
if(DB.isAccessPermitted(email)){
Info info = DB.getCurrentInfo();
String json = gson.toJson(info);
return Response.ok(json).build();
}else{
return Response.status(401).build();
}
例如,我将创建@SecurityCheck
注释,注释每个具有有限访问权限的方法,并仅在单个位置执行检查。是否可以通过注释实现,是否可以提供MVCE?
谢谢。如果您使用的是JAX-RS 2.0,您可以将其注入到
ContainerRequestFilter
,然后从中获取java.lang.reflect.Method
。通过方法
,可以获得注释。比如说
@Provider
@Priority(Priorities.AUTHENTICATION)
public class SecurityFilter implements ContainerRequestFilter {
@Context
private ResourceInfo resourceInfo;
// You can get the header from the `requestContext`
@Override
public void filter(ContainerRequestContext requestContext) {
Method resourceMethod = resourceInfo.getResourceMethod();
SecurityCheck annotation = resourceMethod.getAnnotation(SecurityCheck.class);
// get some value from annotation
if (notAllowedAccess) {
throw new WebApplicationException(403);
}
}
}
@Provider
public class SecurityCheckDynamicFeature implements DynamicFeature {
@Override
public void configure(ResourceInfo info, FeatureContext context) {
Method method = info.getResourceMethod();
SecurityCheck annotation = method.getAnnotation(SecurityCheck.class);
if (annotation != null) {
context.register(SecurityFilter.class);
}
}
}
只有当您需要从注释中获取一些值时,如@SecurityCheck(“SomeRoleAllowed”)
,才需要使用该注释(ResourceInfo)
如果不需要该值,并且只需要对任何注释的方法进行筛选,则可以创建一个DynamicFeature
,将每个方法绑定到一个筛选器。比如说
@Provider
@Priority(Priorities.AUTHENTICATION)
public class SecurityFilter implements ContainerRequestFilter {
@Context
private ResourceInfo resourceInfo;
// You can get the header from the `requestContext`
@Override
public void filter(ContainerRequestContext requestContext) {
Method resourceMethod = resourceInfo.getResourceMethod();
SecurityCheck annotation = resourceMethod.getAnnotation(SecurityCheck.class);
// get some value from annotation
if (notAllowedAccess) {
throw new WebApplicationException(403);
}
}
}
@Provider
public class SecurityCheckDynamicFeature implements DynamicFeature {
@Override
public void configure(ResourceInfo info, FeatureContext context) {
Method method = info.getResourceMethod();
SecurityCheck annotation = method.getAnnotation(SecurityCheck.class);
if (annotation != null) {
context.register(SecurityFilter.class);
}
}
}
或者另一种方法是在自定义注释上使用@NameBinding
@NameBinding
@Target(...)
@Retention
public @interface SecurityCheck {}
然后,还需要使用注释对SecurityFilter
类进行注释。任何带注释的方法或类都将通过过滤器
其他资源:
@Priority(Priorities.AUTHORIZATION)
不是正确的@Priority
吗?这真的很有帮助!非常感谢。