Java Dropwizard auth filter@permitall批注在类级别不起作用
我使用Dropwizard 0.9.1创建了一个自定义AuthFilter来检查会话cookie,如下所示:Java Dropwizard auth filter@permitall批注在类级别不起作用,java,dropwizard,Java,Dropwizard,我使用Dropwizard 0.9.1创建了一个自定义AuthFilter来检查会话cookie,如下所示: Priority(Priorities.AUTHENTICATION) public class SessionAuthFilter extends AuthFilter<String /*session key*/, SessionUser /*principal*/> { private SessionAuthFilter() { } @Override
Priority(Priorities.AUTHENTICATION)
public class SessionAuthFilter extends AuthFilter<String /*session key*/, SessionUser /*principal*/> {
private SessionAuthFilter() {
}
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Cookie sessionKey = requestContext.getCookies().get("sessionKey");
if (sessionKey != null) {
try {
Optional<SessionUser> principal = new SessionAuthenticator().authenticate(sessionKey.getValue());
requestContext.setSecurityContext(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return principal.get();
}
@Override
public boolean isUserInRole(String role) {
return false;
}
@Override
public boolean isSecure() {
return requestContext.getSecurityContext().isSecure();
}
@Override
public String getAuthenticationScheme() {
return SecurityContext.FORM_AUTH;
}
});
return;
} catch (AuthenticationException e) {
throw new InternalServerErrorException(e.getMessage(), e);
}
}
throw new NotAuthorizedException("Please log in!", "realm="+realm);
}
environment.jersey().register(new AuthDynamicFeature(new SessionAuthFilter.Builder().setAuthenticator(new
SessionAuthenticator()).setRealm("Login").buildAuthFilter()));
environment.jersey().register(RolesAllowedDynamicFeature.class);
问题是我不能在资源类的类级别上使用@Permitall注释。若我在方法上使用,但在类上不使用过滤,那个么它可以正常工作
资源类别:
@Path("/")
@PermitAll //Doesn't work here
@Produces(MediaType.APPLICATION_JSON)
public class HomeResource {
@GET
@PermitAll //Works fine if here
@Path("/about")
public Response get() {
}
}
有人知道吗?DW 9.x不支持类级别的Authz注释。您可以在的源代码中看到,只检查方法级注释,最终只将auth过滤器注册到具有Authz注释的方法 此限制已在中修复,其中允许
@roles
,并支持类级别的@PermitAll