Java Jersey 2-ContainerRequestFilter获取方法注释
我正在尝试获取ContainerRequestFilter对象中的方法注释 控制器:Java Jersey 2-ContainerRequestFilter获取方法注释,java,rest,jersey,jax-rs,jersey-2.0,Java,Rest,Jersey,Jax Rs,Jersey 2.0,我正在尝试获取ContainerRequestFilter对象中的方法注释 控制器: @GET @RolesAllowed("ADMIN") public String message() { return "Hello, rest12!"; } @ApplicationPath("/rest") public class ExpertApp extends Application { private final HashSet<Object> singletons = n
@GET
@RolesAllowed("ADMIN")
public String message() {
return "Hello, rest12!";
}
@ApplicationPath("/rest")
public class ExpertApp extends Application {
private final HashSet<Object> singletons = new LinkedHashSet<Object>();
public ExpertApp() {
singletons.add(new SecurityInterceptor());
}
@Override
public Set<Object> getSingletons() {
return singletons;
}
public Set<Class<?>> getClasses() {
return new HashSet<Class<?>>(Arrays.asList(UserControler.class, SearchController.class));
}
@Provider
public class SecurityInterceptor implements javax.ws.rs.container.ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext requestContext) {
//Here I need To get the @RolesAllowed("ADMIN") annotation value
}
@GET
@RolesAllowed("ADMIN")
public String message() {
return "Hello, rest12!";
}
@ApplicationPath("/rest")
public class ExpertApp extends Application {
private final HashSet<Object> singletons = new LinkedHashSet<Object>();
public ExpertApp() {
singletons.add(new SecurityInterceptor());
}
@Override
public Set<Object> getSingletons() {
return singletons;
}
public Set<Class<?>> getClasses() {
return new HashSet<Class<?>>(Arrays.asList(UserControler.class, SearchController.class));
}
@ApplicationPath(“/rest”)
公共类ExpertApp扩展了应用程序{
private final HashSet singleton=new LinkedHashSet();
公共专家页(){
添加(新的SecurityInterceptor());
}
@凌驾
公共集getSingleton(){
返回单身人士;
}
公共集>(Arrays.asList(UserControler.class,SearchController.class));
}
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Servlet declaration can be omitted in which case it would be automatically
added by Jersey -->
<servlet>
<servlet-name>javax.ws.rs.core.Application</servlet-name>
</servlet>
<servlet-mapping>
<servlet-name>javax.ws.rs.core.Application</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
javax.ws.rs.core.Application
javax.ws.rs.core.Application
/*
@Context-ResourceInfo方法中获取注释
RolesAllowed annot = resourceInfo.getResourceMethod().getAnnotation(RolesAllowed.class);
但是
Jersey已经有了一个对批注@RolesAllowed
、@PermitAll
和@DenyAll
实施访问控制的。你只需要
在ResourceConfig
public class MyApplication extends ResourceConfig {
public MyApplication() {
super(MyResource.class);
register(RolesAllowedDynamicFeature.class);
}
}
在web.xml中
<init-param>
<param-name>jersey.config.server.provider.classnames</param-name>
<param-value>
org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature
</param-value>
</init-param>
jersey.config.server.provider.classnames
org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature
或者在应用程序的子类中,可以将其添加到getSingletons()
或getClasses()
集合中。哪一个没什么区别。没有注入发生,所以只实例化它并将其添加到单例中是安全的
注意:第一个选项可以在任何JAX-RS 2.0应用程序中完成,而第二个选项是特定于Jersey的。您的ContainerRequestFilter是作为后期匹配过滤器实现的。这意味着只有在选择合适的资源方法来处理实际请求后,即在请求匹配发生后,才会应用过滤器
因此,@RolesAllowed(“ADMIN”)将阻止调用,并且您的筛选器将永远不会被调用
为了避免这个问题,我创建了自定义注释;例如:
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.lang.annotation.ElementType;
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface MyRoles {
public enum MyRole {
USER, OFFICER, COMPLIANCE, ADMIN
}
MyRole role() default MyRole.USER;
Class<? extends Throwable> expected() default None.class;
static class None extends Throwable {
/**
*
*/
private static final long serialVersionUID = 1L;
}
}
在过滤器中,我检查自定义注释:
private static final String AUTHORIZATION_PROPERTY = "Authorization";
private static final String AUTHENTICATION_SCHEME = "Basic";
private static final ServerResponse BAD_REQUEST = new ServerResponse("Token invalid or expired", 400, new Headers<Object>());;
private static final ServerResponse ACCESS_DENIED = new ServerResponse("Access denied for this resource", 401, new Headers<Object>());;
private static final ServerResponse ACCESS_FORBIDDEN = new ServerResponse("Nobody can access this resource", 403, new Headers<Object>());;
private static final ServerResponse SERVER_ERROR = new ServerResponse("INTERNAL SERVER ERROR", 500, new Headers<Object>());;
@Override
public void filter(ContainerRequestContext requestContext) {
System.err.println("GFA Debug SecurityInterceptor ............ ");
System.err.println(requestContext.getUriInfo().getRequestUri());
Method method = resourceInfo.getResourceMethod();
System.out.println("GFA DEbug method.getName() " + method.getName());
System.out.println("GFA DEbug method.isAnnotationPresent(PermitAll.class) = " + method.isAnnotationPresent(PermitAll.class));
// Access denied for all
if (method.isAnnotationPresent(DenyAll.class)) {
requestContext.abortWith(ACCESS_FORBIDDEN);
return;
}
// Access allowed for all
if (method.isAnnotationPresent(PermitAll.class)) {
System.out.println("GFA debug permitAll ... bye");
return;
}
// Custom roles
System.out.println("GFA Debug method.isAnnotationPresent(MyRole.class) = " + method.isAnnotationPresent(MyRoles.class));
if (!method.isAnnotationPresent(MyRoles.class)) {
requestContext.abortWith(ACCESS_FORBIDDEN);
return;
}
MyRoles myannotation = method.getAnnotation(MyRoles.class);
System.out.println("GFA custom role ... " + myannotation.role());
// Then I check for token and validity of role, etc.
}
private static final String AUTHORIZATION\u PROPERTY=“AUTHORIZATION”;
私有静态最终字符串身份验证\u SCHEME=“Basic”;
private static final ServerResponse BAD_REQUEST=new ServerResponse(“令牌无效或过期”,400,new Headers());;
private static final ServerResponse ACCESS_DENIED=new ServerResponse(“此资源的访问被拒绝”,401,new Headers());;
private static final ServerResponse ACCESS_probled=new ServerResponse(“没有人可以访问此资源”,403,new Headers());;
private static final ServerResponse SERVER_ERROR=new ServerResponse(“内部服务器错误”,500,new Headers());;
@凌驾
公共无效筛选器(ContainerRequestContext requestContext){
System.err.println(“GFA调试安全拦截器……”);
System.err.println(requestContext.getUriInfo().getRequestUri());
Method=resourceInfo.getResourceMethod();
System.out.println(“GFA调试方法.getName()”+方法.getName());
System.out.println(“GFA调试方法.isAnnotationPresent(PermitAll.class)=”+方法.isAnnotationPresent(PermitAll.class));
//所有人的访问被拒绝
if(方法isAnnotationPresent(DenyAll.class)){
requestContext.abortWith(禁止访问);
返回;
}
//允许所有人访问
if(方法isAnnotationPresent(PermitAll.class)){
System.out.println(“GFA调试许可证…再见”);
返回;
}
//自定义角色
System.out.println(“GFA Debug method.isAnnotationPresent(MyRole.class)=”+method.isAnnotationPresent(MyRoles.class));
如果(!method.isAnnotationPresent(MyRoles.class)){
requestContext.abortWith(禁止访问);
返回;
}
MyRoles myannotation=method.getAnnotation(MyRoles.class);
System.out.println(“GFA自定义角色…”+myannotation.role());
//然后检查令牌和角色的有效性等。
}