Java 基于REST令牌的身份验证不工作
我试图在JavaRESTfulWeb服务中实现基于令牌的身份验证 到目前为止,我做了以下几件事 1) 已创建名称绑定安全Java 基于REST令牌的身份验证不工作,java,web-services,rest,annotations,restful-authentication,Java,Web Services,Rest,Annotations,Restful Authentication,我试图在JavaRESTfulWeb服务中实现基于令牌的身份验证 到目前为止,我做了以下几件事 1) 已创建名称绑定安全 @NameBinding @Retention(RetentionPolicy.SOURCE) @Target({ElementType.TYPE, ElementType.METHOD}) public @interface Secured { } 2) 已创建身份验证筛选器 @Secured @Provider @Priority(Priorities.AUTHENTI
@NameBinding
@Retention(RetentionPolicy.SOURCE)
@Target({ElementType.TYPE, ElementType.METHOD})
public @interface Secured { }
2) 已创建身份验证筛选器
@Secured
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
// Get the HTTP Authorization header from the request
String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
// Check if the HTTP Authorization header is present and formatted correctly
if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer")) {
throw new NotAuthorizedException("Authorization header must be provided");
}
// Extract the token from the HTTP Authorization header
String token = authorizationHeader.substring("Bearer".length()).trim();
try {
// Validate the token
validateToken(token);
} catch (Exception e) {
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
}
}
private void validateToken(String token) throws Exception {
// Check if it was issued by the server and if it's not expired
// Throw an Exception if the token is invalid
}
3) 现在,当我试图在我的服务方法上添加安全注释时,不知何故它不起作用,并且返回了正确的json
@GET
@Secured
@Path("{custid}/invoices")
@Produces({"application/json"})
@Consumes({"application/x-www-form-urlencoded"})
public List<Document> getCustomerInvoices(
@PathParam("custid") String account,
@DefaultValue("") @QueryParam("fromdate") String fromDate,
@DefaultValue("") @QueryParam("todate") String toDate) throws Exception{
Date from = null;
Date to = null;
SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd");
if(!fromDate.equals(""))
{
from = formatter.parse(fromDate);
}
if(!toDate.equals(""))
{
to = formatter.parse(toDate);
}
ArrayList<Document> invoices = (ArrayList<Document>) CustomerBiz.getInvoices(documentumConfigUtil,DocumentType.TAX_INVOICE,account,from,to);
return invoices;
}
@GET
@安全的
@路径(“{custid}/invoices”)
@产生({“应用程序/json”})
@使用({“application/x-www-form-urlencoded”})
公共列表getCustomerInvoices(
@PathParam(“客户ID”)字符串帐户,
@DefaultValue(“”@QueryParam(“fromdate”)字符串fromdate,
@DefaultValue(“”@QueryParam(“todate”)字符串(todate)引发异常{
日期从=空;
日期至=空;
SimpleDataFormat格式化程序=新的SimpleDataFormat(“yyyy-MM-dd”);
如果(!fromDate.equals(“”)
{
from=formatter.parse(fromDate);
}
if(!toDate.equals(“”)
{
to=格式化程序.parse(toDate);
}
ArrayList invoices=(ArrayList)CustomerBiz.getInvoices(documentumConfigUtil,DocumentType.TAX_invoices,account,from,to);
退回发票;
}
请告诉我哪里做错了
注意:我已经使用ApacheCXF和spring创建了java web服务。我已经解决了这个问题。实际上,问题出在我的beans.xml中 我用以下几行来解决这个问题
<jaxrs:server id="CustomerResource" address="/customers">
<jaxrs:serviceBeans>
<ref bean="customerResource" />
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean='jsonProvider' />
<ref bean='authenticationFilter' />
</jaxrs:providers>
</jaxrs:server>