Fatal编程技术网
  • java/
  • Java 质量分配:不安全的活页夹配置:如何使用Spring框架&x27;带Jersey框架的s@initBinder

Java 质量分配:不安全的活页夹配置:如何使用Spring框架&x27;带Jersey框架的s@initBinder

java spring security filter

Java 质量分配:不安全的活页夹配置:如何使用Spring框架&x27;带Jersey框架的s@initBinder,java,spring,security,filter,jersey-2.0,Java,Spring,Security,Filter,Jersey 2.0,我想避免在Jersey框架中编写的应用程序的批量分配:不安全的绑定器配置问题。我在想,还有没有其他方法可以使用spring中的@InitBinder,并且对于此服务的每个请求,只允许设置允许的属性,并将所有其他属性设置为null @Controller @Path("/ar") @Api(tags = { "Request" }) public class RequestService extends AbstractService { static final Logger logg

我想避免在Jersey框架中编写的应用程序的批量分配:不安全的绑定器配置问题。我在想,还有没有其他方法可以使用spring中的@InitBinder,并且对于此服务的每个请求,只允许设置允许的属性,并将所有其他属性设置为null



@Controller
@Path("/ar")
@Api(tags = { "Request" })
public class RequestService extends AbstractService {
    static final Logger logger = Logger
            .getLogger("RequestServiceLogger");

@InitBinder
    public void customizeBinding (WebDataBinder binder) {
        System.out.println("Inside init binder ============== ");
        //I want to allow the allowed field only for AccountRequest object
         binder.setAllowedFields(allowedFields);
    }

    @Path("/submitrequest")
    @POST
    @Consumes({ "application/json" })
    @Produces({ "application/json" })
    @ApiOperation(value = "Validates a request", notes = "Validates a request", response = RequestResponse.class)
    @ApiImplicitParams({ @io.swagger.annotations.ApiImplicitParam(name = "Auth", value = "value", required = true, dataType = "string", paramType = "header") })
    @ApiResponses({
        @io.swagger.annotations.ApiResponse(code = 200, message = "OK", responseHeaders = { @io.swagger.annotations.ResponseHeader(name = "X-ResponseTime", description = "Total Time Taken", response = String.class) }, response = RequestResponse.class),
        @io.swagger.annotations.ApiResponse(code = 400, message = "Bad Request", response = com.model.ErrorDetail.class),
        @io.swagger.annotations.ApiResponse(code = 401, message = "Unauthorized", response = com.model.ErrorDetail.class),
        @io.swagger.annotations.ApiResponse(code = 403, message = "Forbidden", response = com.model.ErrorDetail.class),
        @io.swagger.annotations.ApiResponse(code = 404, message = "Not Found", response = com.model.ErrorDetail.class),
        @io.swagger.annotations.ApiResponse(code = 405, message = "Method Not Allowed", response = com.model.ErrorDetail.class),
        @io.swagger.annotations.ApiResponse(code = 415, message = "Unsupported Media Type", response = com.model.ErrorDetail.class),
        @io.swagger.annotations.ApiResponse(code = 500, message = "Internal Server error", response = com.ErrorDetail.class) })
    public Response submitRequest(@ApiParam(value = "AccountRequest JSON input data.", required = true) AccountRequest accountRequest,
            @Context HttpServletRequest request) throws Exception {

        System.out.println("Inside submitRequest ============== ");
    }
}

***如果有任何其他方法可以过滤请求对象属性,请告诉我

这是行不通的,您不能在Jersey上使用spring绑定机制(或配置)。您必须适当地配置Jersey。@M.Deinum是否有其他方法可以使用Jersey框架进行配置。