Java 质量分配:不安全的活页夹配置:如何使用Spring框架&x27;带Jersey框架的s@initBinder
我想避免在Jersey框架中编写的应用程序的批量分配:不安全的绑定器配置问题。我在想,还有没有其他方法可以使用spring中的@InitBinder,并且对于此服务的每个请求,只允许设置允许的属性,并将所有其他属性设置为nullJava 质量分配:不安全的活页夹配置:如何使用Spring框架&x27;带Jersey框架的s@initBinder,java,spring,security,filter,jersey-2.0,Java,Spring,Security,Filter,Jersey 2.0,我想避免在Jersey框架中编写的应用程序的批量分配:不安全的绑定器配置问题。我在想,还有没有其他方法可以使用spring中的@InitBinder,并且对于此服务的每个请求,只允许设置允许的属性,并将所有其他属性设置为null @Controller @Path("/ar") @Api(tags = { "Request" }) public class RequestService extends AbstractService { static final Logger logg
@Controller
@Path("/ar")
@Api(tags = { "Request" })
public class RequestService extends AbstractService {
static final Logger logger = Logger
.getLogger("RequestServiceLogger");
@InitBinder
public void customizeBinding (WebDataBinder binder) {
System.out.println("Inside init binder ============== ");
//I want to allow the allowed field only for AccountRequest object
binder.setAllowedFields(allowedFields);
}
@Path("/submitrequest")
@POST
@Consumes({ "application/json" })
@Produces({ "application/json" })
@ApiOperation(value = "Validates a request", notes = "Validates a request", response = RequestResponse.class)
@ApiImplicitParams({ @io.swagger.annotations.ApiImplicitParam(name = "Auth", value = "value", required = true, dataType = "string", paramType = "header") })
@ApiResponses({
@io.swagger.annotations.ApiResponse(code = 200, message = "OK", responseHeaders = { @io.swagger.annotations.ResponseHeader(name = "X-ResponseTime", description = "Total Time Taken", response = String.class) }, response = RequestResponse.class),
@io.swagger.annotations.ApiResponse(code = 400, message = "Bad Request", response = com.model.ErrorDetail.class),
@io.swagger.annotations.ApiResponse(code = 401, message = "Unauthorized", response = com.model.ErrorDetail.class),
@io.swagger.annotations.ApiResponse(code = 403, message = "Forbidden", response = com.model.ErrorDetail.class),
@io.swagger.annotations.ApiResponse(code = 404, message = "Not Found", response = com.model.ErrorDetail.class),
@io.swagger.annotations.ApiResponse(code = 405, message = "Method Not Allowed", response = com.model.ErrorDetail.class),
@io.swagger.annotations.ApiResponse(code = 415, message = "Unsupported Media Type", response = com.model.ErrorDetail.class),
@io.swagger.annotations.ApiResponse(code = 500, message = "Internal Server error", response = com.ErrorDetail.class) })
public Response submitRequest(@ApiParam(value = "AccountRequest JSON input data.", required = true) AccountRequest accountRequest,
@Context HttpServletRequest request) throws Exception {
System.out.println("Inside submitRequest ============== ");
}
}
***如果有任何其他方法可以过滤请求对象属性,请告诉我 这是行不通的,您不能在Jersey上使用spring绑定机制(或配置)。您必须适当地配置Jersey。@M.Deinum是否有其他方法可以使用Jersey框架进行配置。