Spring 在Jersery请求筛选器之后未调用资源
我定义了两个SpringServlet,其中一个指向自定义过滤器Spring 在Jersery请求筛选器之后未调用资源,spring,jersey,jax-rs,jax-ws,servlet-filters,Spring,Jersey,Jax Rs,Jax Ws,Servlet Filters,我定义了两个SpringServlet,其中一个指向自定义过滤器 @WebServlet(urlPatterns = { "/" }, initParams = { @WebInitParam(name = "com.sun.jersey.config.property.packages", value = "com.x.y.resource"), @WebInitParam(name = "com.sun.jersey.api.json.POJOMappingFeature",
@WebServlet(urlPatterns = { "/" }, initParams = {
@WebInitParam(name = "com.sun.jersey.config.property.packages", value = "com.x.y.resource"),
@WebInitParam(name = "com.sun.jersey.api.json.POJOMappingFeature", value = "true") })
public class JerseyServlet extends SpringServlet
{
}
@WebServlet(name = "secure", urlPatterns = "/secure/*", initParams = {
@WebInitParam(name = "com.sun.jersey.config.property.packages", value = "com.x.y.resource"),
@WebInitParam(name = "com.sun.jersey.spi.container.ContainerRequestFilters", value = "com.x.y.resource.OAuthFilter"),
@WebInitParam(name = "com.sun.jersey.api.json.POJOMappingFeature", value = "true") })
public class JerseySecureServlet extends SpringServlet
{
}
其思想是将包含“/secure/”的任何URL定向到OAuthFilter,以通过OAuth头验证请求。所有其他URL都只是正常处理
对于发送到不包含“/secure/”的URL的任何请求,都会正确调用相应的JAX-RS资源类。但是,对于包含“/secure/”的URL,OAuthFilter被正确调用,但是JAX-RS注释的资源类之后永远不会被调用
下面是一个安全资源示例
@Component
@Scope("request")
@Path("/secure/example")
public class SecureResource
{
@GET
...
}
这是OAuthFilter
@Provider
@Component
public class OAuthFilter implements ContainerRequestFilter
{
public static final String AUTHORIZED_USER = "authorized_user";
@Autowired
AccessTokenService accessTokenService;
@Autowired
UserService userService;
@Context
HttpServletRequest httpRequest;
@Override
public ContainerRequest filter(ContainerRequest containerRequest)
{
OAuthServerRequest request = new OAuthServerRequest(containerRequest);
OAuthParameters params = new OAuthParameters();
params.readRequest(request);
String accessToken = params.getToken();
if (accessToken == null)
{
throw new WebApplicationException(Status.UNAUTHORIZED);
}
String userId = accessTokenService.getUserIdForToken(accessToken);
if (userId == null)
{
throw new WebApplicationException(Status.UNAUTHORIZED);
}
User user = userService.get(userId);
if (user == null)
{
throw new WebApplicationException(Status.NOT_FOUND);
}
httpRequest.setAttribute(AUTHORIZED_USER, user);
return containerRequest;
}
}
看起来,一旦选择了带有“/secure/*”映射的JerseySecureServlet并调用了OAuthFilter,baseURI就是“http:/ip:port/context/secure”,路径就是“/example”,并且没有任何资源对应于此路径,因此不会调用任何内容。我应该怎么做才能只对包含“/secure/”的URL应用此筛选器?我已经解决了这个问题,但我不能100%确定我的解决方案是否正确。我已将筛选的serlvet上的注释更改为
@WebFilter
,使我
@WebServlet(urlPatterns = { "/*" }, initParams = {
@WebInitParam(name = "com.sun.jersey.config.property.packages", value = "com.x.y.resource"),
@WebInitParam(name = "com.sun.jersey.api.json.POJOMappingFeature", value = "true") })
public class JerseyServlet extends SpringServlet
{
}
@WebFilter(urlPatterns = "/secure/*", initParams = {
@WebInitParam(name = "com.sun.jersey.config.property.packages", value = "com.x.y.resource"),
@WebInitParam(name = "com.sun.jersey.spi.container.ContainerRequestFilters", value = "com.x.y.resource.OAuthFilter"),
@WebInitParam(name = "com.sun.jersey.api.json.POJOMappingFeature", value = "true") })
public class JerseySecureFilter extends SpringServlet
{
}
这是有效的。一个更好的解决方案将被接受