Fatal编程技术网
  • spring/
  • Spring 在Jersery请求筛选器之后未调用资源

Spring 在Jersery请求筛选器之后未调用资源

spring jersey

Spring 在Jersery请求筛选器之后未调用资源,spring,jersey,jax-rs,jax-ws,servlet-filters,Spring,Jersey,Jax Rs,Jax Ws,Servlet Filters,我定义了两个SpringServlet,其中一个指向自定义过滤器 @WebServlet(urlPatterns = { "/" }, initParams = { @WebInitParam(name = "com.sun.jersey.config.property.packages", value = "com.x.y.resource"), @WebInitParam(name = "com.sun.jersey.api.json.POJOMappingFeature",

我定义了两个SpringServlet,其中一个指向自定义过滤器

@WebServlet(urlPatterns = { "/" }, initParams = {
    @WebInitParam(name = "com.sun.jersey.config.property.packages", value = "com.x.y.resource"),
    @WebInitParam(name = "com.sun.jersey.api.json.POJOMappingFeature", value = "true") })
public class JerseyServlet extends SpringServlet
{
}

@WebServlet(name = "secure", urlPatterns = "/secure/*", initParams = {
    @WebInitParam(name = "com.sun.jersey.config.property.packages", value = "com.x.y.resource"),
    @WebInitParam(name = "com.sun.jersey.spi.container.ContainerRequestFilters", value = "com.x.y.resource.OAuthFilter"),
    @WebInitParam(name = "com.sun.jersey.api.json.POJOMappingFeature", value = "true") })
public class JerseySecureServlet extends SpringServlet
{
}
其思想是将包含“/secure/”的任何URL定向到OAuthFilter,以通过OAuth头验证请求。所有其他URL都只是正常处理

对于发送到不包含“/secure/”的URL的任何请求,都会正确调用相应的JAX-RS资源类。但是,对于包含“/secure/”的URL,OAuthFilter被正确调用,但是JAX-RS注释的资源类之后永远不会被调用

下面是一个安全资源示例

@Component
@Scope("request")
@Path("/secure/example")
public class SecureResource
{
    @GET
    ...
}
这是OAuthFilter

@Provider
@Component
public class OAuthFilter implements ContainerRequestFilter
{
    public static final String AUTHORIZED_USER = "authorized_user";

    @Autowired
    AccessTokenService accessTokenService;

    @Autowired
    UserService userService;

    @Context
    HttpServletRequest httpRequest;

    @Override
    public ContainerRequest filter(ContainerRequest containerRequest)
    {
        OAuthServerRequest request = new OAuthServerRequest(containerRequest);
        OAuthParameters params = new OAuthParameters();
        params.readRequest(request);

        String accessToken = params.getToken();

        if (accessToken == null)
        {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }

        String userId = accessTokenService.getUserIdForToken(accessToken);

        if (userId == null)
        {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }

        User user = userService.get(userId);

        if (user == null)
        {
            throw new WebApplicationException(Status.NOT_FOUND);
        }

        httpRequest.setAttribute(AUTHORIZED_USER, user);

        return containerRequest;
    }
}
看起来,一旦选择了带有“/secure/*”映射的JerseySecureServlet并调用了OAuthFilter,baseURI就是“http:/ip:port/context/secure”,路径就是“/example”,并且没有任何资源对应于此路径,因此不会调用任何内容。我应该怎么做才能只对包含“/secure/”的URL应用此筛选器?

我已经解决了这个问题,但我不能100%确定我的解决方案是否正确。我已将筛选的serlvet上的注释更改为
@WebFilter
,使我

@WebServlet(urlPatterns = { "/*" }, initParams = {
    @WebInitParam(name = "com.sun.jersey.config.property.packages", value = "com.x.y.resource"),
    @WebInitParam(name = "com.sun.jersey.api.json.POJOMappingFeature", value = "true") })
public class JerseyServlet extends SpringServlet
{
}

@WebFilter(urlPatterns = "/secure/*", initParams = {
    @WebInitParam(name = "com.sun.jersey.config.property.packages", value = "com.x.y.resource"),
    @WebInitParam(name = "com.sun.jersey.spi.container.ContainerRequestFilters", value = "com.x.y.resource.OAuthFilter"),
    @WebInitParam(name = "com.sun.jersey.api.json.POJOMappingFeature", value = "true") })
public class JerseySecureFilter extends SpringServlet
{
}
这是有效的。一个更好的解决方案将被接受