UnsupportedOperationException getUserPrincipal
[英]UnsupportedOperationException getUserPrincipal
问题描述
I have created a ContainerRequestfilter and successfully made it trigger. 
我创建了一个ContainerRequestfilter并成功触发了它。 Now I'd like acccess the UserPrincipal I have set before in a grizzly HttpServerProbe like this: 现在我想要像以前一样在一个灰熊的HttpServerProbe中设置UserPrincipal:
import com.sun.jersey.spi.container.ContainerRequest;
@Override
public ContainerRequest filter(ContainerRequest request) {
Principal principal=req.getUserPrincipal();
}
Instead a "UnsupportedOperationException" is thrown. 而是抛出“UnsupportedOperationException”。 It looks like the ContainerRequest does not pick up the UserPrincipal from the modified request. 看起来ContainerRequest没有从修改后的请求中获取UserPrincipal。
The modification is done via 修改是通过
import org.glassfish.grizzly.http.server.Request;
...
public void onRequestReceiveEvent(
HttpServerFilter filter,Connection connection, Request request) {
Principal principal=getPrincipalFromRequest(request);
request.setUserPrincipal(principal);
}
The issue is how to to transport the Principal information from the HttpServerProbe to the ContainerRequestFilter. 问题是如何将Principal信息从HttpServerProbe传输到ContainerRequestFilter。 The org.glassfish.grizzly.http.server.Request has the security information (in this case SSL Client certificate information) while the com.sun.jersey.spi.container.ContainerRequest initially does not provide it. org.glassfish.grizzly.http.server.Request具有安全信息(在本例中为SSL客户端证书信息),而com.sun.jersey.spi.container.ContainerRequest最初不提供它。
Unfortunately I have also not found a way to set the SecurityContext in the HttpServerProbe. 不幸的是,我还没有找到在HttpServerProbe中设置SecurityContext的方法。 In the ContainerRequestFilter i could do it but the necessary Principal information is not available as I would have expected. 在ContainerRequestFilter中我可以做到,但必要的主要信息不可用,正如我所期望的那样。
I am using Jersey 1.17 and Grizzly 2.3.5 我使用Jersey 1.17和Grizzly 2.3.5
the following links where all somewhat related to the issue, but none was giving a clue what may be the reason for the above error: 以下链接都与问题有些相关,但没有人提供线索可能是上述错误的原因:
http://www.solutionoferror.com/java/use-containerrequestfilter-in-jersey-without-web-xml-79849.asp http://www.solutionoferror.com/java/use-containerrequestfilter-in-jersey-without-web-xml-79849.asp
Jersey ContainerRequestFilter not triggered Jersey ContainerRequestFilter未触发
http://subversion.jfrog.org/artifactory/public/tags/2.1.0/rest/src/main/java/org/artifactory/rest/common/RestAuthenticationFilter.java http://subversion.jfrog.org/artifactory/public/tags/2.1.0/rest/src/main/java/org/artifactory/rest/common/RestAuthenticationFilter.java
http://sites.gbif.org/common-resources/gbif-common-ws/xref/org/gbif/ws/server/filter/AuthFilter.html http://sites.gbif.org/common-resources/gbif-common-ws/xref/org/gbif/ws/server/filter/AuthFilter.html
http://2rdscreenretargeting.blogspot.de/2012/06/secure-jersey-with-oauth2.html http://2rdscreenretargeting.blogspot.de/2012/06/secure-jersey-with-oauth2.html
What needs to be done to access the principal / set the security context with the principal in a way that HttpServerProbe and ContainerRequestFilter cooperate in assembling this info ? 在HttpServerProbe和ContainerRequestFilter合作收集这些信息时,需要做些什么才能访问主体/设置安全上下文?
1 个解决方案
解决方案1
2 已采纳 2013-11-20 19:44:23
Jersey/JAX-RS expects SecurityContext to be set before you can retrieve any information about principal, user roles etc. Usually, in Jersey, this is done by dedicated ContainerRequestFilter . Jersey / JAX-RS期望在您可以检索有关主体,用户角色等的任何信息之前设置SecurityContext 。通常,在Jersey中,这是由专用的ContainerRequestFilter完成的。 Take a look at the sample filter from one of our samples: SecurityFilter . 从我们的一个示例中查看示例过滤器: SecurityFilter 。
After this, you can inject SecurityContext (using @Context ) into your resources or other providers such as filters. 在此之后,您可以将SecurityContext (使用@Context )注入您的资源或其他提供程序(如过滤器)。 You can then also call containerRequest.getUserPrincipal() without getting an UnsupportedOperationException . 然后,您还可以调用containerRequest.getUserPrincipal()而不会获得UnsupportedOperationException 。
EDIT 1 编辑1
If you need to obtain Principal object in grizzly level you can inject the current Request into your filter and then retrieve the value in filter method. 如果需要以灰度级获取Principal对象,可以将当前Request注入过滤器,然后在filter方法中检索该值。
@Context
private ThreadLocal<Request> request;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.