[英]Getting resource annotations in Jersey 1.18.1 request filter
I'm implementing a user authorization module that will be applied on a resource method using a (new) annotation. 我正在实现一个用户授权模块,该模块将使用(新)注释应用于资源方法。
In order to do so, I created a Jersey (request) filter in which I need to get the annotation in order to allow / disallow the resource operation. 为此,我创建了一个Jersey(请求)过滤器,在其中需要获取批注以允许/禁止资源操作。
I'm using Dropwizard 0.7.1 with Jersey 1.18.1 我正在将Dropwizard 0.7.1与Jersey 1.18.1一起使用
The resource class: 资源类:
@Path("/v1/users/registration")
@Produces(MediaType.APPLICATION_JSON)
@Api(value = "/users/registration")
public class UserRegistrationResource {
@POST
@AuthorizedFor(Realm.SOCIAL) // The custom annotation class
public SessionModel register(
@Valid
@ApiParam(value = "New user to be registered", required = true)
NewUser user) throws Exception {
// Some logic
...
}
}
The filter class: 过滤器类:
@Provider
public class AuthorizationFilter implements ContainerRequestFilter {
@Context
AbstractMethod method;
@Override
public ContainerRequest filter(ContainerRequest request) {
// At this point, the method parameter is null :(
Realm realm = null;
User user = Context.get(Session.class).getUser();
for (Annotation annotation : method.getAnnotations()) {
if (AuthorizedFor.class == annotation.annotationType()) {
realm = ((AuthorizedFor) annotation).value();
}
}
if (realm != null) {
for (Realm userRealm : user.getRole().getAllowedRealms()) {
if (userRealm.equals(realm)) {
return request;
}
}
}
throw new ApiException(ResponseCode.UNAUTHORIZED);
}
}
The provider class: 提供者类:
@Provider
public class AbstractMethodProvider extends AbstractHttpContextInjectable<AbstractMethod> implements InjectableProvider<Context, Parameter> {
@Override
public Injectable<AbstractMethod> getInjectable(ComponentContext ic, Context context, Parameter parameter) {
if (parameter.getParameterType() == AbstractMethod.class) {
return this;
}
return null;
}
@Override
public ComponentScope getScope() {
return ComponentScope.PerRequest;
}
@Override
public AbstractMethod getValue(HttpContext context) {
return context.getUriInfo().getMatchedMethod();
}
}
The filter and provider initalization code: 过滤器和提供程序初始化代码:
environment.jersey().getResourceConfig().getContainerRequestFilters().add(new AuthorizationFilter());
environment.jersey().register(new AbstractMethodProvider());
I've also tried to inject HttpContext in the filter. 我也尝试在过滤器中注入HttpContext。 It wasn't null but getUriInfo().getMatchedMethod() was null. 它不是null,但是getUriInfo()。getMatchedMethod()是null。
Is there a better way to get resource method annotations in a Jersey request filter? 是否有更好的方法在Jersey请求过滤器中获取资源方法注释?
You can implement a ResourceFilterFactory to get the AbstractMethod. 您可以实现ResourceFilterFactory来获取AbstractMethod。
public class AuthorizationFilterFactory implements ResourceFilterFactory {
@Override
public List<ResourceFilter> create(AbstractMethod abstractMethod) {
return Arrays.asList(this.createAuthorizationFilter(abstractMethod));
}
private ResourceFilter createAuthorizationFilter(final AbstractMethod abstractMethod) {
return new ResourceFilter() {
@Override
public ContainerRequestFilter getRequestFilter() {
return new AuthorizationFilter(abstractMethod);
}
@Override
public ContainerResponseFilter getResponseFilter() {
return null;
}
};
}
}
So, your AuthorizationFilter will look like: 因此,您的AuthorizationFilter将如下所示:
@Provider
public class AuthorizationFilter implements ContainerRequestFilter {
private final AbstractMethod method;
public AuthorizationFilter(AbstractMethod method) {
this.method = method;
}
@Override
public ContainerRequest filter(ContainerRequest request) {
Realm realm = null;
User user = Context.get(Session.class).getUser();
for (Annotation annotation : method.getAnnotations()) {
if (AuthorizedFor.class == annotation.annotationType()) {
realm = ((AuthorizedFor) annotation).value();
}
}
if (realm != null) {
for (Realm userRealm : user.getRole().getAllowedRealms()) {
if (userRealm.equals(realm)) {
return request;
}
}
}
throw new ApiException(ResponseCode.UNAUTHORIZED);
}
}
To register your factory: 要注册您的工厂:
environment.jersey().getResourceConfig().getResourceFilterFactories().add(new AuthorizationFilterFactory());
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.