[英]How do I configure my entity-filtering scope for security annotations in the web.xml?
Reading the jersey doc : https://jersey.java.net/documentation/latest/entity-filtering.html I was able to activate the SecurityEntityFilteringFeature by adding it to my web.xml along with other activated features. 阅读球衣文档: https : //jersey.java.net/documentation/latest/entity-filtering.html我能够通过将SecurityEntityFilteringFeature以及其他激活的功能添加到我的web.xml中来激活它。
So my web.xml's features part looks like that : 所以我的web.xml的功能部分看起来像这样:
...
<init-param>
<param-name>jersey.config.server.provider.classnames</param-name>
<param-value>
org.glassfish.jersey.server.gae.GaeFeature;
org.glassfish.jersey.server.mvc.jsp.JspMvcFeature;
org.glassfish.jersey.media.multipart.MultiPartFeature;
org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature;
org.glassfish.jersey.message.filtering.SecurityEntityFilteringFeature;
</param-value>
</init-param>
...
The annotations @PermitAll (which changes nothing) and @DenyAll (which always remove entity from json) work great. 注释@PermitAll(什么都不会改变)和@DenyAll(总是从json中删除实体)非常有用。
The question is : to use the annotation @RolesAllowed I also need to register the roles in the entity-filtering scope as said in the documentation 问题是:要使用@RolesAllowed注释,我还需要按照文档中所述在实体过滤范围中注册角色
EntityFilteringFeature.ENTITY_FILTERING_SCOPE - "jersey.config.entityFiltering.scope"
EntityFilteringFeature.ENTITY_FILTERING_SCOPE-“ jersey.config.entityFiltering.scope”
Defines one or more annotations that should be used as entity-filtering scope when reading/writing an entity.
定义一个或多个注释,在读取/写入实体时应将其用作实体过滤范围。
But I can only configure it through my web.xml and I have nowhere to do the following : 但是我只能通过web.xml对其进行配置,并且无处可做:
new ResourceConfig()
// Set entity-filtering scope via configuration.
.property(EntityFilteringFeature.ENTITY_FILTERING_SCOPE, new Annotation[] {SecurityAnnotations.rolesAllowed("manager")})
// Register the SecurityEntityFilteringFeature.
.register(SecurityEntityFilteringFeature.class)
// Further configuration of ResourceConfig.
.register( ... );
Any guess ? 有什么猜想吗?
You can use a ResourceConfig
and a web.xml together. 您可以一起使用
ResourceConfig
和 web.xml。 It is not "either one or the other". 它不是“一个或另一个”。 For example
例如
<servlet>
<servlet-name>MyApplication</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>org.foo.JerseyConfig</param-value>
</init-param>
</servlet>
package org.foo;
public class JerseyConfig extends ResourceConfig {
public JerseyConfig() {
register(...);
property(...);
}
}
Both the web.xml and the ResourceConfig
registrations/configuration/properties, etc will be used. web.xml和
ResourceConfig
注册/配置/属性等都将被使用。 You can see some other deployment options, here . 您可以在此处查看其他一些部署选项。
If you really must stay away from the ResourceConfig
(not sure why it would be such a problem), you can always create a Feature
. 如果您确实必须远离
ResourceConfig
(不确定为什么会出现这种问题),则可以随时创建Feature
。
@Provider
public class MyFilteringFeature implements Feature {
@Override
public boolean configure(FeatureContext context) {
context.property(...);
context.register(...);
return true;
}
}
Then just register the feature (unless you are scanning packages, then it should be picked up with the @Provider
annotation). 然后,只需注册该功能(除非您正在扫描软件包,否则应使用
@Provider
注释将其@Provider
)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.