stackoom
  简体   繁体   中英

Authorization in JAX-RS

 原文  2018-07-07 05:57:40       java/ rest/ authorization/ jax-rs

Question

I am developing an application using javaEE / Wildfly and JAX-RS for the restful service.

I have this kind of endpoint : 

@POST
@Path("/add")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
public Response addSchool(SchoolDto schoolDto, @HeaderParam("token") String userToken) {

    List<String> actionsNeeded = new ArrayList<String>(
            Arrays.asList(
                    "create school"
                    ));
    if (authService.userHasActionList(userToken, actionsNeeded) == false ) 
    {
        return authService.returnResponse(401);
    }

    Response addSchoolServiceResponse = schoolResponse.create(schoolDto);
    return addSchoolServiceResponse;
}

Using the token in Header my auth service will check if the user account has, in his list of authorized actions, those that are necessary to use the checkpoint.

It's working, but I'm repeating that on each checkpoint ... I'm looking for a way to do that : 

@POST
@Path("/add")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@Annotation("action 1 needed", "Action 2 needed")
public Response addSchool(SchoolDto schoolDto, @HeaderParam("token") String userToken) {        
    Response addSchoolServiceResponse = schoolResponse.create(schoolDto);
    return addSchoolServiceResponse;
}

an annotation where i can pass some parameters (my actions and most important be able to have the user token) who trigger using filter or whatever the security check return a 401 or let the method to be executed if user is allowed to be there.

I've find a lot of stuff (@Secured etc...) for security based on role but not on action like that

Is someone already did something like that ?

1 answers

solution1
 0  2018-07-22 13:50:57

Finally I've started all over and it's working, my principal problem was to access token in the header and working with annotations and it's ok now (just need to insist and try one more time i assume ...) here is what it's look likes : 

@Provider
@Actions
public class AuthorizationFilter implements ContainerRequestFilter {

@EJB
AuthService authService;

@Context
private ResourceInfo resourceInfo;

List<String> actionsNeeded = new ArrayList<String>();

@Override
public void filter(ContainerRequestContext reqContext) throws IOException {
  Actions annotations = resourceInfo.getResourceMethod().getAnnotation(Actions.class);
  String token;

  try {
      token = reqContext.getHeaders().get("token").get(0);  
      for (String annotation : annotations.value()) {
          actionsNeeded.add(annotation);
      }
        if (authService.userHasActionList(token, actionsNeeded) == false ) 
        {
            reqContext.abortWith(authService.returnResponse(401));
            return;
        }
    } catch (Exception e) {
        System.out.println("Headers 'token' does not exist !");
        reqContext.abortWith(authService.returnResponse(400));
    }    

  }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question JAX-RS and custom authorization JAX-RS Obtain more data with authorization Custom JAX-RS authorization - using JWT in each request How to read authorization header in JAX-RS service JAX-RS (Jersey 2) - authorization using JSR 250 annotations Setting up authorization requestfilter on JAX-RS backend with Firebase Authorization with JAX-RS 1 (Jersey) using e.g @RolesAllowed Authorization header in Angular 2 using service JAX-RS Get the target Java method of a request in JAX-RS for authorization with Picketlink Easy way for Authentication and Authorization with JAX-RS Jersey
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM