[英]Enable ContainerRequestFilter without web.xml
我正在尝试使用过滤器启用基本身份验证。 我喜欢在不使用web.xml文件的情况下启用它。 我尝试了问题的答案
在没有web.xml的泽西岛中使用ContainerRequestFilter
但是我对此并不清楚。 如何在没有web.xml文件的情况下启用过滤器?
package com.example.filter;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Base64;
import java.util.StringTokenizer;
import javax.annotation.security.PermitAll;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import com.example.ApiService;
public class AuthFilter implements ContainerRequestFilter {
private HttpServletRequest request;
@Context
private ResourceInfo resourceInfo;
private static final String AUTHORIZATION_PROPERTY = "Authorization";
private static final String AUTHENTICATION_SCHEME = "Basic";
private static final Response ACCESS_DENIED = Response.status(Response.Status.UNAUTHORIZED)
.entity("You cannot access this resource").build();
public boolean isAuthenticated(String authCredentials) {
if (null == authCredentials)
return false;
final String encodedUserPassword = authCredentials.replaceFirst(AUTHENTICATION_SCHEME + " ", "");
String usernameAndPassword = null;
try {
byte[] decodedBytes = Base64.getDecoder().decode(encodedUserPassword);
usernameAndPassword = new String(decodedBytes, "UTF-8");
} catch (IOException e) {
e.printStackTrace();
}
final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
final String username = tokenizer.nextToken();
if (request.getSession() != null) {
String mobile_number = (String) request.getSession().getAttribute(ApiService.CONTACT_ID_KEY);
if (mobile_number != username) {
return true;
}
}
return false;
}
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Method method = resourceInfo.getResourceMethod();
if (!method.isAnnotationPresent(PermitAll.class)) {
// Fetch authorization header
final String authorization = requestContext.getHeaderString(AUTHORIZATION_PROPERTY);
// If no authorization information present; block access
if (authorization == null || authorization.isEmpty()) {
requestContext.abortWith(ACCESS_DENIED);
return;
}
if(!isAuthenticated(authorization)) {
requestContext.abortWith(ACCESS_DENIED);
return;
}
}
}
}
这是我的应用程序类
package com.example;
import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;
@ApplicationPath("/rest")
public class ApiConfig extends Application {
public Map<String, Object> getProperties() {
Map<String, Object> properties = new HashMap<>();
properties.put("jersey.config.server.provider.packages", "com.example");
return properties;
}
}
谢谢。
您需要使用@Provider对其进行注释。 扫描将拾取以@Provider和@Path注释的类。 如果要注入,则还需要为HttpServletRequest添加@Context (仅在ResourceInfo上具有它)。
在没有web.xml的情况下在Jersey中使用ContainerRequestFilter
[英]Use ContainerRequestFilter in Jersey without web.xml
如何在没有 web.xml 的情况下应用 ContainerRequestFilter?
[英]How can I apply ContainerRequestFilter without web.xml?
泽西岛1.x和Tomcat:如何以编程方式注册ContainerRequestFilter,即没有web.xml?
[英]Jersey 1.x and Tomcat: how to register a ContainerRequestFilter programmatically, i.e. without web.xml?
将Jersey2 ContainerRequestFilter与web.xml中的过滤器标记一起使用
[英]Use Jersey2 ContainerRequestFilter with filter notation in web.xml
Wildfly web.xml安全性约束使用ContainerRequestFilter阻止JAX-RS方法的基本auth头
[英]Wildfly web.xml security constraint blocking basic auth header for JAX-RS methods using ContainerRequestFilter
Spring Boot 启用<async-supported>就像在 web.xml 中一样
[英]Spring Boot enable <async-supported> like in web.xml
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.