[英]Get user name with Apache CXF 2.4 JAX-RS and Spring Security 3.2
我使用SecurityContextHolder
在我的JAX-RS資源中獲取用戶名,並且可以正常工作:
@Path("/myresource")
public class MyResoure {
@Get
public String getUserName() {
return SecurityContextHolder.getContext().getAuthentication().getName();
}
}
但是我想將SecurityContext注入到類字段中(以編寫JUnit測試)。 我嘗試了一些記錄的方法:
使用javax.ws.rs.core.SecurityContext
我得到一個NullPointerException
,因為securityContext
始終為null
。
@Path("/myresource")
public class MyResoure {
@Context
private javax.ws.rs.core.SecurityContext securityContext;
@Get
public String getUserName() {
return securityContext.getUserPrincipal().getName();
}
}
使用org.apache.cxf.security.SecurityContext
(請參閱Apache CXF文檔 ),我得到一個NullPointerException
,因為securityContext.getUserPrincipal()
始終為null
。
@Path("/myresource")
public class MyResoure {
@Context
private org.apache.cxf.security.SecurityContext securityContext;
@Get
public String getUserName() {
return securityContext.getUserPrincipal().getName();
}
}
使用org.apache.cxf.jaxrs.ext.MessageContext
(請參閱Apache CXF文檔 ),我得到一個NullPointerException
,因為messageContext.getSecurityContext().getUserPrincipal()
始終為null
。
@Path("/myresource")
public class MyResoure {
@Context
private org.apache.cxf.jaxrs.ext.MessageContext messageContext;
@Get
public String getUserName() {
return messageContext.getSecurityContext().getUserPrincipal().getName();
}
}
使用javax.servlet.http.HttpServletRequest
我得到一個NullPointerException
,因為httpServletRequest.getUserPrincipal()
始終為null
。
@Path("/myresource")
public class MyResoure {
@Context
private javax.servlet.http.HttpServletRequest httpServletRequest;
@Get
public String getUserName() {
return httpServletRequest.getUserPrincipal().getName();
}
獲取用戶名
javax.ws.rs.core.SecurityContext
, org.apache.cxf.security.SecurityContext
, org.apache.cxf.jaxrs.ext.MessageContext
或 javax.servlet.http.HttpServletRequest
我必須將SecurityContextHolderAwareRequestFilter
添加到我的springSecurityFilterChain
。
彈簧配置:
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/**" filters="securityContextPersistenceFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor" />
</security:filter-chain-map>
</bean>
使用安全命名空間配置或Java配置 ,默認情況下會添加過濾器,請參閱Spring Security文檔 :
- servlet-api-provision提供HttpServletRequest安全方法的版本,例如isUserInRole()和getPrincipal(),它們通過向堆棧添加SecurityContextHolderAwareRequestFilter bean來實現。 默認為true。
我找到了一些解決JUnit問題的方法:
在SecurityContextHolder
設置SecurityContext
(請參閱https://stackoverflow.com/a/5703170 )
JUnit測試代碼:
public class MyResourceTest { private SecurityContext securityContextMock = mock(SecurityContext.class); @Before public void setUp() { SecurityContextHolder.setContext(securityContextMock); } @After public void tearDown() { SecurityContextHolder.clearContext(); } }
包裝SecurityContextHolder
(參見https://stackoverflow.com/a/5702970 )
包裝代碼:
public class MySecurityContextHolder { public SecurityContext getContext() { return SecurityContextHolder.getContext(); } }
資源代碼:
@Path("/myresource") public MyResource { private MySecurityContextHolder mySecurityContextHolder; @Get public String getUserName() { return mySecurityContextHolder.getContext().getAuthentication().getName(); } }
使用SecurityContextHolderStrategy(參見SEC-1188 )
彈簧配置:
<bean id="myResource" class="MyResource"> <property name="securityContextHolderStrategy" > <bean class="org.springframework.security.context.SecurityContextHolder" factory-method="getContexHolderStrategy"> </bean> </property> </bean>
資源代碼:
@Path("/myresource") public MyResource { private SecurityContextHolderStrategy securityContextHolderStrategy; @Get public String getUserName() { return securityContextHolderStrategy.getContext().getAuthentication().getName(); } }
使用PowerMock(參見https://stackoverflow.com/a/5703197/5277820 )
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.