![](/img/trans.png)
[英]How can I specify the default MimeType returned by a REST resource with Jersey
[英]all of my rest api endpoints are secured by default, how can i unsecure them ?(jersey)
我已經使用jersey rest api已有一段時間了,我發生了一些新奇的事情。 突然我的所有端點都被保護了。我使用了@Secure Annotation。 即使我從端點將其刪除,我仍然需要訪問該資源的授權,這些資源已嘗試通過郵遞員,intellij rest客戶端和chrome作為瀏覽器進行訪問。 這是資源的一個例子
package com.leaders.bo;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
@Path("/majd")
public class majdResource {
/**
* Method handling HTTP GET requests. The returned object will be sent
* to the client as "text/plain" media type.
*
* @return String that will be returned as a text/plain response.
*/
@GET
@Produces(MediaType.TEXT_PLAIN)
public String getIt() {
return "Got it!";
}
@PUT
@Produces(MediaType.TEXT_PLAIN)
public String getIt2() {
return "Got it!";
}
@DELETE
@Produces(MediaType.TEXT_PLAIN)
public String getIt3() {
return "Got it!";
}
@POST
@Produces(MediaType.TEXT_PLAIN)
public String getIt4() {
return "Got it!";
}
}
這是注釋包com.leaders.bo.Resources的名稱綁定;
import javax.ws.rs.NameBinding;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.ElementType.TYPE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
/**
* Created by Majd on 8/1/2017.
*/
@NameBinding
@Retention(RUNTIME)
@Target({TYPE, METHOD})
public @interface Secured { }
這是我的authenticationFilter包com.leaders.bo.Resources;
import com.leaders.bo.dao.TokensDao;
import com.leaders.bo.dao.posDao;
import io.jsonwebtoken.Jwts;
import javax.annotation.Priority;
import javax.ws.rs.NameBinding;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.Priorities;
import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.ext.Provider;
import java.io.IOException;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import java.security.Principal;
import java.security.SignatureException;
import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.ElementType.TYPE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
/**
* Created by Majd on 8/1/2017.
*/
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter{
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
// Get the HTTP Authorization header from the request
String authorizationHeader =
requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
// Check if the HTTP Authorization header is present and formatted correctly
if (authorizationHeader == null || !authorizationHeader.startsWith("ey")) {
throw new NotAuthorizedException("Authorization header must be provided");
}
// Extract the token from the HTTP Authorization header
final String token = authorizationHeader.substring("".length()).trim();
try {
// Validate the token
validateToken(token,TokensDao.getCompanyNameFromToken(token));
} catch (Exception e) {
requestContext.abortWith(
Response.status(Response.Status.UNAUTHORIZED).build());
}
final SecurityContext currentSecurityContext = requestContext.getSecurityContext();
requestContext.setSecurityContext(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return new Principal() {
@Override
public String getName() {
return token;
}
};
}
@Override
public boolean isUserInRole(String role) {
return true;
}
@Override
public boolean isSecure() {
return currentSecurityContext.isSecure();
}
//returns the company name that the token is a part of.
@Override
public String getAuthenticationScheme() {
return TokensDao.getCompanyNameFromToken(token);
}
});
}
private void validateToken(String token,String companyName) throws Exception {
// Check if it was issued by the server and if it's not expired
// Throw an Exception if the token is invalid
if(!posDao.validateToken(token,companyName))
throw new SignatureException();
}
}
但是由於某種原因,即使我不使用@secured注釋,我創建的每個新端點也都獲得了安全端點,我使緩存無效並重新啟動,重建了應用程序並刪除了源目標,但仍然沒有幫助。 有人知道如何提供幫助嗎? 謝謝分配
您還需要在過濾器類上使用@Secured
批注。 這就是名稱綁定的工作方式 。 您將方法綁定到過濾器。 如果未添加篩選器,則篩選器將在所有端點上運行。 這可能是以前發生的事情, 即使您是由於注釋(您可能在所有端點上都擁有此注釋)所致。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.