[英]Securing RESTEasy based RESTFul service using HTTP Header Credentials
[英]Intercepting based on HTTP header in RESTeasy
我正在開發兩種類型的REST服務。
我不想在每個REST方法中包含@HeaderParam。 我想首先攔截它,並根據我想檢查會話的有效性。 請告訴我
謝謝。
我使用PreProcessInterceptor解決了這個問題
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface Securable {
String header() default "session-token";
}
@Provider
@ServerInterceptor
public class ValidationInterceptor implements PreProcessInterceptor, AcceptedByMethod {
@Context
private HttpServletRequest servletRequest;
@Override
public boolean accept(Class clazz, Method method) {
return method.isAnnotationPresent(Securable.class);
}
@Override
public ServerResponse preProcess(HttpRequest httpRequest, ResourceMethod resourceMethod) throws Failure,
WebApplicationException {
Securable securable = resourceMethod.getMethod().getAnnotation(Securable.class);
String headerValue = servletRequest.getHeader(securable.header());
if (headerValue == null){
return (ServerResponse)Response.status(Status.BAD_REQUEST).entity("Invalid Session").build();
}else{
// Validatation logic goes here
}
return null;
}
}
@Securable注釋將用於需要驗證的REST服務。
@Securable
@PUT
public Response updateUser(User user)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.