访问WebSocket @ServerEndpoint中的HttpServletRequest属性 [英] Accessing HttpServletRequest properties within a WebSocket @ServerEndpoint
问题描述
我需要访问 HttpServletRequest
属性以获取包含 X509Certificate的 javax.servlet.request.X509Certificate
TLS请求的证书数组。
I need to access the HttpServletRequest
properties to get the javax.servlet.request.X509Certificate which contains the X509Certificate
array of certificates for TLS requests.
来自JAX-RS ContainerRequestFilter
我可以很容易从 ContainerRequestContext.getProperty(String属性)
方法中提取它,但我找不到从WebSocket Session
也不是 HandshakeRequest
,我可以从中访问 HttpSession
实例,但不能访问 HttpServletRequest
一。
From a JAX-RS ContainerRequestFilter
I can easily extract this from the ContainerRequestContext.getProperty(String property)
method, but I can't find a way to get it from the WebSocket Session
nor the HandshakeRequest
, from which I can access the HttpSession
instance but not the HttpServletRequest
one.
注意:这不是从Web套接字@ServerEndpoint中的HttpServletRequest访问HttpSession ,因为我需要访问 HttpServletRequest
(或等效于提取TLS证书),而不是 HttpSession
。
Note: this is not a duplicate of Accessing HttpSession from HttpServletRequest in a Web Socket @ServerEndpoint since I need accesso to the HttpServletRequest
(or equivalent to extract the TLS certificates), not HttpSession
.
由于WebSocket是HTTP的超集,我猜测它应该是可能的,并希望Java团队想到了一种访问servlet属性的方法,但我真的找不到一个。任何人都知道这是否可行?
Since WebSocket is a superset of HTTP, I guess it should be possibile and hope the Java team had thought of a way to access the servlet properties, but I really couldn't find one. Anyone knows if this is possible at all?
推荐答案
没有黑客攻击:
- 在URL模式匹配websocket握手请求上创建servlet过滤器。
- 在过滤器中,获取感兴趣的请求属性并在继续链之前将其放入会话中。
- 最后从会话中获取它,而会话又可通过握手请求获得。
随着黑客攻击:
- 使用反射在握手请求实例中查找
ServletRequest
字段。 -
获取
javax.servlet.request.X509Certificate
属性。
换句话说:
public class ServletAwareConfigurator extends Configurator {
@Override
public void modifyHandshake(ServerEndpointConfig config, HandshakeRequest request, HandshakeResponse response) {
ServletRequest servletRequest = getField(request, ServletRequest.class);
X509Certificate[] certificates = (X509Certificate[]) servletRequest.getAttribute("javax.servlet.request.X509Certificate");
// ...
}
private static <I, F> F getField(I instance, Class<F> fieldType) {
try {
for (Class<?> type = instance.getClass(); type != Object.class; type = type.getSuperclass()) {
for (Field field : type.getDeclaredFields()) {
if (fieldType.isAssignableFrom(field.getType())) {
field.setAccessible(true);
return (F) field.get(instance);
}
}
}
} catch (Exception e) {
// Handle?
}
return null;
}
}
这篇关于访问WebSocket @ServerEndpoint中的HttpServletRequest属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!