访问WebSocket @ServerEndpoint中的HttpServletRequest属性 [英] Accessing HttpServletRequest properties within a WebSocket @ServerEndpoint
问题描述
我需要访问 HttpServletRequest 属性以获取包含 X509Certificate的 javax.servlet.request.X509Certificate TLS请求的证书数组。
I need to access the HttpServletRequest properties to get the javax.servlet.request.X509Certificate which contains the X509Certificate array of certificates for TLS requests.
来自JAX-RS ContainerRequestFilter 我可以很容易从 ContainerRequestContext.getProperty(String属性)方法中提取它,但我找不到从WebSocket Session 也不是 HandshakeRequest ,我可以从中访问 HttpSession 实例,但不能访问 HttpServletRequest 一。
From a JAX-RS ContainerRequestFilter I can easily extract this from the ContainerRequestContext.getProperty(String property) method, but I can't find a way to get it from the WebSocket Session nor the HandshakeRequest, from which I can access the HttpSession instance but not the HttpServletRequest one.
注意:这不是从Web套接字@ServerEndpoint中的HttpServletRequest访问HttpSession ,因为我需要访问 HttpServletRequest (或等效于提取TLS证书),而不是 HttpSession 。
Note: this is not a duplicate of Accessing HttpSession from HttpServletRequest in a Web Socket @ServerEndpoint since I need accesso to the HttpServletRequest (or equivalent to extract the TLS certificates), not HttpSession.
由于WebSocket是HTTP的超集,我猜测它应该是可能的,并希望Java团队想到了一种访问servlet属性的方法,但我真的找不到一个。任何人都知道这是否可行?
Since WebSocket is a superset of HTTP, I guess it should be possibile and hope the Java team had thought of a way to access the servlet properties, but I really couldn't find one. Anyone knows if this is possible at all?
推荐答案
没有黑客攻击:
- 在URL模式匹配websocket握手请求上创建servlet过滤器。
- 在过滤器中,获取感兴趣的请求属性并在继续链之前将其放入会话中。
- 最后从会话中获取它,而会话又可通过握手请求获得。
随着黑客攻击:
- 使用反射在握手请求实例中查找
ServletRequest字段。 -
获取
javax.servlet.request.X509Certificate属性。
换句话说:
public class ServletAwareConfigurator extends Configurator {
@Override
public void modifyHandshake(ServerEndpointConfig config, HandshakeRequest request, HandshakeResponse response) {
ServletRequest servletRequest = getField(request, ServletRequest.class);
X509Certificate[] certificates = (X509Certificate[]) servletRequest.getAttribute("javax.servlet.request.X509Certificate");
// ...
}
private static <I, F> F getField(I instance, Class<F> fieldType) {
try {
for (Class<?> type = instance.getClass(); type != Object.class; type = type.getSuperclass()) {
for (Field field : type.getDeclaredFields()) {
if (fieldType.isAssignableFrom(field.getType())) {
field.setAccessible(true);
return (F) field.get(instance);
}
}
}
} catch (Exception e) {
// Handle?
}
return null;
}
}
这篇关于访问WebSocket @ServerEndpoint中的HttpServletRequest属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
