@RolesAllowed无法使用Jersey解决 [英] @RolesAllowed cannot be resolved with Jersey
问题描述
我正在使用jersey实现的JAX-RS.我正在尝试使用Tomcat 6使用BASIC身份验证来验证我的服务.
I am using JAX-RS using jersey implementation. I am trying to authenticate my service using BASIC authentication using Tomcat 6.
这是代码:
@Path("/authenticate")
@RolesAllowed({"Admin","Guest"})
public class BasicAuthenticationSecurity {
@GET
@Path("/wbiPing")
@Produces(MediaType.TEXT_PLAIN)
@RolesAllowed("Admin")
public Response wbiPing(){
System.out.println("Pinged!!!");
return Response.ok("Pinged!!!").build();
}
}
当我尝试使用@RolesAllows
注释方法时,出现编译错误:
When I try to annotate my method using @RolesAllows
, I am getting an compilation error:
@RolesAllows cannot be resolved to a type
请让我知道如何解决此问题?为此需要任何特定的jar/API吗?
Please let me know how to resolve this? Any specific jars/API required for this?
web.xml
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>
com.security;
com.exception
</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.spi.container.ResourceFilters</param-name>
<param-value>com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>BasicDemo</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<!-- The realm name is typically displayed by the browser in the login dialog box. -->
<realm-name>Login</realm-name>
</login-config>
请让我知道这个问题.
推荐答案
I struggled with a similar issue for hours before one line from this IBM article opened my eyes. Surprisingly, not a single book or user guide mentions this critical fact, without which, authentication can't succeed.
使用基于注释的安全性时, web.xml不是可选的;相反,必须存在<security-constraint>
元素; Web容器会在JAX-RS之前检查安全性,并且如果没有<security-constraint>
,则不会设置正确的安全性上下文.因此,当JAX-RS调用isUserInRole(role)
时,它总是返回false.
When using annotation-based security, web.xml is not optional; quite on the contrary, <security-constraint>
element must be present; the web container checks for security before JAX-RS does and without a <security-constraint>
, the proper security context is not set. Thus when JAX-RS invokes isUserInRole(role)
, it always returns false.
此外,必须存在web.xml中的<security-role>
元素或@DeclareRoles
注释.
In addition, either <security-role>
element(s) in web.xml or @DeclareRoles
annotation must be present.
最后,如果使用Jersey,则必须在Application类中注册RolesAllowedDynamicFeature
才能启用基于注释的安全性.
Lastly, if using Jersey, RolesAllowedDynamicFeature
needs to be registered in the Application class to enable annotation-based security.
还有其他与可怜的文档或缺乏可悲的文档苦恼的人在那里.
HTH others who struggle with the pathetic documentation, or lack of it, thereof, that's out there.
这篇关于@RolesAllowed无法使用Jersey解决的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!