带有cxf拦截器和回调处理程序的jax-rs [英] jax-rs with cxf interceptors and callback handler

问题描述

我想将现有的基于XML的Web服务转换为REST Web服务.这些服务已经开始运作，但我正在努力实现安全性.

I want to transform an existing XML-based webservice to a REST webservice. While the services are working already, I'm struggling with implementing the security.

在以前的实现中，我们使用了这样的拦截器(文件ws-server-context.xml):

In the former implementation, we used interceptors like this (file ws-server-context.xml):

<jaxws:endpoint id="someService" implementor="..." address="/..." >
    <jaxws:inInterceptors>
        <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
        <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
            <constructor-arg>
                <map>
                    <entry key="action" value="UsernameToken" />
                    <entry key="passwordType" value="PasswordText" />
                    <entry key="passwordCallbackRef" value-ref="sessionService" />
                </map>
            </constructor-arg>
        </bean>
    </jaxws:inInterceptors>
</jaxws:endpoint>

无论何时调用此端点的地址，都会调用Bean sessionService的方法handle(Callback[] callbacks)，该方法将检查适当的凭据(用户名+令牌).该bean实现接口CallbackHandler.

Whenever the address of this endpoint is called, the method handle(Callback[] callbacks) of the bean sessionService is invoked, which checks for proper credentials (username + token). This bean implements the interface CallbackHandler.

如何在JAX-RS中实现这种方法?端点是在webservice类本身(@Path)上定义的，因此是否需要在其中使用任何注释?如何注册拦截器?

How can this approach be implemented in JAX-RS? The endpoints are defined at the webservice classes themself (@Path), so do I need to use any annotations there? How do I register the interceptors?

感谢您的帮助！

推荐答案

您可以在web.xml中声明一个过滤器，而不是拦截器-

Instead of the interceptor, you can declare a filter in your web.xml -

<filter>
        <display-name>MyFilter</display-name>
        <filter-name>MyFilter</filter-name>
        <filter-class>com.*.MyFilter</filter-class>
 </filter>
 <filter-mapping>
        <filter-name>MyFilter</filter-name>
        <url-pattern></url-pattern> <!-- keep this same as your rest servlet's url pattern -->
 </filter-mapping>

在您的JAX-RS实现之前将调用此类.

This class will be called before your JAX-RS implementation.

您可以在过滤器类中引用callBackHandler.

You can refer to the callBackHandler from within the filter class.

这篇关于带有cxf拦截器和回调处理程序的jax-rs的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！