如何从Jersey-2请求过滤器访问检票口会话? [英] How to access wicket session from Jersey-2 request filter?
问题描述
在Jersey 1.x中,我们从(Jersey)会话属性访问了Wicket会话,如此处 https://stackoverflow所述. com/a/15767824/1399659 .
In Jersey 1.x we accessed the Wicket session from a (Jersey) session attribute, as described here https://stackoverflow.com/a/15767824/1399659.
In moving to Jersey 2.x it seems the proper pattern to use a ContainerRequestFilter, which also allows Spring bean injection as well. We have this working successfully by including
<param-name>jersey.config.server.provider.packages</param-name>
作为ServletContainer的初始化参数,并在ContainerRequestFilter实现上使用@Provider批注.但是此容器过滤器是单例的,因此无法将HttpServletRequest注入其中(请参见 JERSEY- 2114 )
as an init-param to the ServletContainer and using the @Provider annotation on a ContainerRequestFilter implementation. But this container filter is a singleton, and it's not possible to inject the HttpServletRequest into this (see JERSEY-2114)
In the filter() method we have access to the ContainerRequestContext but can't access the HttpServletRequest from there.
那么有一种方法可以实现:
So is there a way to either:
- 启用servlet过滤器中的Spring bean注入(也使用Jersey)吗?
- 要从ContainerRequestFilter中访问servlet请求吗?
- 通过具有Jersey过滤功能的Spring-bean-aware对象访问wicket会话吗?
`
import java.io.IOException;
import javax.servlet.http.HttpSession;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.ext.Provider;
import org.apache.wicket.injection.Injector;
@Provider
public class SecurityContextFilter implements ContainerRequestFilter {
//@Context
//HttpServletRequest webRequest;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
//HttpSession httpSession = webRequest.getSession();
//MyWicketSession mySession = (MyWicketSession) httpSession.getAttribute("wicket:" + BaseConstants.WICKET_FILTER_NAME + ":session");
//doAuthCheck(mySession, requestContext);
}
...
}
`
预先感谢
推荐答案
已修复在球衣2.4:
import javax.annotation.Priority;
import javax.ws.rs.Priorities;
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthRequestFilter implements ContainerRequestFilter {
@Context
HttpServletRequest webRequest;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
final HttpSession session = webRequest.getSession();
requestContext.setSecurityContext(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return new PrincipalImpl((String)session.getAttribute("USER_NAME"));
}
@Override
public boolean isUserInRole(String s) {
return false;
}
@Override
public boolean isSecure() {
return false;
}
@Override
public String getAuthenticationScheme() {
return null;
}
});
}
}
您也可以在不使用@Provider批注的情况下注册过滤器:
You can also register the filter without using @Provider annotation:
import org.glassfish.jersey.server.ResourceConfig;
import javax.ws.rs.ApplicationPath;
/**
* Root REST resource class.
*/
@ApplicationPath("/rest")
public class RootResource extends ResourceConfig {
/**
* Initializes all resources from REST package.
*/
public RootResource() {
packages("com.example.rest");
register(AuthRequestFilter.class);
}
}
注意:Glassfish 4.0.0使用旧版Jersey 2.0. 您将必须使用这些技巧升级Jersey(尚未证明能很好地工作) .或更好的方法是下载每晚创建Glassfish 4.0.1.,但目前尚不完全稳定.我希望新版本能尽快发布.
Note: Glassfish 4.0.0 uses old Jersey 2.0. You will have to upgrade Jersey using these tips (it's not proven to work well). Or the better way is to download nightly build of Glassfish 4.0.1. but it's not completely stable at the moment. I hope the new version will be released soon.
这篇关于如何从Jersey-2请求过滤器访问检票口会话?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
