在资源的ContainerRequestFilter中创建的访问对象 [英] Access object created in ContainerRequestFilter in Resources
问题描述
如何使user
对象可用于资源中的进一步处理
How to make user
object available for further processing in a Resource
@Priority(Priorities.AUTHENTICATION)
public static class ResourceAllowedRequestFilter implements ContainerRequestFilter {
private AuthorizationValidation authorizationValidation;
public ResourceAllowedRequestFilter() {
try {
authorizationValidation = new AuthorizationValidation();
} catch (Exception e) {
}
}
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
if (userHeader == null) {
throw new BadRequestException(Response.status(Status.BAD_REQUEST).build());
} else {
User user = authorizationValidation.isAuthorizationValid(userHeader)
}
}
}
@GET
@Path("/{page}/{limit}")
public Response getBooks() {
Access user object created in ContainerRequestFilter
}
推荐答案
阿法格(Afaig)只有一种方法,称为注入-但有多种使用注入的方法.
Afaig, there is only one way of doing so, named Injection - but multiple ways of using injection.
这里有两种方法:
-
您可以实现/使用
javax.ws.rs.core.SecurityContext
.因此,您的用户必须实现java.security.Principal
并使用@Context
将SecurityContext注入到您的资源中.下面的基本示例...
You can implement / use
javax.ws.rs.core.SecurityContext
. Therefore your User must implementjava.security.Principal
and use@Context
to inject the SecurityContext into your Resource. Basic example below ...
您还可以构建并注册工厂,然后将每个请求的User注入到您的Resource中.请为此访问球衣文档,或搜索@ stackoverflow.您会发现很多示例.
You could also build and register a Factory and inject the User per-request into your Resource. Please visit jersey docs for that, or search @ stackoverflow. You will find a lot of examples.
SecurityContext(1)示例:
ContainerRequestFilter
@Override
public synchronized void filter(ContainerRequestContext request)
throws IOException {
final User user = authorizationValidation.isAuthorizationValid(userHeader)
// impl
request.setSecurityContext( new MySecurityContext(user) );
// or simple but not the best
request.setSecurityContext( new SecurityContext() {
@Override
public boolean isUserInRole(String role) {
return true; // check roles if you need ...
}
@Override
public boolean isSecure() {
return false; // check HTTPS
}
@Override
public Principal getUserPrincipal() {
return user; // return your user here - User must implement Principal
}
@Override
public String getAuthenticationScheme() {
return null; // ...
}
}
}
资源
@Context
protected SecurityContext securityContext;
@GET
@Path("/{page}/{limit}")
public Response getBooks() {
User user = (User)securityContext.getUserPrincipal();
}
祝你有美好的一天...
Have a nice day ...
这篇关于在资源的ContainerRequestFilter中创建的访问对象的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!