在资源的ContainerRequestFilter中创建的访问对象 [英] Access object created in ContainerRequestFilter in Resources

问题描述

如何使user对象可用于资源中的进一步处理

How to make user object available for further processing in a Resource

   @Priority(Priorities.AUTHENTICATION)
   public static class ResourceAllowedRequestFilter implements ContainerRequestFilter {
      private AuthorizationValidation authorizationValidation;

      public ResourceAllowedRequestFilter() {
         try {
            authorizationValidation = new AuthorizationValidation();
         } catch (Exception e) {

         }
      }

      @Override
      public void filter(ContainerRequestContext requestContext) throws IOException {
         if (userHeader == null) {
           throw new BadRequestException(Response.status(Status.BAD_REQUEST).build());
         } else {
           User user = authorizationValidation.isAuthorizationValid(userHeader)
         }
      }
   }

   @GET
   @Path("/{page}/{limit}")
   public Response getBooks() {
     Access user object created in ContainerRequestFilter
   }

推荐答案

阿法格(Afaig)只有一种方法，称为注入-但有多种使用注入的方法.

Afaig, there is only one way of doing so, named Injection - but multiple ways of using injection.

这里有两种方法:

1. 您可以实现/使用javax.ws.rs.core.SecurityContext.因此，您的用户必须实现java.security.Principal并使用@Context将SecurityContext注入到您的资源中.下面的基本示例...

1. You can implement / use javax.ws.rs.core.SecurityContext. Therefore your User must implement java.security.Principal and use @Context to inject the SecurityContext into your Resource. Basic example below ...

您还可以构建并注册工厂，然后将每个请求的User注入到您的Resource中.请为此访问球衣文档，或搜索@ stackoverflow.您会发现很多示例.

You could also build and register a Factory and inject the User per-request into your Resource. Please visit jersey docs for that, or search @ stackoverflow. You will find a lot of examples.

SecurityContext(1)示例:

ContainerRequestFilter

@Override
public synchronized void filter(ContainerRequestContext request)
        throws IOException {

    final User user = authorizationValidation.isAuthorizationValid(userHeader)

    // impl 
    request.setSecurityContext( new MySecurityContext(user) );

    // or simple but not the best
    request.setSecurityContext( new SecurityContext() {
        @Override
        public boolean isUserInRole(String role) {
            return true; // check roles if you need ...
        }
        @Override
        public boolean isSecure() {
            return false; // check HTTPS
        }
        @Override
        public Principal getUserPrincipal() {
            return user; // return your user here - User must implement Principal
        }
        @Override
        public String getAuthenticationScheme() {
            return null; // ...
        }
    }
}

资源

@Context
protected SecurityContext securityContext;

@GET
@Path("/{page}/{limit}")
public Response getBooks() {
    User user = (User)securityContext.getUserPrincipal();
}

祝你有美好的一天...

Have a nice day ...

这篇关于在资源的ContainerRequestFilter中创建的访问对象的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！