我可以自定义注释到JAX-RS方法来验证访问? [英] Can I add a custom annotation to JAX-RS method to validate access?
问题描述
例如我有以下方法:
@GET
@Path("/get/current")
public Response getCurrentInfo(@HeaderParam("Authorization") String token){
Gson gson = new GsonBuilder()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS")
.setPrettyPrinting().create();
String email = SecurityProvider.decryptTokenAndGetEmail(token);
if(DB.isAccessPermitted(email)){
Info info = DB.getCurrentInfo();
String json = gson.toJson(info);
return Response.ok(json).build();
}else{
return Response.status(401).build();
}
}
因此,而不是在每一个方法写的:
So instead to write in every method:
if(DB.isAccessPermitted(email)){
Info info = DB.getCurrentInfo();
String json = gson.toJson(info);
return Response.ok(json).build();
}else{
return Response.status(401).build();
}
我将例如创建 @SecurityCheck
批注,批注每个具有有限的访问方法,只在一个地方进行检查。是有可能实现与注释和可MVCE提供?
谢谢你。
I will create for example @SecurityCheck
annotation, annotate every method which has limited access and perform check only in a single place. Is it possible to achieve with annotations and can MVCE be provided?
Thank you.
推荐答案
如果您使用的是JAX-RS 2.0,你可以注入的 ResourceInfo中
成 ContainerRequestFilter
,然后从获得 java.lang.reflect.Method中
。从方法
,你可以得到诠释。例如:
If you are using JAX-RS 2.0, you can inject ResourceInfo
into a ContainerRequestFilter
, then get the java.lang.reflect.Method
from the. From the Method
, you can get the annotation. For example
@Provider
@Priority(Priorities.AUTHENTICATION)
public class SecurityFilter implements ContainerRequestFilter {
@Context
private ResourceInfo resourceInfo;
// You can get the header from the `requestContext`
@Override
public void filter(ContainerRequestContext requestContext) {
Method resourceMethod = resourceInfo.getResourceMethod();
SecurityCheck annotation = resourceMethod.getAnnotation(SecurityCheck.class);
// get some value from annotation
if (notAllowedAccess) {
throw new WebApplicationException(403);
}
}
}
这(在 ResourceInfo中
)只需要但如果你需要从注释获得一些价值,如 @SecurityCheck(SomeRoleAllowed)
。
This (the ResourceInfo
) is only necessary though if you need to get some value from the annotation, like @SecurityCheck("SomeRoleAllowed")
.
如果你并不需要的价值,你想要的是一个待过滤注解的任何方法,那么你可以创建一个 DynamicFeature
,在那里你每个绑定方法将一个过滤器。例如:
If you don't need the value, and all you want is for any method annotated to be filtered, then you can either create a DynamicFeature
, where you bind each method to a filter. For example
@Provider
public class SecurityCheckDynamicFeature implements DynamicFeature {
@Override
public void configure(ResourceInfo info, FeatureContext context) {
Method method = info.getResourceMethod();
SecurityCheck annotation = method.getAnnotation(SecurityCheck.class);
if (annotation != null) {
context.register(SecurityFilter.class);
}
}
}
或者另一种方式是只使用 @NameBinding
在自定义注解
@NameBinding
@Target(...)
@Retention
public @interface SecurityCheck {}
然后你需要与注释也注释 SecurityFilter类
类。注释任何方法或类会通过过滤器。
Then you need to annotate the SecurityFilter
class with the annotation also. Any method or class annotated will go through the filter.
其他资源:
- Filters and Interceptors
这篇关于我可以自定义注释到JAX-RS方法来验证访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!