等价于Micronaut中的javax.ws.rs NameBinding? [英] Equivalent of javax.ws.rs NameBinding in Micronaut?
问题描述
我正在尝试将旧的HTTP服务器移植到Micronaut,并且尝试将使用 javax.ws.rs NameBinding 批注的授权过滤器移植到Micronaut HTTP服务器过滤器.我90%的端点/控制器使用的是 NameBinding 注释,因此使用标准的Micronaut HTTP服务器过滤器将很困难.
I am working on porting an old HTTP server to Micronaut and I am stuck trying to port an authorization filter that used the javax.ws.rs NameBinding annotation to a Micronaut HTTP server filter. 90% of my endpoints/controllers use the NameBinding annotation I have so using the standard Micronaut HTTP server filter would be difficult.
一个臭名昭著的代码是创建一个接受所有api端点的过滤器(即 @Filter("/**")),然后可能存储所有不包含以下内容的路径的列表不需要授权并将其与请求的路径进行比较.
One code smelly thought was to create a filter accepting all api endpoints (ie. @Filter("/**")) and then maybe storing a list of all the paths that don't require authorization and comparing that against the requested path.
我尝试的另一种方法是尝试通过请求/链中的反射来派生目标方法,但似乎目标方法保存在 @Internal 类中,这使我相信我应该没有从过滤器中反映出该方法.如果我能够从过滤器中反映出目标方法,那么我可以寻找我的旧注释并对此进行过滤.
Another hack I attempted to was to try and derive the target method with reflections through the request/chain but it seems that target method is held in an @Internal class which leads me to believe I should not be reflecting on the method from a filter. If I was able to reflect on the target method from a filter I could look for my old annotation and filter on that.
总的来说,除了少数几个控制器/方法(例如反向滤波器模式)(尽管这也不理想)之外,是否有任何指导原则可为大型控制器/方法子提供过滤器?
In general are there any guiding principles for providing filters to a large subset of controllers/methods excluding a handful, for example an inverse filter pattern (although this would also not be ideal)?
micronaut中有什么方法可以手动控制过滤器的注入吗?
Is there any way in micronaut to manually control the injection of filters?
推荐答案
If you need a fine grained control over your endpoints, I'll go for micronaut AOP
@Documented
@Retention(RUNTIME)
@Target(ElementType.METHOD)
@Around
@Type(AuthenticatedInterceptor.class)
public @interface Authenticated {
}
和拦截器响应
@Singleton
public class AuthenticatedInterceptor implements MethodInterceptor<Object, Object> {
@Override
public Object intercept(MethodInvocationContext<Object, Object> context) {
final var authHeader = ServerRequestContext.currentRequest()
.map(HttpMessage::getHeaders)
.flatMap(HttpHeaders::getAuthorization)
.orElseThrow(() -> new RuntimeException("no header"));
validate(authHeader);
return context.proceed();
}
}
然后,您必须在每个需要认证的方法上添加 @Authenticated .
then you'll have to add @Authenticated on each methods that need to be authenticated.
Micronaut安全性提供拥有 @Secured 注释.
Micronaut security provides it's own @Secured annotation.
这篇关于等价于Micronaut中的javax.ws.rs NameBinding?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
