GWT servlet过滤器,如何识别特殊服务请求? [英] GWT servlet filter ,How to identify special service request?
问题描述
我使用GWT + requestfacotry(MVP)+ GAE创建了一个应用程序。有一些服务或方法暴露给GWT客户端,比如
1.create
2.remove
3.query
我想要将授权功能添加到创建和删除,而不是查询。
我使用了servlet过滤器:
public void doFilter(ServletRequest servletRequest,ServletResponse servletResponse,
FilterChain filterChain)抛出IOException,ServletException {
UserService userService = UserServiceFactory.getUserService();
HttpServletRequest请求=(HttpServletRequest)servletRequest;
HttpServletResponse响应=(HttpServletResponse)servletResponse; $!
$ b if(!userService.isUserLoggedIn()){
response.setHeader(login,userService.createLoginURL(request.getHeader(pageurl)));
// response.setHeader(login,userService.createLoginURL(request.getRequestURI()));
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
filterChain.doFilter(request,response);
}
我的问题是如何识别什么请求我的意思是请求会路由到哪个类和服务)进来?有一些头部字段包含模块名称,但我不是这样做的安全方法。
是否可以通过http请求获取RequestFacotry相关类?
谢谢 解决方案
在servlet过滤器中很难做到这一点。相反,您可以在RF ServiceLayerDecorator链中提供自定义装饰器。实现可能如下所示:
import com.google.web.bindery.requestfactory.server.ServiceLayerDecorator;
$ b $ public class SecurityDecorator extends ServiceLayerDecorator {
$ b $ @Override
public Object invoke(Method domainMethod,Object ... args){
if(!isAllowed (domainMethod)){
handleSecurityViolation();
}
返回super.invoke(domainMethod,args);
$ / code>
要注册附加的装饰器,请提供一个自定义RF servlet :
import com.google.web.bindery.requestfactory.server.RequestFactoryServlet;
$ b $ public class SecurityAwareRequestFactoryServlet extends RequestFactoryServlet {
$ b $ public SecurityAwareRequestFactoryServlet(){
super(new DefaultExceptionHandler(),new SecurityDecorator());
并将其注册到您的web.xml中:
< servlet>
< servlet-name> gwtRequest< / servlet-name>
< servlet-class> com.company.SecurityAwareRequestFactoryServlet< / servlet-class>
< / servlet>
I created a app with GWT+requestfacotry(MVP)+GAE. There are some service or method exposed to GWT client ,such as
1.create 2.remove 3.query
I want to add authorization function to "create" and "remove" ,but not to "query". I did it with servlet filter :
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
UserService userService = UserServiceFactory.getUserService();
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
if (!userService.isUserLoggedIn()) {
response.setHeader("login", userService.createLoginURL(request.getHeader("pageurl")));
// response.setHeader("login", userService.createLoginURL(request.getRequestURI()));
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
filterChain.doFilter(request, response);
}
My question is how to identify what request (I mean the request will route to which class and service )coming in ? There are some head fields contain the module name ,but I don't it is the security way to do. Is it possible to get RequestFacotry relevant class from http request ?
Thanks
It's hard to do this within the servlet-filter. Instead you can provide a custom decorator within the RF ServiceLayerDecorator chain. Implementation can looks like this:
import com.google.web.bindery.requestfactory.server.ServiceLayerDecorator;
public class SecurityDecorator extends ServiceLayerDecorator {
@Override
public Object invoke( Method domainMethod, Object... args ) {
if ( !isAllowed( domainMethod) ) {
handleSecurityViolation();
}
return super.invoke( domainMethod, args );
}
}
To register the additional decorator, provide a custom RF servlet:
import com.google.web.bindery.requestfactory.server.RequestFactoryServlet;
public class SecurityAwareRequestFactoryServlet extends RequestFactoryServlet {
public SecurityAwareRequestFactoryServlet() {
super( new DefaultExceptionHandler(), new SecurityDecorator() );
}
}
and register it in your web.xml:
<servlet>
<servlet-name>gwtRequest</servlet-name>
<servlet-class>com.company.SecurityAwareRequestFactoryServlet</servlet-class>
</servlet>
这篇关于GWT servlet过滤器,如何识别特殊服务请求?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!