使用JAX-RS（Jersey）和@RolesAllowed自定义HTTP状态响应 [英] Custom HTTP status response with JAX-RS (Jersey) and @RolesAllowed

问题描述

通过我非常简单的JAX-RS服务，我使用Tomcat和JDBC领域进行身份验证，因此我正在使用JSR 250注释。

With my very simple JAX-RS service I'm using Tomcat with JDBC realm for authentication, therefore I'm working the the JSR 250 annotations.

是我想在HTTP状态响应中返回自定义消息正文。状态代码（403）应保持不变。例如，我的服务如下所示：

The thing is that I want to return a custom message body in the HTTP status response. The status code (403) should stay the same. For example, my service looks like the following:

@RolesAllowed({ "ADMIN" })
@Path("/users")
public class UsersService {

    @GET
    @Produces(MediaType.TEXT_PLAIN)
    @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
    public String getUsers() {
        // get users ...
        return ...;
    }
}

如果角色与ADMIN不同的用户访问该服务，我想将响应消息更改为类似的内容（取决于媒体类型[xml / json]）：

If a user with a different role than "ADMIN" access the service, I want to change the response message to something like that (depending on the media type [xml/json]):

<error id="100">
    <message>Not allowed.</message>
</error>

目前泽西岛退回以下机构：

At the moment Jersey returns the following body:

HTTP Status 403 - Forbidden

type Status report
message Forbidden
description Access to the specified resource (Forbidden) has been forbidden.
Apache Tomcat/7.0.12

如何更改默认邮件正文？有没有办法处理（可能抛出）异常来构建我自己的HTTP状态响应？

How can I change the default message body? Is there a way to handle the (maybe thrown) exception to build my own HTTP status response?

推荐答案

最简单的处理方法这种情况是抛出一个异常并注册一个异常映射器，以便在这种情况下转换成你想要发送的消息类型。所以，假设你抛出一个 AccessDeniedException ，那么你就会有一个像这样的处理程序（为了清楚起见，在地方有完整的类名）：

The easiest way to handle this sort of thing is to throw an exception and to register an exception mapper to convert into the kind of message you want to send in that case. So, suppose you throw an AccessDeniedException, you would then have a handler like this (with full class names in places for clarity):

@javax.ws.rs.ext.Provider
public class AccessDeniedHandler
        implements javax.ws.rs.ext.ExceptionMapper<AccessDeniedException> {
    public javax.ws.rs.core.Response toResponse(AccessDeniedException exn) {
        // Construct+return the response here...
        return Response.status(403).type("text/plain")
                .entity("get lost, loser!").build();
    }
}

注册异常映射器的方式因到你正在使用的框架，但对于泽西岛你只需使用 @Provider 即可。我会让你自己弄清楚你想要如何生成你想要的那种错误文档，但是我建议把失败当作某种HTTP错误代码来处理（那更加RESTful ......）

The way in which you register the exception mapper varies according to the framework you're using, but for Jersey you should be fine with just using @Provider. I'll let you figure out for yourself how you want to generate the kind of error documents that you want, but I do recommend handling failures as HTTP error codes of some kind (that's more RESTful...)

这篇关于使用JAX-RS（Jersey）和@RolesAllowed自定义HTTP状态响应的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！