JAX-RS 2.0通过@NameBinding注释过滤参数 [英] JAX-RS 2.0 Filter parameters via @NameBinding annotation
问题描述
我创建了一些JAX-RS 2.0资源(使用在Servlet容器中运行的Jeresey 2.4)和一个处理身份验证和授权的过滤器,可以通过@NameBinding注释有选择地应用。这一切都很好。
I've created some JAX-RS 2.0 resources (using Jeresey 2.4 running in a Servlet container) and a filter that handles authentication and authorisation that can be selectively applied via a @NameBinding annotation. This all works great.
我希望能够在这个注释上定义一些参数(特别是访问每个方法/资源所需的安全权限)在运行时可用于过滤器以改变此行为。
I would like to be able to define some parameters on this annotation (specifically, security permissions that are required to access each method/resource) that can be available to the filter at runtime to alter this behaviour.
我注意到拦截器可以通过javax.ws.rs.ext.InterceptorContext.getAnnotations()执行此操作但在那里在过滤器的javax.ws.rs.container.ContainerRequestContext中没有等价物。有什么想法可以实现吗?我希望能够做类似以下的事情:
I notice that interceptors can do this via javax.ws.rs.ext.InterceptorContext.getAnnotations() but there is no equivalent in javax.ws.rs.container.ContainerRequestContext for filters. Any ideas how this may be achieved? I would like to be able to do something like the following:
@Target({TYPE, METHOD})
@Retention(value = RetentionPolicy.RUNTIME)
@NameBinding
public @interface Secured {
String[] requiredPermissions() default {};
}
@Secured
@Priority(Priorities.AUTHENTICATION)
public class SecurityRequestFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext containerRequestContext) throws IOException {
// extract credentials, verify them and check that the user has required permissions, aborting if not
}
}
@Path("/userConfiguration/")
public class UserConfigurationResource {
@GET
@Produces(MediaType.APPLICATION_XML)
@Secured(requiredPermissions = {"configuration-permission"})
public Response getConfig(@Context HttpServletRequest httpServletRequest) {
// produce a response
}
}
推荐答案
对于非供应商特定的解决方案,从JAX-RS 2.0开始,您可以使用 ResourceInfo
:
For a non-vendor specific solution, since JAX-RS 2.0 you can use ResourceInfo
:
@Secured
@Priority(Priorities.AUTHENTICATION)
public class SecurityRequestFilter implements ContainerRequestFilter {
@Context
private ResourceInfo resourceInfo;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Method method = resourceInfo.getResourceMethod();
if (method != null) {
Secured secured = method.getAnnotation(Secured.class);
...
}
}
}
这篇关于JAX-RS 2.0通过@NameBinding注释过滤参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!