使用Apache CXF 2.4 JAX-RS和Spring Security 3.2获取用户名 [英] Get user name with Apache CXF 2.4 JAX-RS and Spring Security 3.2
问题描述
我使用 SecurityContextHolder 在我的JAX-RS资源中获取用户名,并且可以正常工作:
I get the user name in my JAX-RS resource with SecurityContextHolder and that works:
@Path("/myresource")
public class MyResoure {
@Get
public String getUserName() {
return SecurityContextHolder.getContext().getAuthentication().getName();
}
}
但我想将SecurityContext注入类字段(编写JUnit测试)。我尝试了一些记录的方法:
But I want to inject the SecurityContext into a class field (to write JUnit tests). I tried some documented ways:
使用 javax.ws.rs.core.SecurityContext 我得到 NullPointerException ,因为 securityContext 始终是 null 。
With javax.ws.rs.core.SecurityContext I get a NullPointerException, because the securityContext is always null.
@Path("/myresource")
public class MyResoure {
@Context
private javax.ws.rs.core.SecurityContext securityContext;
@Get
public String getUserName() {
return securityContext.getUserPrincipal().getName();
}
}
使用 org.apache。 cxf.security.SecurityContext (参见 Apache CXF文档)我得到 NullPointerException ,因为 securityContext.getUserPrincipal()总是 null 。
With org.apache.cxf.security.SecurityContext (see Apache CXF documentation) I get a NullPointerException, because the securityContext.getUserPrincipal() is always null.
@Path("/myresource")
public class MyResoure {
@Context
private org.apache.cxf.security.SecurityContext securityContext;
@Get
public String getUserName() {
return securityContext.getUserPrincipal().getName();
}
}
使用 org.apache。 cxf.jaxrs.ext.MessageContext (参见 Apache CXF文档)我得到 NullPointerException ,因为 messageContext.getSecurityContext()。getUserPrincipal ()总是 null 。
With org.apache.cxf.jaxrs.ext.MessageContext (see Apache CXF documentation) I get a NullPointerException, because the messageContext.getSecurityContext().getUserPrincipal() is always null.
@Path("/myresource")
public class MyResoure {
@Context
private org.apache.cxf.jaxrs.ext.MessageContext messageContext;
@Get
public String getUserName() {
return messageContext.getSecurityContext().getUserPrincipal().getName();
}
}
使用 javax.servlet。 http.HttpServletRequest 我得到 NullPointerException ,因为 httpServletRequest.getUserPrincipal()总是空。
With javax.servlet.http.HttpServletRequest I get a NullPointerException, because the httpServletRequest.getUserPrincipal() is always null.
@Path("/myresource")
public class MyResoure {
@Context
private javax.servlet.http.HttpServletRequest httpServletRequest;
@Get
public String getUserName() {
return httpServletRequest.getUserPrincipal().getName();
}
推荐答案
获取用户名
-
javax.ws.rs.core.SecurityContext, -
org.apache.cxf.security.SecurityContext, -
org.apache。 cxf.jaxrs.ext.MessageContext或 -
javax.servlet.http.HttpServletRequest
javax.ws.rs.core.SecurityContext,org.apache.cxf.security.SecurityContext,org.apache.cxf.jaxrs.ext.MessageContextorjavax.servlet.http.HttpServletRequest
我必须将 SecurityContextHolderAwareRequestFilter 添加到我的 springSecurityFilterChain 。
弹簧配置:
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/**" filters="securityContextPersistenceFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor" />
</security:filter-chain-map>
</bean>
使用安全命名空间配置或 Java配置默认添加过滤器,参见 Spring Security文档:
With Security Namespace Configuration or Java Configuration the filter is added by default, see Spring Security documentation:
- servlet-api-provision 提供HttpServletRequest安全方法的版本,例如isUserInRole()和getPrincipal()通过向堆栈添加SecurityContextHolderAwareRequestFilter bean来实现。默认为true。
- servlet-api-provision Provides versions of HttpServletRequest security methods such as isUserInRole() and getPrincipal() which are implemented by adding a SecurityContextHolderAwareRequestFilter bean to the stack. Defaults to true.
这篇关于使用Apache CXF 2.4 JAX-RS和Spring Security 3.2获取用户名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
