如何拦截REST端点以接收所有标头? [英] How to Intercept REST endpoint to receive all headers?
本文介绍了如何拦截REST端点以接收所有标头?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我当前的代码是
@Path("login")
@RequestScoped
public class LoginResource {
@GET
@SecurityChecked
public Response getUser(@HeaderParam("AUTH") @Nonnull final String authToken) {
return Response.ok("authenticated successfully.").build();
}
}
和 @SecurityChecked 是自定义注释为
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import javax.interceptor.InterceptorBinding;
@Inherited
@InterceptorBinding
@Target({ ElementType.TYPE, ElementType.METHOD })
@Retention(RetentionPolicy.RUNTIME)
public @interface SecurityChecked {
}
和Interceptor类为
and Interceptor class as
@Interceptor
@SecurityChecked
public class SecurityCheckInterceptor {
private static final Logger LOGGER = LoggerFactory.getLogger("SecurityCheckInterceptor");
@AroundInvoke
public Object validateUser(final InvocationContext context) throws Exception {
final Object[] params = context.getParameters();
LOGGER.info("Authentication token: " + Arrays.toString(params));
return context.proceed();
}
}
当我运行它时,我看到
Authentication token: [1a629d035831feadOO4uFReLyEW8aTmrCS]
问题?
- 在我的资源类中,我必须传递 @HeaderParam 参数
- 如何读取来自客户端的所有 HTTP 标头?
理想?
- 如果 getUser()不接受任何 @HeaderParam 输入和
- 拦截器应该能够为你提供所有 HTTP 标题
Ideal?
- If the getUser() does not take any @HeaderParam input and
- Interceptor should be able to give you all the HTTP Headers
我该怎么做?
推荐答案
我通过修改我的拦截器解决了这个问题,以下是代码
I have solved this by modifying the interceptor I have, the following is code
注释
@Inherited
@InterceptorBinding
@Target({ ElementType.TYPE, ElementType.METHOD })
@Retention(RetentionPolicy.RUNTIME)
public @interface SecurityChecked {
}
资源等级
public class SecureResource {
@GET
@SecurityChecked
public Response getUser() {
return Response.ok("authenticated successfully!").build();
}
}
拦截类
@Interceptor
@Provider
@ServerInterceptor
@SecurityChecked
public class SecurityCheckInterceptor implements PreProcessInterceptor, AcceptedByMethod {
private static final Logger LOGGER = LoggerFactory.getLogger(SecurityCheckInterceptor.class);
@Nullable
@Override
public ServerResponse preProcess(final HttpRequest request, final ResourceMethod method) throws Failure, WebApplicationException {
final List<String> authToken = request.getHttpHeaders().getRequestHeader("X-AUTH");
if (authToken == null || !isValidToken(authToken.get(0))) {
final ServerResponse serverResponse = new ServerResponse();
serverResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
return serverResponse;
}
return null;
}
private static boolean isValidToken(@Nonnull final String authToken) {
LOGGER.info("validating token: " + authToken);
return true;
}
@SuppressWarnings("rawtypes")
@Override
public boolean accept(final Class declaring, final Method method) {
// return declaring.isAnnotationPresent(SecurityChecked.class); // if annotation on class
return method.isAnnotationPresent(SecurityChecked.class);
}
}
然后我通过部署资源运行集成测试JBoss中的类并在命令行上发出以下命令
and then I run my Integration tests by deploying the resource class in JBoss and issuing following commands on command-line
curl --header 'X-AUTH: 1a629d035831feadOOO4uFReLyEW8aTmrCS' http://localhost:8080/market-1.0-SNAPSHOT/rest/login
curl --header 'InvalidHeader: InvalidHeaderValue' http://localhost:8080/market-1.0-SNAPSHOT/rest/login
这篇关于如何拦截REST端点以接收所有标头?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
