我试图获取 ContainerRequestFilter 对象中的方法注释。
控制器:
@GET
@RolesAllowed("ADMIN")
public String message() {
return "Hello, rest12!";
}
容器请求过滤器:
@Provider
public class SecurityInterceptor implements javax.ws.rs.container.ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext requestContext) {
//Here I need To get the @RolesAllowed("ADMIN") annotation value
}
应用 :
@ApplicationPath("/rest")
public class ExpertApp extends Application {
private final HashSet<Object> singletons = new LinkedHashSet<Object>();
public ExpertApp() {
singletons.add(new SecurityInterceptor());
}
@Override
public Set<Object> getSingletons() {
return singletons;
}
public Set<Class<?>> getClasses() {
return new HashSet<Class<?>>(Arrays.asList(UserControler.class, SearchController.class));
}
}
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Servlet declaration can be omitted in which case it would be automatically
added by Jersey -->
<servlet>
<servlet-name>javax.ws.rs.core.Application</servlet-name>
</servlet>
<servlet-mapping>
<servlet-name>javax.ws.rs.core.Application</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
如何获取 @RolesAllowed("ADMIN") 值,
你可以...
注入您的过滤器@Context ResourceInfo
, 正如所见here https://stackoverflow.com/q/30773160/2587435,并从中获取注释Method
RolesAllowed annot = resourceInfo.getResourceMethod().getAnnotation(RolesAllowed.class);
But...
泽西岛已经有一个RolesAllowedDynamicFeature https://github.com/jersey/jersey/blob/master/core-server/src/main/java/org/glassfish/jersey/server/filter/RolesAllowedDynamicFeature.java实现注释的访问控制@RolesAllowed
, @PermitAll
and @DenyAll
。你只需要在您的应用程序中注册该功能 https://jersey.java.net/documentation/latest/security.html#d0e12202
In ResourceConfig
public class MyApplication extends ResourceConfig {
public MyApplication() {
super(MyResource.class);
register(RolesAllowedDynamicFeature.class);
}
}
In web.xml
<init-param>
<param-name>jersey.config.server.provider.classnames</param-name>
<param-value>
org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature
</param-value>
</init-param>
或者在你的Application
子类,您可以将其添加到您的getSingletons()
or getClasses()
放。选哪一个并没有多大区别。不会发生注入,因此只需实例化它并将其添加到单例中是安全的。
Note: The first option can be done in any JAX-RS 2.0 application, while the second is Jersey specific.
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)