使用@CrossOrigin注释与JAX-RS(Jersey)

时间:2016-03-16 08:53:50

标签: java spring spring-mvc jersey

是否可以使用JAX-RS(Jersey)基于注释来注释@CrossOrigin(Spring-MVC)?

1 个答案:

答案 0 :(得分:1)

您可以通过实施ContainerRequestFilterContainerResponseFilter(请参阅:Filters)并使用注释驱动Name bindingDynamic binding来创建类似的内容。

这里有一个Annotation可用于名称或动态绑定:

import javax.ws.rs.NameBinding;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;

@NameBinding
@Retention(RetentionPolicy.RUNTIME)
public @interface CrossOrigin {
    String origins();
}

以下是以动态方式包含和注册过滤器类的DynamicFeature实现的不完整示例:

import org.glassfish.jersey.server.model.AnnotatedMethod;
import javax.annotation.Priority;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Priorities;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.*;
import javax.ws.rs.core.*;
import javax.ws.rs.ext.Provider;
import java.io.IOException;

@Provider
public class CrossOriginDynamicFeature implements DynamicFeature {

    //check annotation, register filters if CrossOrigin is present (DynamicBinding)
    @Override
    public void configure(final ResourceInfo resourceInfo, final FeatureContext configuration) {
        final AnnotatedMethod am = new AnnotatedMethod(resourceInfo.getResourceMethod());
        if (resourceInfo.getResourceClass().getAnnotation(CrossOrigin.class) != null) {
            configuration.register(CrossOriginFilter.class);
            configuration.register(ResponseCorsFilter.class);
        }
    }

    //this filter handles the request and checks the origin given
    @Priority(Priorities.AUTHENTICATION)
    private static class CrossOriginFilter implements ContainerRequestFilter {

        @Context
        private HttpServletRequest httpRequest;

        @Context
        private ResourceInfo resourceInfo;

        @Override
        public void filter(ContainerRequestContext requestContext)
            throws IOException {

            String origins = resourceInfo.getResourceMethod().getDeclaredAnnotation(CrossOrigin.class).origins();
            String originHeader = requestContext.getHeaderString("origin");

            //Maybe you want a different behaviour here. 
            //To prevent the execution of the annotated resource method 
            //if the origin of the request is not in the specified list, 
            //we break the execution with a 401.
            if (Arrays.asList(origins.split(",")).contains(originHeader)) {
                throw new WebApplicationException(Response.Status.UNAUTHORIZED);
            }
        }
    }

    //if the Request filter allows the access, 
    //the CORS header are added to the response here. 
    //There are other stackoverflow questions regarding this theme.
    public class ResponseCorsFilter implements ContainerResponseFilter {

        @Override
        public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
            //... add CORS header
        }
    }
}
相关问题
最新问题