Question

如果我使用JAX-RS 2，它就像下面那样容易。

但问题在于使用以前的版本。我不知道该怎么做。

@Provider
public class SomeFilter implements ContainerRequestFilter {

    @Context
    private ResourceInfo resourceInfo;

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        Method method = resourceInfo.getResourceMethod();
    }
}

Answer 1

您不必使用过滤器。在web.xml中添加安全性约束auth-constraint。以下示例显示了如何将两个名为staff和customer的角色添加到授权角色。

<security-role>
    <role-name>staff</role-name>
</security-role>
<security-role>
    <role-name>customer</role-name>
</security-role>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>Read-only REST requests</web-resource-name>
        <url-pattern>/rest/weather/*</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>customer</role-name>
        <role-name>staff</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<security-constraint> … </security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>file</realm-name>
</login-config>

使用例如@RolesAllowed对JAX-RS 1（泽西岛）进行授权

1 个答案: