Question

我有一个看起来像

的拦截器

@Interceptor
@Provider
@ServerInterceptor
@SecurityChecked
public class SecurityCheckInterceptor implements PreProcessInterceptor, AcceptedByMethod, PostProcessInterceptor {
    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityCheckInterceptor.class);

    @Nullable
    @Override
    public ServerResponse preProcess(final HttpRequest request, final ResourceMethod method) throws Failure, WebApplicationException {
        final List<String> authToken = request.getHttpHeaders().getRequestHeader(AUTH_TOKEN);

        if (authToken == null || !isValidToken(authToken.get(0))) {
            final ServerResponse serverResponse = new ServerResponse();
            serverResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
            return serverResponse;
        }

        return null;
    }

    @SuppressWarnings("rawtypes")
    @Override
    public boolean accept(final Class declaring, final Method method) {
        // return declaring.isAnnotationPresent(SecurityChecked.class);
        return method.isAnnotationPresent(SecurityChecked.class);
    }

    @Override
    public void postProcess(final ServerResponse response) {
        LOGGER.info("post-processing response " + response.getEntity());
    }

}

我想要什么？
- 每次响应返回时，我都需要添加新的AUTH_TOKEN值
- 原始request可以访问请求标头，其中一个标头的格式为

signature:user:expires

我需要user形成此request标头，才能生成新的基于时间的令牌

如何访问request标题？

Answer 1

我添加了

@Context HttpServletRequest servletRequest;

这让我可以访问标题。

我修改的拦截器看起来像

@Interceptor
@Provider
@ServerInterceptor
@SecurityChecked
public class SecurityCheckInterceptor implements PreProcessInterceptor, AcceptedByMethod, PostProcessInterceptor {
    private static final Pattern PATTERN = Pattern.compile(":");
    @Context
    HttpServletRequest servletRequest;

    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityCheckInterceptor.class);

    @Nullable
    @Override
    public ServerResponse preProcess(final HttpRequest request, final ResourceMethod method) throws Failure, WebApplicationException {
        final List<String> authToken = request.getHttpHeaders().getRequestHeader(AUTH_TOKEN);

        if (authToken == null || !isValidToken(authToken.get(0))) {
            final ServerResponse serverResponse = new ServerResponse();
            serverResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
            return serverResponse;
        }

        return null;
    }

    @SuppressWarnings("rawtypes")
    @Override
    public boolean accept(final Class declaring, final Method method) {
        // return declaring.isAnnotationPresent(SecurityChecked.class);
        return method.isAnnotationPresent(SecurityChecked.class);
    }

    @Override
    public void postProcess(final ServerResponse response) {
        final String header = servletRequest.getHeader(AUTH_TOKEN);
        LOGGER.info("post-processing response " + header);
        final String authToken = TokenUtils.createToken(PATTERN.split(header)[1]);
    }
}

在日志中我看到了

(http--0.0.0.0-9090-1) post-processing response InvalidTokenValue:user:1377552546572

PostProcessInterceptor：如何访问HTTP请求？

1 个答案: