我有Apache CXF,基于JAX-RS的webservice项目。我已实现基于角色的身份验证/授权。验证后如果用户通过身份验证,我想使用此对象(用户对象)在整个项目中用于访问日志记录或“谁做了什么”的目的。 有没有办法做到这一点?此对象也应该是基于请求的。因为每个请求都经过DB身份验证。
以下是示例代码。
public class SecurityInterceptor implements RequestHandler {
@Override
public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
Response response = null;
OperationResourceInfo operationResourceInfo = message.getExchange().get(OperationResourceInfo.class);
Method methodToInvoke = operationResourceInfo.getMethodToInvoke();
if ( methodToInvoke.isAnnotationPresent(AllowAll.class) ){//Allow all the request to pass. i.e. login,menu_item etc.
response = null;
} else if ( methodToInvoke.isAnnotationPresent(RolesAllowed.class) ){ // authenticate and authorize.
Map<String, List<String> > valueMap = ((Map<String, List<String>>) message.get(Message.PROTOCOL_HEADERS));
List<String> tokenList = valueMap.get(TOKEN_HEADER);
//checking whether token list is empty.
if ( tokenList == null || tokenList.isEmpty() ){
response = Response.ok( prepareResponse(FAILURE , _00028 ) ).build();
} else { //else authenticate request with token .
String token = tokenList.get(0);
AuthenticationBO authBo = new AuthenticationBOImpl();
authBo.authenticate(token);
if ( authBo.getResponse().getStatus() == SUCCESS ){
Authentication auth = authBo.getResponse().getPbBeans().getAuthentication();
//this user object needs to be set in Context to be used in service classes.
final User contextUser = auth.getUser();
Set<Integer> rolesSet = new HashSet<Integer>( Arrays.asList( ArrayUtils.toObject(methodToInvoke.getAnnotation(RolesAllowed.class).value() ) ) );
if ( !authorize( contextUser , rolesSet ) ){
response = Response.ok( prepareResponse(FAILURE , _00022 ) ).build() ;
} else {
authBo = new AuthenticationBOImpl();
authBo.updateLastAccessTime( token );
if ( authBo.getResponse().getStatus() == FAILURE ){
System.out.println(" AUTHENTICATION UPDATE FAILURE !!! ");
}
}
} else {
response = Response.ok( prepareResponse(authBo.getResponse().getStatus() , authBo.getResponse().getCode())).build();
}
}
}
return response;
}
private boolean authorize(User user , Set<Integer> rolesAllowed ){
if ( rolesAllowed.contains( user.getUser_role_key() ) ){
return true ;
} else {
return false;
}
}
public PBResponse prepareResponse(Integer status, String code ){
PBResponse response = new PBResponse();
response.setStatus(status);
response.setCode(code);
response.setMessage( CodeProperties.getInstance().getValue(code) );
return response;
}
}