JCDI拦截器和apache cxf

Question

我有一个JAX-RS服务，我希望所有用户都能访问我的服务，但只有那些拥有权限（ROLES）才能访问资源的用户。我希望实现概念，牢记REST服务是无状态的。

所以流程应该是例如：

1. 用户对一个REST服务进行身份验证，然后向他发送JWT令牌 他的身份证件
2. 用户要求提供其他资源，并在每个资源中向他的JWT发送他的ID 请求
3. 我检查他的用户ID（来自JWT）以及业务逻辑是否返回 结果我发回去，否则我发送空结果集或具体 HTTP状态

我在stackoverflow和其他网站上看到了一些示例和建议。

https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.0.0/com.ibm.websphere.nd.doc/info/ae/ae/twbs_jaxrs_jcdi_decoratorsandmethod.html

http://www.javacodegeeks.com/2015/10/cdi-interceptor-of-http-request-and-header-params-simple-example.html

这样做的问题是没有调用JCDI拦截器。

我正在使用tomcat和CXF JAX-RS 2.7实现。

WEB-INF \ beans.xml中

<beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="
       http://xmlns.jcp.org/xml/ns/javaee
       http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd"
       bean-discovery-mode="all">

    <interceptors>
        <class>edu.learn.auth.interceptor.CheckRequestInterceptor</class>
    </interceptors>
</beans>

WEB-INF \ CXF-beans.xml文件

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:cxf="http://cxf.apache.org/core" 
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:jaxws="http://cxf.apache.org/jaxws"
    xmlns:jaxrs="http://cxf.apache.org/jaxrs"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
     http://cxf.apache.org/jaxrs
     http://cxf.apache.org/schemas/jaxrs.xsd
     http://cxf.apache.org/jaxws
     http://cxf.apache.org/schemas/jaxws.xsd
     http://www.springframework.org/schema/context
     http://www.springframework.org/schema/context/spring-context-4.1.xsd">

    <jaxrs:server id="statementService" address="/statmentservices">
        <jaxrs:providers>
            <bean class="org.codehaus.jackson.jaxrs.JacksonJsonProvider">
                <property name="mapper" ref="jacksonMapper"/>
            </bean>
        </jaxrs:providers>
        <jaxrs:serviceBeans>
            <ref bean="StatementServiceImpl" />
        </jaxrs:serviceBeans>
        <jaxrs:extensionMappings>
            <entry key="xml" value="application/xml" />
            <entry key="json" value="application/json" />
        </jaxrs:extensionMappings>
        <jaxrs:languageMappings>
            <entity key="en" value="en-gb" />
        </jaxrs:languageMappings>
        <jaxrs:features>
            <cxf:logging />
        </jaxrs:features>
    </jaxrs:server>

    <bean id="StatementServiceImpl" class="edu.learn.restservice.impl.StatementServiceImpl"/>
    <bean id="jacksonMapper" class="org.codehaus.jackson.map.ObjectMapper"/>
</beans>


package edu.learn.restservice;

import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;

import edu.learn.auth.interceptor.CheckRequest;

public interface StatementService
{
    @GET
    @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, MediaType.TEXT_HTML})
    @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, MediaType.APPLICATION_OCTET_STREAM})
    @Path("/getAccounts")
    @CheckRequest(role="ADMIN")
    public Response getAccounts(@QueryParam("userId") String userId);

    @GET
    @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, MediaType.TEXT_HTML})
    @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, MediaType.APPLICATION_OCTET_STREAM})
    @Path("/getTransactionDetails")
    @CheckRequest(role="ADMIN")
    public Response getTransactionDetails(@QueryParam("transactionId") String transactionId);
}