信息:我在泽西岛有一个基于Spring的REST项目。我使用Maven来管理依赖项。
我一直在使用 Jersey 1.x 几个月,并决定将我的项目升级到 Jersey 2.x 。而且我还想添加黑名单管理器以防止应用程序受到攻击。我没有在 Jersey 1.x 中使用黑名单,但升级到2.x我想使用它。
我搜索了官方网站,搜索了有关创建黑名单操作但不满足信息的问题。
我打算创建一个过滤bean,它从 root-context.xml 中的列表中获取黑名单值。
我尝试了一个覆盖filter方法的PreMatchingFilter类,但似乎我无法访问该过滤器。
这是我实现的PreMatchingFilter类。
public class PreMatchingFilter implements ContainerRequestFilter{
InjectionFilter injectionFilter;
private final int OK = 200;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Request requestMajestic = requestContext.getRequest();
HttpServletRequest requestHttpServlet = (HttpServletRequest) requestMajestic;
Response responseFilterized = injectionFilter.doFilter(requestHttpServlet);
// injectionFilter.doFilter method gets the HttpServletRequest object and searches for //the blacklist values and if they exist returns a response with the status 400, //otherwise 200.
if( OK != responseFilterized.getStatus())
requestContext.abortWith(responseFilterized);
}
public InjectionFilter getInjectionFilter() {
return injectionFilter;
}
public void setInjectionFilter(InjectionFilter injectionFilter) {
this.injectionFilter = injectionFilter;
}
}
我知道PreMatchingFilter类在请求匹配开始之前过滤请求。
这是我的web.xml_和PreMatchingFilter类在包com.cihan.service.foo
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<!-- The definition of the Root Spring Container shared by all Servlets
and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<servlet>
<servlet-name>RestWithJersey2</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>com.cihan.service.foo</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>RestWithJersey2</servlet-name>
<url-pattern>/jersey2/*</url-pattern>
</servlet-mapping>
<!-- JNDI DATA SOURCE -->
<resource-ref>
<description>Oracle Datasource</description>
<res-ref-name>jdbc/INVEX</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<!-- JNDI DATA SOURCE -->
</web-app>
那么,Jersey2配置有什么问题,还是有其他方法可以在Jersey2中创建黑名单?