JAX RS,我的过滤器无效

时间:2016-07-31 00:13:58

标签: java web-services rest filter name-binding

我正在努力:Best practice for REST token-based authentication with JAX-RS and Jersey

但是我的过滤器没有被触发,我的调用直接传递到端点......

我的安全界面:

    @Qualifier
    @Retention(RUNTIME)
    @Target({METHOD, FIELD, PARAMETER, TYPE})
    public @interface Secure {
    }

我的过滤器:

    @Secure
    @Provider
    @Priority(Priorities.AUTHENTICATION)
     public class AuthenticationFilter implements ContainerRequestFilter {

     @Override
       public void filter(ContainerRequestContext requestContext) throws IOException {

    // Get the HTTP Authorization header from the request
    String authorizationHeader = 
        requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);

    // Check if the HTTP Authorization header is present and formatted correctly 
    if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
        throw new NotAuthorizedException("Authorization header must be provided");
    }

    // Extract the token from the HTTP Authorization header
    String token = authorizationHeader.substring("Bearer".length()).trim();

    try {

        Token tk = new Token();
        tk.validarToken(token);

    } catch (Exception e) {
        requestContext.abortWith(
            Response.status(Response.Status.UNAUTHORIZED).build());
    }
}

我的终点:

        package api;

        import filters.Secure;
        import javax.ws.rs.Consumes;
        import javax.ws.rs.GET;
        import javax.ws.rs.Path;
        import javax.ws.rs.Produces;
        import javax.ws.rs.core.Response;

        @Path("service")
        public class Service {

        @GET
        @Secure
        @Path("/sapo")
        @Produces("application/json")
        @Consumes("application/json")
        public Response mySecuredMethod() {      
        return Response.ok("sapo").build();
       }
       }

我的web.xml(好吧??):

                <servlet>
                <servlet-name>jersey-serlvet</servlet-name>
                <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
                 <init-param>
               <param-name>jersey.config.server.provider.packages</param-name>
              <param-value>api</param-value>
              </init-param>
             <init-param>
            <param-name>import javax.ws.rs.container.ContainerRequestFilter</param-name>
           <param-value>filters.AuthenticationFilter;api.Service</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
       </servlet>
       <servlet-mapping>
       <servlet-name>jersey-serlvet</servlet-name>
       <url-pattern>/api/*</url-pattern>         
       </servlet-mapping>

我在堆栈中读了很多相关的问题,但找不到错误。

有人有想法吗?

提前致谢。

3 个答案:

答案 0 :(得分:1)

最后一个答案,但是解决此问题的方法是将AuthenticationFilter添加到您的类中。

public class App extends Application {
    @Override
    public Set<Class<?>> getClasses() {
        final Set<Class<?>> classes = new HashSet<>();
        classes.add(MyApis.class);
        classes.add(AuthenticationFilter.class);
        return classes;
    }
}

答案 1 :(得分:0)

-死灵法师徽章到了-

首先,默认情况下全局应用过滤器。因此,如果您不需要将此过滤器限制为特定资源,则甚至不需要“ Secure < / em>”界面。

但是,如果您确实打算在某些特定资源上使用过滤器,则需要对Jersey使用@NameBinding meta-annotation而不是Spring @Qualifier注释。

答案 2 :(得分:-2)

@Qualifier替换为@NameBinding

相关问题
最新问题