资源方法参数中的泽西@HeaderParam注释不使用servlet过滤器

时间:2016-09-15 06:31:59

标签: jersey jax-rs servlet-filters

在我的资源类中的方法中,我接受请求标头值

@GET
@Path(value = "/identifiers")
@Produces(MediaType.APPLICATION_JSON)
public Response getXXX (@HeaderParam("Authorization") String authHeader){...}

我还在web.xml中为所有传入请求定义了一个servlet过滤器。 我的应用程序流的工作方式是 - 用户请求我的其余API并在请求中发送Authorization标头。我的servlet过滤器将拦截请求并验证Authorization标头,对于某些用户,它将使用新值替换此Authorization标头。 然后请求转到资源类,它使用此授权标头并执行某些操作。

对于过滤器更改了Authorization标头的用户,我注意到authHeader变量仍然具有原始值。 例如。 - 用户发出包含授权标头的请求,其值为“ QwErTyUiOp ”。 servlet过滤器在请求中使用值“aSdFgHjKl”注入新的Authorization标头。但是,authHeader参数仍然具有“ QwErTyUiOp ”。

当我在我的方法中迭代请求对象时,我可以看到请求具有新的Authorization标头值(“ aSdFgHjKl ”),因此过滤器正在执行其工作。

有人可以帮助我理解为什么@HeaderParam在servlet过滤器处理请求之前捕获标头值以及是否有任何方法可以改变这种行为?

这是我的应用程序的web.xml -

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" 
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<display-name>library-api</display-name>
<filter>
    <filter-name>libUserFilter</filter-name>
    <filter-class>org.rajiv.library.logic.filter.LibraryUserAuthFilter</filter-class>       
</filter>
<filter-mapping>
    <filter-name>libUserFilter</filter-name>
    <url-pattern>/v1/*</url-pattern>
</filter-mapping>
<servlet>
    <servlet-name>Library API App</servlet-name>
    <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
    <init-param>
        <param-name>jersey.config.server.provider.packages</param-name>
        <param-value>org.rajiv.library.resources</param-value>
    </init-param> 
    <init-param>
        <param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
        <param-value>true</param-value>
    </init-param>       
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet>
    <servlet-name>AdminServlet</servlet-name>
    <servlet-class>org.rajiv.library.admin.AdminServlet</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Library API App</servlet-name>
    <url-pattern>/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>AdminServlet</servlet-name>
    <url-pattern>/restricted/*</url-pattern>
</servlet-mapping>
</web-app>

,过滤器类是 -

public class LibraryUserAuthFilter implements Filter{

@Override
public void destroy() {
    LOG.info("{} Destroyed", getClass());
}

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
    HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
    IdsRequest idsRequest = IdsRequest.from(httpRequest);

    try (LoggingContext context = LoggingContext.create()) {
        TokenResolver.INSTANCE
                .extractTokenFromHeaderOrCookie(idsRequest)
                .map(TokenDigester.INSTANCE::computeTokenDigest)
                .ifPresent(digestedToken -> context.put(CustomLoggingContext.SESSION.toString(), digestedToken));

        Optional<HttpServletRequest> modifiedRequest = Optional.empty();
        try (LoggingContext libAuthContext = LoggingContext.create()) {
            libAuthContext.put(CustomLoggingContext.COMPONENT.toString(), SdkComponents.SDK_LIB_AUTH.toString());
            LOG.info("Validation started for request to path:{}", httpRequest.getRequestURI().toString());
            modifiedRequest = Optional.of(validate(idsRequest));

        } catch (IdentityServicesSdkException ex) {
            context.put(CustomLoggingContext.INCIDENT_ID.toString(), ex.getIncidentId());
            ProblemResponseWriter.INSTANCE.writeStatusAndProblem(idsRequest, httpResponse, ex);
            LOG.warn("Validation failed: {}", ex.getErrorCode());
        }

        if(modifiedRequest.isPresent()) {
            chain.doFilter(modifiedRequest.get(), servletResponse);
        }
    }
}

@Override
public void init(FilterConfig filterConfig) throws ServletException {
    initializeScheme(filterConfig);
    initializeHost(filterConfig);
    initializePort(filterConfig);

    String serviceName = filterConfig.getServletContext().getContextPath().replaceAll("/", "").trim();

    if(serviceName.isEmpty()) {
        serviceName = Optional
                .ofNullable(System.getenv("SERVICE_NAME"))
                .orElseGet(() -> "service-name-unavailable");
    }

    LOG.info("{} Initialized", getClass());
}

private void initializeScheme(FilterConfig filterConfig) {
    String initParam = filterConfig.getInitParameter(PROXY_SCHEME_ENVIRONMENT_VARIABLE);
    if(Strings.isNullOrEmpty(initParam)) {
        initParam = loadAuthNSchemeFromEnvVar();
    }
    scheme = initParam;
    LOG.info("HOST_SCHEME: {}", scheme);
}

private void initializeHost(FilterConfig filterConfig) {
    String initParam = filterConfig.getInitParameter(PROXY_HOST_ENVIRONMENT_VARIABLE);
    if(Strings.isNullOrEmpty(initParam)) {
        initParam = loadAuthNHostFromEnvVar();
    }
    host = initParam;
    LOG.info("HOST: {}", host);
}

private void initializePort(FilterConfig filterConfig) {
    String initParam = filterConfig.getInitParameter(PROXY_PORT_ENVIRONMENT_VARIABLE);
    Integer parsedInitParam = null;
    if(!Strings.isNullOrEmpty(initParam)) {
        parsedInitParam = Integer.valueOf(initParam);
    }

    if(parsedInitParam == null) {
        parsedInitParam = loadAuthNPortFromEnvVar();
    }
    port = parsedInitParam;
    LOG.info("HOST_PORT: {}", port);
}

}

0 个答案:

没有答案