我想用某种"角色来注释我的所有JAX-RS资源"属性,将由访问控制过滤器通过上下文读取。这种JAX-RS资源的一个例子是(伪):
@Path("foo")
public class FooResource {
@GET
@Context(roles = "admin,user")
public Response foo() {
return Response.noContent().build();
}
}
因此, AccessControlFilter 可以访问特定于资源的"角色"值:
public class AccessControlFilter {
@Override
public void filter(ContainerRequestContext context) throws IOException {
String accessToken = accessToken(context);
String roles = context.getContext("roles");
// ... validate access Token against roles ...
}
@Nullable
private static String accessToken(ContainerRequestContext context) {
Map<String, Cookie> cookies = context.getCookies();
Cookie accessTokenCookie = cookies.get("access_token");
if (accessTokenCookie != null) {
return accessTokenCookie.getValue();
}
return null;
}
}
我一直在挖掘:
答案 0 :(得分:1)
只需将ResourceInfo注入过滤器类。从那里你可以获得资源Method。然后只需使用一些反射来获取注释。
@Context
private ResourceInfo resourceInfo;
@Override
public void filter(...) {
Method method = resourceInfo.getResourceMethod();
MyAnnotation anno = method.getAnnotation(MyAnnotation.class);
if (anno != null) {
String roles = anno.value();
}
}