我按照本教程Best practice for REST token-based authentication with JAX-RS and Jersey进行过滤器部分操作。
我正在使用OSGI而且我不知道如何注册我的过滤器。我创建了我的过滤器并构建了我的项目,没有任何错误。我在karaf中部署了我的捆绑包但我的@Secured服务不安全,因为没有调用过滤器...
我应该在Activator中添加我的过滤器吗?在蓝图中? (我是osgi世界的新人)
这是我的过滤器:
@Secured
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter {
private static Logger LOGGER = LoggerFactory.getLogger(AuthenticationFilter.class);
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
LOGGER.info("[AuthenticationFilter] started");
// Get the HTTP Authorization header from the request
String authorizationHeader =
requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
// Check if the HTTP Authorization header is present and formatted correctly
if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
throw new NotAuthorizedException("Authorization header must be provided");
}
// Extract the token from the HTTP Authorization header
String token = authorizationHeader.substring("Bearer".length()).trim();
try {
// Validate the token
validateToken(token);
} catch (Exception e) {
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
}
LOGGER.info("[AuthenticationFilter] ended");
}
//TODO: add the key in properties
//TODO: check the username in DB
private void validateToken(String token) throws Exception {
// Check if it was issued by the server and if it's not expired
// Throw an Exception if the token is invalid
String username = Jwts.parser()
.setSigningKey("jeSuisLaSecretPhrase,1234,ilFaudraMePlacerEnConf,Merci")
.parseClaimsJws(token)
.getBody()
.getIssuer();
if(!"admin".equals(username)){
throw new NotAuthorizedException("bad token");
}
}
}
编辑
Karaf无法加载" http://cxf.apache.org/blueprint/jaxrs" 这是我的蓝图:
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
xmlns:jaxrs="http://cxf.apache.org/blueprint/jaxrs">
<!-- Beans declaration -->
<bean id="AuthenticationServlet" class="com.mycompanie.fr.core.servlets.jaxrs.impl.AuthenticationServletImpl">
<property name="service" ref="service" />
</bean>
<service ref="AuthenticationServlet" interface="com.mycompanie.fr.core.servlets.jaxrs.AuthenticationServlet" />
<bean id="CommitmentServlet" class="com.mycompanie.fr.core.servlets.jaxrs.impl.CommitmentServletImpl">
<property name="service" ref="service" />
</bean>
<service ref="CommitmentServlet" interface="com.mycompanie.fr.core.servlets.jaxrs.CommitmentServlet" />
<!-- Dependency definition -->
<reference id="service" interface="com.mycompanie.fr.core.api.services.MainService" />
<jaxrs:providers>
<ref bean="AuthenticationFilter" />
</jaxrs:providers>
<bean id="AuthenticationFilter" class="com.mycompanie.fr.core.servlets.filter.AuthenticationFilter"/>
<web-spa xmlns="http://www.mycompanie.com/xmlns/web-spa/v1.0.0" context="/myProject">
<service ref="AuthenticationServlet" />
<service ref="CommitmentServlet" />
</web-spa>
</blueprint>
答案 0 :(得分:2)
尝试添加CXF JAX-RS filter文档中描述的过滤器。
...
<jaxrs:providers>
<ref bean="authorizationFilter" />
</jaxrs:providers>
...
<bean id="authorizationFilter" class="com....AuthenticationFilter">