Question

我正在尝试为这个问题Best practice for REST token-based authentication with JAX-RS and Jersey开发的REST API创建过滤器。

问题在于我调用过滤器似乎无法正常工作的任何方法。

这些是我的课程：

Secured.java

@NameBinding
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
public @interface Secured { 

}

AuthenticationFilter.java

@Secured
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter{

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        // Get the HTTP Authorization header from the request
        String authorizationHeader = 
            requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);

        // Check if the HTTP Authorization header is present and formatted correctly 
        if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
            throw new NotAuthorizedException("Authorization header must be provided");
        }

        // Extract the token from the HTTP Authorization header
        String token = authorizationHeader.substring("Bearer".length()).trim();

        try {

            // Validate the token
            validateToken(token);

        } catch (Exception e) {
            requestContext.abortWith(
                Response.status(Response.Status.UNAUTHORIZED).build());
        }
    }

    private void validateToken(String token) throws Exception {
        // Check if it was issued by the server and if it's not expired
        // Throw an Exception if the token is invalid
    }

}

RestService.java

@Path("/test")
public class RestService {

TestDAO testDAO;

    @GET
    @Secured
    @Path("/myservice")
    @Produces("application/json")
    public List<Test> getEverisTests() {
        testDAO=(TestDAO) SpringApplicationContext.getBean("testDAO");

        long start = System.currentTimeMillis();

        List<Test> ret =  testDAO.getTests();

        long end = System.currentTimeMillis();

        System.out.println("TIEMPO TOTAL: " + (end -start));

        return ret;

    }
}

RestApplication.java

public class RestApplication extends Application{
    private Set<Object> singletons = new HashSet<Object>();

    public RestApplication() {
        singletons.add(new RestService());
        singletons.add(new AuthenticationFilter());
    }

    @Override
    public Set<Object> getSingletons() {
        return singletons;
    }
}

我错过了什么？提前谢谢。

Answer 1

您的AuthenticationFilter可能未注册。

很可能你的应用程序中有一个Application子类。用它来注册过滤器：

@ApplicationPath("api")
public class ApiConfig extends Application {

    @Override
    public Set<Class<?>> getClasses() {
        HashSet<Class<?>> classes = new HashSet<>();
        classes.add(AuthenticationFilter.class);
        ...
        return classes;
    }
}

Answer 2

我还不能发表评论所以这就是答案：

我不明白@Secured机制是如何工作的。您是否尝试删除所有@Secured注释？然后，过滤器应对所有端点都有效。

如果它仍然无法正常工作，您可能需要在应用程序中手动注册。

如果它确实起作用，你至少要提示在哪里寻找问题...

Answer 3

解决方案是在此页resteasy之后更新jboss resteasy模块并选择我正在使用的resteasy版本。

顺便谢谢你的回答！

ContainerRequestFilter未在JAX-RS / RESTEasy应用程序中执行

3 个答案: