我正在使用Java / Jersey开发一个休息应用程序,我对应用程序的行为有一些问题。
事情是......我有一个文件夹,我放置了我的资源,并扩展了一个名为API的父类,它执行基于令牌的身份验证。
问题在于,当我访问任何应用程序端点时,父类中的验证方法在访问我的模型之前会运行几次。 谁能告诉我为什么会这样?
我的父类Api
@Provider
public class Api extends GensonContextResolver implements ContainerRequestFilter {
@Context
private UriInfo info;
public static final String AUTHENTICATION_TOKEN = "token";
protected ObjectResponse objectResponse;
protected UsuariosModel userInfo;
public Api() {
}
@Override
public void filter(ContainerRequestContext containerRequest) throws WebApplicationException {
this.objectResponse = new ObjectResponse();
this.userInfo = new UsuariosModel();
UriInfo info = containerRequest.getUriInfo();
// não realiza a valização se o endpoint for o de validação de acesso
if(info.getPath().equals("autenticacao/valida-acesso")) {
return;
}
try {
String token = containerRequest.getHeaderString(AUTHENTICATION_TOKEN);
AutenticacaoController autenticacaoControler = new AutenticacaoController();
this.objectResponse = autenticacaoControler.validaToken(token);
UsuariosController usuariosController = new UsuariosController();
this.userInfo = usuariosController.selecionaDadosUsuario(token);
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NamingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (this.objectResponse.getMessage() != null) {
Response response = Response.status(this.objectResponse.getCode()).entity(this.objectResponse).build();
containerRequest.abortWith(response);
}
}
}
资源示例
@Path("/descontos")
public class DescontosResource extends Api{
public DescontosResource() {
}
@GET
@Produces(MediaType.APPLICATION_JSON)
public Response doGet() throws SQLException, NamingException {
DescontosController descontosController = new DescontosController();
this.objectResponse = descontosController.selecionaDescontos();
return Response.status(this.objectResponse.getCode()).entity(this.objectResponse).build();
}
@POST
@Path("clientes")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
public Response doPostClientes(DescontosModel descontos) throws SQLException, NamingException {
DescontosController descontosController = new DescontosController();
this.objectResponse = descontosController.cadastraDescontosClientes(descontos);
return Response.status(this.objectResponse.getCode()).entity(this.objectResponse).build();
}
}
答案 0 :(得分:0)
我在这两个链接上找到了答案:
Best practice for REST token-based authentication with JAX-RS and Jersey
和
Jersey ContainerRequestFilter not triggered
我已从Api类中删除我的代码并将过滤器移至其他位置。最后将我的web.xml更新为:
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>com.sib.resources; com.sib.filters</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.spi.container.ContainerRequestFilters</param-name>
<param-value>com.sib.filters.AutenticacaoFilter</param-value>
</init-param>