Question

我正在使用带有身份验证和授权的Embedded Jetty创建我的第一个Restful Web服务，我有一个过滤器，我想在其中注入一个用户对象（Employee），然后我可以使用ResteasyProviderFactory.pushContext在服务bean中检索它（）@Context注释，但无论我尝试该对象总是为空。我会感激任何帮助。

@PreMatching
public class AuthenticationHandler implements ContainerRequestFilter {


@Inject private PxCredentialService credentialService;


@Override
public void filter(ContainerRequestContext requestContext) throws IOException {

    Response faultresponse = createFaultResponse();

    String authorization = requestContext.getHeaderString("Authorization");
    String[] parts = authorization.split(" ");
    if (parts.length != 2 || !"Basic".equals(parts[0])) {
        requestContext.abortWith(createFaultResponse());
        return;
    }

    String decodedValue = null;
    try {
        decodedValue = new String(Base64Utility.decode(parts[1]));
    } catch (Base64Exception ex) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String[] namePassword = decodedValue.split(":");
    Employee emp = credentialService.getCredentialsByLoginAndPass(namePassword[0], namePassword[1], true);
    if ( emp != null) {
    ResteasyProviderFactory.pushContext(Employee.class, emp);
    } else {
        throw new NullPointerException("False Login");//requestContext.abortWith(Response.status(401).build());
    }

}

@Path( "/people" )
public class PeopleRestService implements credentials {
@Inject private PeopleService peopleService;
@Inject private GenericUserRightsUtil genericUserRightsUtil;


@Produces( { "application/json" } )
@GET
public Collection<Person> getPeople(@Context Employee emp) {

    Employee emp = (Employee)crc.getProperty("Employee");

    return peopleService.getPeople( page, 5 );
}

}

Answer 1

根据我的理解，您需要一种简单的方法来识别在资源方法中执行请求的用户。您是否考虑过为SecurityContext设置Principal请求？

在您的过滤器中，如果用户凭据有效，请执行以下操作

final SecurityContext currentSecurityContext = requestContext.getSecurityContext();
requestContext.setSecurityContext(new SecurityContext() {

    @Override
    public Principal getUserPrincipal() {

        return new Principal() {

            @Override
            public String getName() {
                return username;
            }
        };
    }

    @Override
    public boolean isUserInRole(String role) {
        return true;
    }

    @Override
    public boolean isSecure() {
        return currentSecurityContext.isSecure();
    }

    @Override
    public String getAuthenticationScheme() {
        return "Basic";
    }
});

您的资源方法如下：

@GET
@Path("{id}")
@Produces(MediaType.APPLICATION_JSON)
public Response foo(@PathParam("id") Long id, 
                    @Context SecurityContext securityContext) {
    ...
}

要获取Principal，请使用：

Principal principal = securityContext.getUserPrincipal();
String username = principal.getName();

REST-ful webservice @Context Injection始终返回null

1 个答案: