使用@NameBinding在其余服务方法中应用过滤器

时间:2018-01-09 16:22:15

标签: java rest maven weblogic jersey-2.0

我正在尝试将身份验证应用于一些休息服务方法。因此,应用注释@NameBinding来引用将验证身份验证的过滤器的类,但是在进行测试时,服务会通过过滤器(它永远不会进入验证)显示“El msn es ...”,当它应该返回401未经授权。

NameBinding类:

package api.movil.token;

import javax.ws.rs.NameBinding;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;

import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.ElementType.TYPE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;


@Retention(value = RUNTIME)
@Target({TYPE, METHOD})
@NameBinding
public @interface JWTTokenNeeded {
}

过滤类:

package api.movil.token;

import io.jsonwebtoken.Jwts;

import javax.annotation.Priority;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.Priorities;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;

import api.movil.util.KeyGenerator;

import java.io.IOException;
import java.security.Key;


@Provider
@Priority(Priorities.AUTHENTICATION)
@JWTTokenNeeded
public class JWTTokenNeededFilter implements ContainerRequestFilter {

    public void filter(ContainerRequestContext requestContext) throws IOException {
        System.out.println("entro --------------->");
        String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
        System.out.println("#### authorizationHeader : " + authorizationHeader);

        if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
            System.out.println("#### invalid authorizationHeader : " + authorizationHeader);
            throw new NotAuthorizedException("Authorization header must be provided");
        }

        String token = authorizationHeader.substring("Bearer".length()).trim();

        try {
            // Validate the token
            KeyGenerator keyGenerator=new KeyGenerator();
            Key key = keyGenerator.generateKey();
            Jwts.parser().setSigningKey(key).parseClaimsJws(token);
            System.out.println("#### valid token : " + token);

        } catch (Exception e) {
            System.out.println("#### invalid token : " + token);
            requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
        }
    }
}

休息服务类:

package api.movil.servicios;

@Path("/users")
public class UserEndpoint {

    @POST
    @Path("/getPrueba")
    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
    @JWTTokenNeeded
    public Response getPrueba(@FormParam("msn")String msn){
        System.out.println(msn);
        return Response.ok("El msn es "+msn).build();
    }
}

配置类:

package api.movil.servicios;

import java.util.Set;

import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;

import api.movil.token.JWTTokenNeededFilter;
import api.movil.util.ExceptionHandler;

@ApplicationPath("rest")
public class ApplicationConfigura extends Application {

    public Set<Class<?>> getClasses() {
        return getRestClasses();
    }

    //Auto-generated from RESTful web service wizard
    private Set<Class<?>> getRestClasses() {
        Set<Class<?>> resources = new java.util.HashSet<Class<?>>();        
        resources.add(UserEndpoint.class);
        resources.add(JWTTokenNeededFilter.class);
        resources.add(ExceptionHandler.class);
        return resources;    
    }
}

的pom.xml:

   <dependencies>
      <dependency>
        <groupId>org.glassfish.jersey.core</groupId>
        <artifactId>jersey-server</artifactId>
        <version>2.17</version>
    </dependency>
    <dependency>
        <groupId>org.glassfish.jersey.containers</groupId>
        <artifactId>jersey-container-servlet-core</artifactId>
        <version>2.17</version>
    </dependency>
    <dependency>
        <groupId>javax.ws.rs</groupId>
        <artifactId>javax.ws.rs-api</artifactId>
        <version>2.0</version>
    </dependency>
    <dependency>
        <groupId>io.jsonwebtoken</groupId>
        <artifactId>jjwt</artifactId>
        <version>0.7.0</version>
    </dependency>
 </dependencies> 

我正在使用weblogic应用程序服务器。

0 个答案:

没有答案