我正在尝试将身份验证应用于一些休息服务方法。因此,应用注释@NameBinding来引用将验证身份验证的过滤器的类,但是在进行测试时,服务会通过过滤器(它永远不会进入验证)显示“El msn es ...”,当它应该返回401未经授权。
NameBinding类:
package api.movil.token;
import javax.ws.rs.NameBinding;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.ElementType.TYPE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
@Retention(value = RUNTIME)
@Target({TYPE, METHOD})
@NameBinding
public @interface JWTTokenNeeded {
}
过滤类:
package api.movil.token;
import io.jsonwebtoken.Jwts;
import javax.annotation.Priority;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.Priorities;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import api.movil.util.KeyGenerator;
import java.io.IOException;
import java.security.Key;
@Provider
@Priority(Priorities.AUTHENTICATION)
@JWTTokenNeeded
public class JWTTokenNeededFilter implements ContainerRequestFilter {
public void filter(ContainerRequestContext requestContext) throws IOException {
System.out.println("entro --------------->");
String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
System.out.println("#### authorizationHeader : " + authorizationHeader);
if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
System.out.println("#### invalid authorizationHeader : " + authorizationHeader);
throw new NotAuthorizedException("Authorization header must be provided");
}
String token = authorizationHeader.substring("Bearer".length()).trim();
try {
// Validate the token
KeyGenerator keyGenerator=new KeyGenerator();
Key key = keyGenerator.generateKey();
Jwts.parser().setSigningKey(key).parseClaimsJws(token);
System.out.println("#### valid token : " + token);
} catch (Exception e) {
System.out.println("#### invalid token : " + token);
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
}
}
}
休息服务类:
package api.movil.servicios;
@Path("/users")
public class UserEndpoint {
@POST
@Path("/getPrueba")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@JWTTokenNeeded
public Response getPrueba(@FormParam("msn")String msn){
System.out.println(msn);
return Response.ok("El msn es "+msn).build();
}
}
配置类:
package api.movil.servicios;
import java.util.Set;
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;
import api.movil.token.JWTTokenNeededFilter;
import api.movil.util.ExceptionHandler;
@ApplicationPath("rest")
public class ApplicationConfigura extends Application {
public Set<Class<?>> getClasses() {
return getRestClasses();
}
//Auto-generated from RESTful web service wizard
private Set<Class<?>> getRestClasses() {
Set<Class<?>> resources = new java.util.HashSet<Class<?>>();
resources.add(UserEndpoint.class);
resources.add(JWTTokenNeededFilter.class);
resources.add(ExceptionHandler.class);
return resources;
}
}
的pom.xml:
<dependencies>
<dependency>
<groupId>org.glassfish.jersey.core</groupId>
<artifactId>jersey-server</artifactId>
<version>2.17</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.containers</groupId>
<artifactId>jersey-container-servlet-core</artifactId>
<version>2.17</version>
</dependency>
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
<version>2.0</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.7.0</version>
</dependency>
</dependencies>
我正在使用weblogic应用程序服务器。