Question

我们使用的是Resteasy 2，但我们正在升级到Resteasy 3，而HttpServletRequest注射始终是null。

我们修改过的安全拦截器/过滤器如下所示：

@Provider
@ServerInterceptor
@Precedence("SECURITY")
public class SecurityInterceptor implements ContainerRequestFilter, ContainerResponseFilter {

    @Context
    private HttpServletRequest servletRequest;

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {

        // Need access to "servletRequest" but it is always null

        if (!isTokenValid(pmContext, method)) {
            requestContext.abortWith(ACCESS_DENIED);
        }
    }


    @Override
    public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
        // post processing
    }
}

应用程序类看起来像：

@ApplicationPath("/")
public class RestApplication extends Application {
    private Set<Object> singletons = new HashSet<Object>();
    private Set<Class<?>> empty = new HashSet<Class<?>>();

    public RestApplication() {

        // Interceptors
        this.singletons.add(new SecurityInterceptor());

        // Services
        this.singletons.add(new MyService());
    }

    public Set<Class<?>> getClasses() {
        return this.empty;
    }

    public Set<Object> getSingletons() {
        return this.singletons;
    }
}

示例API：

@Path("/test")
public class MyService extends BaseService {

    @Context HttpServletRequest servletRequest;

    @GET
    @Path("/hello")
    @Produces(MediaType.APPLICATION_JSON)
    public Response hello() {

        // Need access to HttpServletRequest but it's null

        return Response.ok("hello").build();
    }
}

但是，查看this和this帖子，我看不到HttpServletRequest注射提供者。

这让我相信我可能需要一个额外的插件。这是安装的：

jose-jwt
resteasy-atom-provider
resteasy-cdi
resteasy-crypto
resteasy-jackson2-provider
resteasy-jackson-provider
resteasy-jaxb-provider
resteasy-jaxrs
resteasy-jettison-provider
resteasy-jsapi
resteasy-json-p-provider
resteasy-multipart-provider
resteasy-spring
resteasy-validator-provider-11
resteasy-yaml-provider

有什么想法吗？

Answer 1

根据 @pepekillet 建议，修改以返回新的类实例而不是单例解决了我的问题。

因此我的修改后的javax.ws.rs.core.Application文件如下所示：

@ApplicationPath("/")
public class RestApplication extends Application {
    private Set<Object> singletons = new HashSet<Object>();
    private Set<Class<?>> classes = new HashSet<Class<?>>();

    public RestApplication() {

        // Interceptors
        this.classes.add(SecurityInterceptor.class);

        // Services
        this.classes.add(MyService.class);
    }

    public Set<Class<?>> getClasses() {
        return this.classes;
    }

    public Set<Object> getSingletons() {
        return this.singletons;
    }
}

Answer 2

您可以使用SecurityInterceptor的构造函数来获取这些值：

///...
    private HttpServletRequest request;
    private ServletContext context;

    public SecurityInterceptor(@Context HttpServletRequest request, @Context ServletContext context) {
       this.request = request;
       this.context = context;
    }

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {

        // The "servletRequest" won't be null anymore
        if (!isTokenValid(pmContext, method)) {
            requestContext.abortWith(ACCESS_DENIED);
        }
    }

 ///...

这将解决您的问题

Resteasy 3 @Context HttpServletRequest始终为null

2 个答案: