我们使用的是Resteasy 2,但我们正在升级到Resteasy 3,而HttpServletRequest
注射始终是null
。
我们修改过的安全拦截器/过滤器如下所示:
@Provider
@ServerInterceptor
@Precedence("SECURITY")
public class SecurityInterceptor implements ContainerRequestFilter, ContainerResponseFilter {
@Context
private HttpServletRequest servletRequest;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
// Need access to "servletRequest" but it is always null
if (!isTokenValid(pmContext, method)) {
requestContext.abortWith(ACCESS_DENIED);
}
}
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
// post processing
}
}
应用程序类看起来像:
@ApplicationPath("/")
public class RestApplication extends Application {
private Set<Object> singletons = new HashSet<Object>();
private Set<Class<?>> empty = new HashSet<Class<?>>();
public RestApplication() {
// Interceptors
this.singletons.add(new SecurityInterceptor());
// Services
this.singletons.add(new MyService());
}
public Set<Class<?>> getClasses() {
return this.empty;
}
public Set<Object> getSingletons() {
return this.singletons;
}
}
示例API:
@Path("/test")
public class MyService extends BaseService {
@Context HttpServletRequest servletRequest;
@GET
@Path("/hello")
@Produces(MediaType.APPLICATION_JSON)
public Response hello() {
// Need access to HttpServletRequest but it's null
return Response.ok("hello").build();
}
}
但是,查看this和this帖子,我看不到HttpServletRequest
注射提供者。
这让我相信我可能需要一个额外的插件。这是安装的:
jose-jwt
resteasy-atom-provider
resteasy-cdi
resteasy-crypto
resteasy-jackson2-provider
resteasy-jackson-provider
resteasy-jaxb-provider
resteasy-jaxrs
resteasy-jettison-provider
resteasy-jsapi
resteasy-json-p-provider
resteasy-multipart-provider
resteasy-spring
resteasy-validator-provider-11
resteasy-yaml-provider
有什么想法吗?
答案 0 :(得分:1)
根据 @pepekillet 建议,修改以返回新的类实例而不是单例解决了我的问题。
因此我的修改后的javax.ws.rs.core.Application
文件如下所示:
@ApplicationPath("/")
public class RestApplication extends Application {
private Set<Object> singletons = new HashSet<Object>();
private Set<Class<?>> classes = new HashSet<Class<?>>();
public RestApplication() {
// Interceptors
this.classes.add(SecurityInterceptor.class);
// Services
this.classes.add(MyService.class);
}
public Set<Class<?>> getClasses() {
return this.classes;
}
public Set<Object> getSingletons() {
return this.singletons;
}
}
答案 1 :(得分:0)
您可以使用SecurityInterceptor的构造函数来获取这些值:
///...
private HttpServletRequest request;
private ServletContext context;
public SecurityInterceptor(@Context HttpServletRequest request, @Context ServletContext context) {
this.request = request;
this.context = context;
}
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
// The "servletRequest" won't be null anymore
if (!isTokenValid(pmContext, method)) {
requestContext.abortWith(ACCESS_DENIED);
}
}
///...
这将解决您的问题