如何在Jersey 2x中注册安全过滤器
我注册了一些文件。
但是,请求到达Rest-controller的端点,并且没有
通过安全过滤器
@Dependent
@Secured
@Provider
@Priority( Priorities.AUTHENTICATION )
public class AuthenticationFilter implements ContainerRequestFilter {
private static final String REALM = "example";
private static final String AUTHENTICATION_SCHEME = "Bearer";
@Context
private ResourceInfo resourceInfo;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Method method = resourceInfo.getResourceMethod();
if (method.isAnnotationPresent(DenyAll.class)) {
refuseRequest();
}
RolesAllowed rolesAllowed = method.getAnnotation(RolesAllowed.class);
if (rolesAllowed != null) {
performAuthorization(rolesAllowed.value(), requestContext);
return;
}
if (method.isAnnotationPresent(PermitAll.class)) {
return;
}
Class<?> resourceClass = resourceInfo.getResourceClass();
rolesAllowed = resourceClass.getAnnotation(RolesAllowed.class);
if (rolesAllowed != null) {
performAuthorization(rolesAllowed.value(), requestContext);
}
boolean annotationPresent = resourceClass.isAnnotationPresent(PermitAll.class);
if(annotationPresent){
return;
}
if (!isAuthenticated(requestContext)) {
refuseRequest();
}
}
/** Refuse the request. */
private void refuseRequest() throws AccessDeniedException {
throw new AccessDeniedException("Denided");
}
private void performAuthorization(String[] rolesAllowed, ContainerRequestContext requestContext)
throws AccessDeniedException {
if (rolesAllowed.length > 0 && !isAuthenticated(requestContext)) {
refuseRequest();
}
for (final String role : rolesAllowed) {
if (requestContext.getSecurityContext().isUserInRole(role)) {
return;
}
}
refuseRequest();
}
private boolean isAuthenticated(final ContainerRequestContext requestContext) {
return false;
}
private List<Role> extractRoles(AnnotatedElement annotatedElement) {
List<Role> list = null;
if (annotatedElement == null) {
list = new ArrayList<Role>();
return list;
} else {
Secured secured = annotatedElement.getAnnotation(Secured.class);
if (secured == null) {
return list;
} else {
Role[] allowedRoles = secured.value();
return Arrays.asList(allowedRoles);
}
}
}
private void checkPermissions(List<Role> allowedRoles) throws Exception {
....
}
private boolean isTokenBasedAuthentication(String authorizationHeader) {
String sourceHeader = authorizationHeader.toLowerCase();
String targetHeader = AUTHENTICATION_SCHEME.toLowerCase() + " ";
return authorizationHeader != null && sourceHeader.startsWith(targetHeader);
}
private void abortWithUnauthorized(ContainerRequestContext requestContext) {
Response.ResponseBuilder status = Response.status(Response.Status.UNAUTHORIZED);
Object valueHeader = AUTHENTICATION_SCHEME + " realm=\"" + REALM + "\"";
Response.ResponseBuilder header = status.header(HttpHeaders.WWW_AUTHENTICATE, valueHeader);
Response response = header.build();
requestContext.abortWith(response);
}
private void validateToken(String token) throws Exception {
/*....*/
}
}
@ApplicationPath("api")
public class JerseyConfig extends ResourceConfig {
public JerseyConfig() {
packages("com.jersey.filter.rest");
register(JacksonJsonProvider.class);
register(AuthenticationFilter.class);
}
}
如何在Jersey 2x中注册安全过滤器
我注册了一些文件。
但是,请求到达Rest-controller的端点,并且没有
通过安全过滤器