jax-rs(jersey)在javax.servlet.Filter中看不到REMOTE_USER头

时间:2012-03-15 18:10:38

标签: java tomcat authorization jersey jax-rs

我正在使用jax-rs(jersey)来创建其他用户可以访问的网站/网络服务,而且我已经到了需要添加身份验证/授权的地步;为了能够使用安全注释,我实现了javax.servlet.Filter,其网址格式为*/

Apache在我的tomcat实例前运行,验证凭据并将REMOTE_USER标头传递给我的Web服务,以便我可以确定用户可以访问哪些资源。我的问题是无论我看到什么请求对象,我都看不到REMOTE_USER标题;我也尝试用@Context param注入请求,但无济于事。

请帮帮我。

的web.xml: 

<web-app ...>
<display-name>ws</display-name>
<filter>
    <filter-name>REST Service</filter-name>
    <filter-class>com.sun.jersey.spi.container.servlet.ServletContainer</filter-class>
    <init-param>
        <param-name>com.sun.jersey.config.property.packages</param-name>
        <param-value>base.resources</param-value>
    </init-param>
    <init-param>
        <param-name>com.sun.jersey.config.property.JSPTemplatesBasePath</param-name>
        <param-value>WEB-INF/views</param-value>
    </init-param>
    <init-param>
        <param-name>com.sun.jersey.config.property.WebPageContentRegex</param-name>
        <param-value>/(js|css|(WEB-INF/views))/.*</param-value>
    </init-param>
    <init-param>
        <param-name>com.sun.jersey.spi.container.ResourceFilters</param-name>
        <param-value>com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory</param-value>
    </init-param>
</filter>

<filter>
    <filter-name>auth-filter</filter-name>
    <filter-class>base.auth.AuthFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>auth-filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>REST Service</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

filter.java: 

    public void doFilter(ServletRequest req, ServletResponse response, FilterChain next) throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) req;      
    HttpSession session = request.getSession();
    AuthUser userPrincipal = null;
    Object sessionUser = session.getAttribute("user");
    if(sessionUser != null) userPrincipal = (AuthUser) sessionUser;
    else userPrincipal = new AuthUser();

    // load in the user principal
    Enumeration eheaders = req.getAttributeNames();
    while(eheaders.hasMoreElements()){
        System.out.println(eheaders.nextElement().toString());
    }

    String user = (String) req.getAttribute("REMOTE_USER");
...

1 个答案:

答案 0 :(得分:1)

HttpServletRequest.getAttribute()getAttributeNames()与HTTP标头无关。试试getHeaderNames()getHeaders()

您也可以考虑添加泽西过滤器,而不是添加servlet过滤器 - 请参阅http://jersey.java.net/nonav/apidocs/latest/jersey/com/sun/jersey/api/container/filter/package-summary.html

相关问题
最新问题