ContainerRequestFilter 未在 JAX-RS / RESTEasy 应用程序中执行
ContainerRequestFilter is not executed in JAX-RS / RESTEasy application
我正在尝试为 REST 创建一个过滤器 API 我已经根据这些问题开发了 Best practice for REST token-based authentication with JAX-RS and Jersey。
问题是我调用过滤器的任何方法似乎都不起作用。
这些是我的 类:
Secured.java
@NameBinding
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
public @interface Secured {
}
AuthenticationFilter.java
@Secured
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter{
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
// Get the HTTP Authorization header from the request
String authorizationHeader =
requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
// Check if the HTTP Authorization header is present and formatted correctly
if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
throw new NotAuthorizedException("Authorization header must be provided");
}
// Extract the token from the HTTP Authorization header
String token = authorizationHeader.substring("Bearer".length()).trim();
try {
// Validate the token
validateToken(token);
} catch (Exception e) {
requestContext.abortWith(
Response.status(Response.Status.UNAUTHORIZED).build());
}
}
private void validateToken(String token) throws Exception {
// Check if it was issued by the server and if it's not expired
// Throw an Exception if the token is invalid
}
}
RestService.java
@Path("/test")
public class RestService {
TestDAO testDAO;
@GET
@Secured
@Path("/myservice")
@Produces("application/json")
public List<Test> getEverisTests() {
testDAO=(TestDAO) SpringApplicationContext.getBean("testDAO");
long start = System.currentTimeMillis();
List<Test> ret = testDAO.getTests();
long end = System.currentTimeMillis();
System.out.println("TIEMPO TOTAL: " + (end -start));
return ret;
}
}
RestApplication.java
public class RestApplication extends Application{
private Set<Object> singletons = new HashSet<Object>();
public RestApplication() {
singletons.add(new RestService());
singletons.add(new AuthenticationFilter());
}
@Override
public Set<Object> getSingletons() {
return singletons;
}
}
我错过了什么?提前致谢。
我还不能发表评论,所以这就是答案:
我不明白@Secured 机制是如何工作的。您是否尝试删除所有@Secured 注释?然后过滤器应该对所有端点都处于活动状态。
如果它仍然不起作用,很可能您必须在您的应用程序中手动注册它。
如果之后它确实有效,您至少会提示在哪里查找问题...
您的AuthenticationFilter可能没有注册。
您的应用程序中很可能有一个 Application 子类。用它来注册过滤器:
@ApplicationPath("api")
public class ApiConfig extends Application {
@Override
public Set<Class<?>> getClasses() {
HashSet<Class<?>> classes = new HashSet<>();
classes.add(AuthenticationFilter.class);
...
return classes;
}
}
解决方案是更新 Jboss 遵循此页面 resteasy 的 resteasy 模块并选择我正在使用的 resteasy 版本。
顺便感谢您的解答!
我正在尝试为 REST 创建一个过滤器 API 我已经根据这些问题开发了 Best practice for REST token-based authentication with JAX-RS and Jersey。
问题是我调用过滤器的任何方法似乎都不起作用。
这些是我的 类:
Secured.java
@NameBinding
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
public @interface Secured {
}
AuthenticationFilter.java
@Secured
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter{
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
// Get the HTTP Authorization header from the request
String authorizationHeader =
requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
// Check if the HTTP Authorization header is present and formatted correctly
if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
throw new NotAuthorizedException("Authorization header must be provided");
}
// Extract the token from the HTTP Authorization header
String token = authorizationHeader.substring("Bearer".length()).trim();
try {
// Validate the token
validateToken(token);
} catch (Exception e) {
requestContext.abortWith(
Response.status(Response.Status.UNAUTHORIZED).build());
}
}
private void validateToken(String token) throws Exception {
// Check if it was issued by the server and if it's not expired
// Throw an Exception if the token is invalid
}
}
RestService.java
@Path("/test")
public class RestService {
TestDAO testDAO;
@GET
@Secured
@Path("/myservice")
@Produces("application/json")
public List<Test> getEverisTests() {
testDAO=(TestDAO) SpringApplicationContext.getBean("testDAO");
long start = System.currentTimeMillis();
List<Test> ret = testDAO.getTests();
long end = System.currentTimeMillis();
System.out.println("TIEMPO TOTAL: " + (end -start));
return ret;
}
}
RestApplication.java
public class RestApplication extends Application{
private Set<Object> singletons = new HashSet<Object>();
public RestApplication() {
singletons.add(new RestService());
singletons.add(new AuthenticationFilter());
}
@Override
public Set<Object> getSingletons() {
return singletons;
}
}
我错过了什么?提前致谢。
我还不能发表评论,所以这就是答案:
我不明白@Secured 机制是如何工作的。您是否尝试删除所有@Secured 注释?然后过滤器应该对所有端点都处于活动状态。
如果它仍然不起作用,很可能您必须在您的应用程序中手动注册它。
如果之后它确实有效,您至少会提示在哪里查找问题...
您的AuthenticationFilter可能没有注册。
您的应用程序中很可能有一个 Application 子类。用它来注册过滤器:
@ApplicationPath("api")
public class ApiConfig extends Application {
@Override
public Set<Class<?>> getClasses() {
HashSet<Class<?>> classes = new HashSet<>();
classes.add(AuthenticationFilter.class);
...
return classes;
}
}
解决方案是更新 Jboss 遵循此页面 resteasy 的 resteasy 模块并选择我正在使用的 resteasy 版本。
顺便感谢您的解答!