RESTful Web 服务 @Context 注入总是 returns null
REST-ful webservice @Context Injection always returns null
我正在使用具有身份验证和授权的嵌入式 Jetty 创建我的第一个 Restful Web 服务,我有一个过滤器,我想在其中注入一个用户对象(员工),然后我可以在服务中检索它bean 使用 ResteasyProviderFactory.pushContext() @Context 注释,但无论我尝试什么,该对象始终为 null。如果能提供任何帮助,我将不胜感激。
@PreMatching
public class AuthenticationHandler implements ContainerRequestFilter {
@Inject private PxCredentialService credentialService;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Response faultresponse = createFaultResponse();
String authorization = requestContext.getHeaderString("Authorization");
String[] parts = authorization.split(" ");
if (parts.length != 2 || !"Basic".equals(parts[0])) {
requestContext.abortWith(createFaultResponse());
return;
}
String decodedValue = null;
try {
decodedValue = new String(Base64Utility.decode(parts[1]));
} catch (Base64Exception ex) {
requestContext.abortWith(createFaultResponse());
return;
}
String[] namePassword = decodedValue.split(":");
Employee emp = credentialService.getCredentialsByLoginAndPass(namePassword[0], namePassword[1], true);
if ( emp != null) {
ResteasyProviderFactory.pushContext(Employee.class, emp);
} else {
throw new NullPointerException("False Login");//requestContext.abortWith(Response.status(401).build());
}
}
@Path( "/people" )
public class PeopleRestService implements credentials {
@Inject private PeopleService peopleService;
@Inject private GenericUserRightsUtil genericUserRightsUtil;
@Produces( { "application/json" } )
@GET
public Collection<Person> getPeople(@Context Employee emp) {
Employee emp = (Employee)crc.getProperty("Employee");
return peopleService.getPeople( page, 5 );
}
}
据我了解,您需要一种简单的方法来识别正在您的资源方法中执行请求的用户。您是否考虑过为请求设置 SecurityContext with a Principal?
在您的过滤器中,如果用户凭据有效,请执行以下操作
final SecurityContext currentSecurityContext = requestContext.getSecurityContext();
requestContext.setSecurityContext(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return new Principal() {
@Override
public String getName() {
return username;
}
};
}
@Override
public boolean isUserInRole(String role) {
return true;
}
@Override
public boolean isSecure() {
return currentSecurityContext.isSecure();
}
@Override
public String getAuthenticationScheme() {
return "Basic";
}
});
您的资源方法如下:
@GET
@Path("{id}")
@Produces(MediaType.APPLICATION_JSON)
public Response foo(@PathParam("id") Long id,
@Context SecurityContext securityContext) {
...
}
要获得 Principal,请使用:
Principal principal = securityContext.getUserPrincipal();
String username = principal.getName();
我正在使用具有身份验证和授权的嵌入式 Jetty 创建我的第一个 Restful Web 服务,我有一个过滤器,我想在其中注入一个用户对象(员工),然后我可以在服务中检索它bean 使用 ResteasyProviderFactory.pushContext() @Context 注释,但无论我尝试什么,该对象始终为 null。如果能提供任何帮助,我将不胜感激。
@PreMatching
public class AuthenticationHandler implements ContainerRequestFilter {
@Inject private PxCredentialService credentialService;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Response faultresponse = createFaultResponse();
String authorization = requestContext.getHeaderString("Authorization");
String[] parts = authorization.split(" ");
if (parts.length != 2 || !"Basic".equals(parts[0])) {
requestContext.abortWith(createFaultResponse());
return;
}
String decodedValue = null;
try {
decodedValue = new String(Base64Utility.decode(parts[1]));
} catch (Base64Exception ex) {
requestContext.abortWith(createFaultResponse());
return;
}
String[] namePassword = decodedValue.split(":");
Employee emp = credentialService.getCredentialsByLoginAndPass(namePassword[0], namePassword[1], true);
if ( emp != null) {
ResteasyProviderFactory.pushContext(Employee.class, emp);
} else {
throw new NullPointerException("False Login");//requestContext.abortWith(Response.status(401).build());
}
}
@Path( "/people" )
public class PeopleRestService implements credentials {
@Inject private PeopleService peopleService;
@Inject private GenericUserRightsUtil genericUserRightsUtil;
@Produces( { "application/json" } )
@GET
public Collection<Person> getPeople(@Context Employee emp) {
Employee emp = (Employee)crc.getProperty("Employee");
return peopleService.getPeople( page, 5 );
}
}
据我了解,您需要一种简单的方法来识别正在您的资源方法中执行请求的用户。您是否考虑过为请求设置 SecurityContext with a Principal?
在您的过滤器中,如果用户凭据有效,请执行以下操作
final SecurityContext currentSecurityContext = requestContext.getSecurityContext();
requestContext.setSecurityContext(new SecurityContext() {
@Override
public Principal getUserPrincipal() {
return new Principal() {
@Override
public String getName() {
return username;
}
};
}
@Override
public boolean isUserInRole(String role) {
return true;
}
@Override
public boolean isSecure() {
return currentSecurityContext.isSecure();
}
@Override
public String getAuthenticationScheme() {
return "Basic";
}
});
您的资源方法如下:
@GET
@Path("{id}")
@Produces(MediaType.APPLICATION_JSON)
public Response foo(@PathParam("id") Long id,
@Context SecurityContext securityContext) {
...
}
要获得 Principal,请使用:
Principal principal = securityContext.getUserPrincipal();
String username = principal.getName();