gpt4 book ai didi

java - 在没有 web.xml 的情况下启用 ContainerRequestFilter

转载 作者:行者123 更新时间:2023-12-02 10:34:17 24 4
gpt4 key购买 nike

我正在尝试使用过滤器启用基本身份验证。我喜欢在不使用 web.xml 文件的情况下启用它。我尝试了问题中的答案

Use ContainerRequestFilter in Jersey without web.xml

但我对此没有明确的想法。如何在没有 web.xml 文件的情况下启用过滤器?

package com.example.filter;

import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Base64;
import java.util.StringTokenizer;

import javax.annotation.security.PermitAll;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;

import com.example.ApiService;

public class AuthFilter implements ContainerRequestFilter {

private HttpServletRequest request;
@Context
private ResourceInfo resourceInfo;
private static final String AUTHORIZATION_PROPERTY = "Authorization";
private static final String AUTHENTICATION_SCHEME = "Basic";
private static final Response ACCESS_DENIED = Response.status(Response.Status.UNAUTHORIZED)
.entity("You cannot access this resource").build();

public boolean isAuthenticated(String authCredentials) {
if (null == authCredentials)
return false;

final String encodedUserPassword = authCredentials.replaceFirst(AUTHENTICATION_SCHEME + " ", "");
String usernameAndPassword = null;
try {
byte[] decodedBytes = Base64.getDecoder().decode(encodedUserPassword);
usernameAndPassword = new String(decodedBytes, "UTF-8");
} catch (IOException e) {
e.printStackTrace();
}
final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
final String username = tokenizer.nextToken();
if (request.getSession() != null) {
String mobile_number = (String) request.getSession().getAttribute(ApiService.CONTACT_ID_KEY);
if (mobile_number != username) {
return true;
}
}
return false;
}

@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Method method = resourceInfo.getResourceMethod();

if (!method.isAnnotationPresent(PermitAll.class)) {


// Fetch authorization header
final String authorization = requestContext.getHeaderString(AUTHORIZATION_PROPERTY);

// If no authorization information present; block access
if (authorization == null || authorization.isEmpty()) {
requestContext.abortWith(ACCESS_DENIED);
return;
}

if(!isAuthenticated(authorization)) {
requestContext.abortWith(ACCESS_DENIED);
return;

}
}

}

}

这是我的应用程序类

package com.example;

import java.util.HashMap;
import java.util.Map;

import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;


@ApplicationPath("/rest")
public class ApiConfig extends Application {

public Map<String, Object> getProperties() {
Map<String, Object> properties = new HashMap<>();
properties.put("jersey.config.server.provider.packages", "com.example");
return properties;
}
}

谢谢。

最佳答案

您需要使用@Provider对其进行注释。扫描会选取用 @Provider@Path 注释的类。如果您希望注入(inject) HttpServletRequest,您还需要为 HttpServletRequest 添加 @Context(您只在 ResourceInfo 上拥有它)。

关于java - 在没有 web.xml 的情况下启用 ContainerRequestFilter,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53404287/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com