JAXRS/RESTEasy应用程序中未执行java ContainerRequestFilter
我正试图为我在以下问题Best practice for REST token-based authentication with JAX-RS and Jersey之后开发的RESTAPI创建一个过滤器
问题是,无论我调用什么方法,过滤器似乎都不起作用
这些是我的课程:
安全。java
@NameBinding
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
public @interface Secured {
}
AuthenticationFilter。java
@Secured
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter{
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
// Get the HTTP Authorization header from the request
String authorizationHeader =
requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
// Check if the HTTP Authorization header is present and formatted correctly
if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
throw new NotAuthorizedException("Authorization header must be provided");
}
// Extract the token from the HTTP Authorization header
String token = authorizationHeader.substring("Bearer".length()).trim();
try {
// Validate the token
validateToken(token);
} catch (Exception e) {
requestContext.abortWith(
Response.status(Response.Status.UNAUTHORIZED).build());
}
}
private void validateToken(String token) throws Exception {
// Check if it was issued by the server and if it's not expired
// Throw an Exception if the token is invalid
}
}
rest服务。java
@Path("/test")
public class RestService {
TestDAO testDAO;
@GET
@Secured
@Path("/myservice")
@Produces("application/json")
public List<Test> getEverisTests() {
testDAO=(TestDAO) SpringApplicationContext.getBean("testDAO");
long start = System.currentTimeMillis();
List<Test> ret = testDAO.getTests();
long end = System.currentTimeMillis();
System.out.println("TIEMPO TOTAL: " + (end -start));
return ret;
}
}
重新应用。java
public class RestApplication extends Application{
private Set<Object> singletons = new HashSet<Object>();
public RestApplication() {
singletons.add(new RestService());
singletons.add(new AuthenticationFilter());
}
@Override
public Set<Object> getSingletons() {
return singletons;
}
}
我错过了什么?提前谢谢
# 1 楼答案
您的
AuthenticationFilter
可能未注册很可能在应用程序的某个地方有一个^{} 子类。使用它来注册过滤器:
# 2 楼答案
解决方案是在这个页面resteasy之后更新resteasy的Jboss模块,并选择我正在使用的resteasy版本
顺便说一下,谢谢你的回答
# 3 楼答案
我还不能对此发表评论,所以这是一个答案:
我不明白@Secured机制是如何工作的。您是否尝试删除所有@Secured批注?然后,对于所有端点,筛选器都应处于活动状态
如果它仍然不起作用,您很可能必须在应用程序中手动注册它
如果事后它确实起作用,你至少有一个提示,说明在哪里可以找到问题