0
空爲使某些安全上下文可用於進一步加工的資源 我用下面的建議Access object created in ContainerRequestFilter in Resources但得到安全上下文無效。安全上下文是資源
ContainerRequestFilter
@Override
public synchronized void filter(ContainerRequestContext request)
throws IOException {
final User user = authorizationValidation.isAuthorizationValid(userHeader)
// impl
request.setSecurityContext(new MySecurityContext(user));
// or simple but not the best
request.setSecurityContext(new SecurityContext() {
@Override
public boolean isUserInRole(String role) {
return true; // check roles if you need ...
}
@Override
public boolean isSecure() {
return false; // check HTTPS
}
@Override
public Principal getUserPrincipal() {
return user; // return your user here - User must implement Principal
}
@Override
public String getAuthenticationScheme() {
return null; // ...
}
}
}
資源
@GET
@Secured
@Path("/test")
@Produces(value="text/plain")
public String test(@Context SecurityContext context)
{
// my logic where context == null
}
我也試圖聲明類成員一樣
@Context
protected SecurityContext securityContext;
但也有它空
請解釋我在代碼中缺少的內容。
感謝
您是否檢查過濾器是否被調用? –