2
林工作:Best practice for REST token-based authentication with JAX-RS and JerseyJAX RS,我的過濾器不能正常工作
但我沒有過濾器觸發,我的電話直接傳遞到終點......
我的安全接口:
@Qualifier
@Retention(RUNTIME)
@Target({METHOD, FIELD, PARAMETER, TYPE})
public @interface Secure {
}
我的過濾器:
@Secure
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
// Get the HTTP Authorization header from the request
String authorizationHeader =
requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
// Check if the HTTP Authorization header is present and formatted correctly
if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
throw new NotAuthorizedException("Authorization header must be provided");
}
// Extract the token from the HTTP Authorization header
String token = authorizationHeader.substring("Bearer".length()).trim();
try {
Token tk = new Token();
tk.validarToken(token);
} catch (Exception e) {
requestContext.abortWith(
Response.status(Response.Status.UNAUTHORIZED).build());
}
}
我的終點:
package api;
import filters.Secure;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
@Path("service")
public class Service {
@GET
@Secure
@Path("/sapo")
@Produces("application/json")
@Consumes("application/json")
public Response mySecuredMethod() {
return Response.ok("sapo").build();
}
}
而我的web.xml(其確定?):
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>api</param-value>
</init-param>
<init-param>
<param-name>import javax.ws.rs.container.ContainerRequestFilter</param-name>
<param-value>filters.AuthenticationFilter;api.Service</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/api/*</url-pattern>
</servlet-mapping>
我讀了很多在棧相關的問題,但找不到錯誤。
任何人有想法嗎?
在此先感謝。
這並沒有提供問題的答案。一旦你有足夠的[聲譽](http://stackoverflow.com/help/whats-reputation),你將能夠[評論任何職位](http://stackoverflow.com/help/privileges/comment);相反,[提供不需要提問者澄清的答案](http://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-can- I-DO-代替)。 - [來自評論](/ review/low-quality-posts/13836730) – tarzanbappa
這就是答案! – echoalpha
可能。如果是這樣,你必須詳細說明你的答案。否則將其作爲評論發佈。因爲堆棧溢出有一些標準。 – tarzanbappa