1. 首頁
  2. 問答
  3. PostProcessInterceptor:如何訪問HTTP請求?

PostProcessInterceptor:如何訪問HTTP請求?

2013-08-26 61 views
2

我有一個看起來像PostProcessInterceptor:如何訪問HTTP請求?

@Interceptor 
@Provider 
@ServerInterceptor 
@SecurityChecked 
public class SecurityCheckInterceptor implements PreProcessInterceptor, AcceptedByMethod, PostProcessInterceptor { 
    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityCheckInterceptor.class); 

    @Nullable 
    @Override 
    public ServerResponse preProcess(final HttpRequest request, final ResourceMethod method) throws Failure, WebApplicationException { 
     final List<String> authToken = request.getHttpHeaders().getRequestHeader(AUTH_TOKEN); 

     if (authToken == null || !isValidToken(authToken.get(0))) { 
      final ServerResponse serverResponse = new ServerResponse(); 
      serverResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode()); 
      return serverResponse; 
     } 

     return null; 
    } 

    @SuppressWarnings("rawtypes") 
    @Override 
    public boolean accept(final Class declaring, final Method method) { 
     // return declaring.isAnnotationPresent(SecurityChecked.class); 
     return method.isAnnotationPresent(SecurityChecked.class); 
    } 

    @Override 
    public void postProcess(final ServerResponse response) { 
     LOGGER.info("post-processing response " + response.getEntity()); 
    } 

}

我想要什麼攔截?
- 每次響應追溯到我需要添加一個新的AUTH_TOKEN價值
- 原來request訪問請求頭和頭的一個是形式

signature:user:expires
  • 我需要的訪問user形成這種request頭生成一個新的基於時間的令牌

我怎麼能有機會獲得request頭?

來源

2013-08-26 daydreamer

回答

2

我加

@Context HttpServletRequest servletRequest;

這給了我訪問頭。

我修改攔截器看起來像

@Interceptor 
@Provider 
@ServerInterceptor 
@SecurityChecked 
public class SecurityCheckInterceptor implements PreProcessInterceptor, AcceptedByMethod, PostProcessInterceptor { 
    private static final Pattern PATTERN = Pattern.compile(":"); 
    @Context 
    HttpServletRequest servletRequest; 

    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityCheckInterceptor.class); 

    @Nullable 
    @Override 
    public ServerResponse preProcess(final HttpRequest request, final ResourceMethod method) throws Failure, WebApplicationException { 
     final List<String> authToken = request.getHttpHeaders().getRequestHeader(AUTH_TOKEN); 

     if (authToken == null || !isValidToken(authToken.get(0))) { 
      final ServerResponse serverResponse = new ServerResponse(); 
      serverResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode()); 
      return serverResponse; 
     } 

     return null; 
    } 

    @SuppressWarnings("rawtypes") 
    @Override 
    public boolean accept(final Class declaring, final Method method) { 
     // return declaring.isAnnotationPresent(SecurityChecked.class); 
     return method.isAnnotationPresent(SecurityChecked.class); 
    } 

    @Override 
    public void postProcess(final ServerResponse response) { 
     final String header = servletRequest.getHeader(AUTH_TOKEN); 
     LOGGER.info("post-processing response " + header); 
     final String authToken = TokenUtils.createToken(PATTERN.split(header)[1]); 
    } 
}

,並在日誌中我看到

(http--0.0.0.0-9090-1) post-processing response InvalidTokenValue:user:1377552546572

來源

2013-08-26 21:34:41 daydreamer

相關問題

 相關問題