2
我有一個看起來像PostProcessInterceptor:如何訪問HTTP請求?
@Interceptor
@Provider
@ServerInterceptor
@SecurityChecked
public class SecurityCheckInterceptor implements PreProcessInterceptor, AcceptedByMethod, PostProcessInterceptor {
private static final Logger LOGGER = LoggerFactory.getLogger(SecurityCheckInterceptor.class);
@Nullable
@Override
public ServerResponse preProcess(final HttpRequest request, final ResourceMethod method) throws Failure, WebApplicationException {
final List<String> authToken = request.getHttpHeaders().getRequestHeader(AUTH_TOKEN);
if (authToken == null || !isValidToken(authToken.get(0))) {
final ServerResponse serverResponse = new ServerResponse();
serverResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
return serverResponse;
}
return null;
}
@SuppressWarnings("rawtypes")
@Override
public boolean accept(final Class declaring, final Method method) {
// return declaring.isAnnotationPresent(SecurityChecked.class);
return method.isAnnotationPresent(SecurityChecked.class);
}
@Override
public void postProcess(final ServerResponse response) {
LOGGER.info("post-processing response " + response.getEntity());
}
}
我想要什麼攔截?
- 每次響應追溯到我需要添加一個新的AUTH_TOKEN
價值
- 原來request
訪問請求頭和頭的一個是形式
signature:user:expires
- 我需要的訪問
user
形成這種request
頭生成一個新的基於時間的令牌
我怎麼能有機會獲得request
頭?