问题
Im work on : Best practice for REST token-based authentication with JAX-RS and Jersey
But my filter not triggered, my call pass directly to the endpoint...
My secure interface:
@Qualifier
@Retention(RUNTIME)
@Target({METHOD, FIELD, PARAMETER, TYPE})
public @interface Secure {
}
My filter:
@Secure
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
// Get the HTTP Authorization header from the request
String authorizationHeader =
requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
// Check if the HTTP Authorization header is present and formatted correctly
if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
throw new NotAuthorizedException("Authorization header must be provided");
}
// Extract the token from the HTTP Authorization header
String token = authorizationHeader.substring("Bearer".length()).trim();
try {
Token tk = new Token();
tk.validarToken(token);
} catch (Exception e) {
requestContext.abortWith(
Response.status(Response.Status.UNAUTHORIZED).build());
}
}
My endpoint:
package api;
import filters.Secure;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
@Path("service")
public class Service {
@GET
@Secure
@Path("/sapo")
@Produces("application/json")
@Consumes("application/json")
public Response mySecuredMethod() {
return Response.ok("sapo").build();
}
}
And my web.xml(Its ok ??):
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>api</param-value>
</init-param>
<init-param>
<param-name>import javax.ws.rs.container.ContainerRequestFilter</param-name>
<param-value>filters.AuthenticationFilter;api.Service</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/api/*</url-pattern>
</servlet-mapping>
I read a lot of question related in stack, but can not find the error.
Anyone have idea?
Thanks in advance.
回答1:
-here comes the necromancer badge -
First of all, Filters are applied globally by default.So , If you don't need to restrict this filter to specific resources, you don't even need your "Secure" interface.
But , If you indeed intend to use the filter on some specific resources , you need to use the @NameBinding meta-annotation for Jersey , instead of the Spring @Qualifier annotation.
回答2:
Replace @Qualifier
with @NameBinding
来源:https://stackoverflow.com/questions/38679654/jax-rs-my-filter-is-not-working