<tfoot id='cs9ax'></tfoot>

    <legend id='cs9ax'><style id='cs9ax'><dir id='cs9ax'><q id='cs9ax'></q></dir></style></legend>
    • <bdo id='cs9ax'></bdo><ul id='cs9ax'></ul>

    <i id='cs9ax'><tr id='cs9ax'><dt id='cs9ax'><q id='cs9ax'><span id='cs9ax'><b id='cs9ax'><form id='cs9ax'><ins id='cs9ax'></ins><ul id='cs9ax'></ul><sub id='cs9ax'></sub></form><legend id='cs9ax'></legend><bdo id='cs9ax'><pre id='cs9ax'><center id='cs9ax'></center></pre></bdo></b><th id='cs9ax'></th></span></q></dt></tr></i><div id='cs9ax'><tfoot id='cs9ax'></tfoot><dl id='cs9ax'><fieldset id='cs9ax'></fieldset></dl></div>
  1. <small id='cs9ax'></small><noframes id='cs9ax'>

    1. 我可以向 JAX-RS 方法添加自定义注释以验证访问权

      时间:2023-09-28
        <bdo id='iU2wD'></bdo><ul id='iU2wD'></ul>

        <i id='iU2wD'><tr id='iU2wD'><dt id='iU2wD'><q id='iU2wD'><span id='iU2wD'><b id='iU2wD'><form id='iU2wD'><ins id='iU2wD'></ins><ul id='iU2wD'></ul><sub id='iU2wD'></sub></form><legend id='iU2wD'></legend><bdo id='iU2wD'><pre id='iU2wD'><center id='iU2wD'></center></pre></bdo></b><th id='iU2wD'></th></span></q></dt></tr></i><div id='iU2wD'><tfoot id='iU2wD'></tfoot><dl id='iU2wD'><fieldset id='iU2wD'></fieldset></dl></div>

            <tbody id='iU2wD'></tbody>
          1. <small id='iU2wD'></small><noframes id='iU2wD'>

            • <tfoot id='iU2wD'></tfoot>

              <legend id='iU2wD'><style id='iU2wD'><dir id='iU2wD'><q id='iU2wD'></q></dir></style></legend>

              • 本文介绍了我可以向 JAX-RS 方法添加自定义注释以验证访问权限吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

                问题描述

                例如我有以下方法:

                @GET
                    @Path("/get/current")
                    public Response getCurrentInfo(@HeaderParam("Authorization") String token){
                
                        Gson gson = new GsonBuilder()
                        .setDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS")
                        .setPrettyPrinting().create();          
                
                        String email = SecurityProvider.decryptTokenAndGetEmail(token);
                
                        if(DB.isAccessPermitted(email)){
                            Info info = DB.getCurrentInfo();
                            String json = gson.toJson(info);
                            return Response.ok(json).build();
                        }else{
                           return Response.status(401).build();
                        }
                
                    }
                

                所以改为写在每个方法中:

                So instead to write in every method:

                          if(DB.isAccessPermitted(email)){
                                Info info = DB.getCurrentInfo();
                                String json = gson.toJson(info);
                                return Response.ok(json).build();
                            }else{
                               return Response.status(401).build();
                            }
                

                我将创建例如 @SecurityCheck 注释,注释每个访问受限的方法并仅在一个地方执行检查.是否可以通过注释来实现,是否可以提供 MVCE?谢谢.

                I will create for example @SecurityCheck annotation, annotate every method which has limited access and perform check only in a single place. Is it possible to achieve with annotations and can MVCE be provided? Thank you.

                推荐答案

                如果你使用的是JAX-RS 2.0,可以注入ResourceInfo 变成一个ContainerRequestFilter,然后得到java.lang.reflect.Method 来自.从Method,你可以得到注解.例如

                If you are using JAX-RS 2.0, you can inject ResourceInfo into a ContainerRequestFilter, then get the java.lang.reflect.Method from the. From the Method, you can get the annotation. For example

                @Provider
                @Priority(Priorities.AUTHENTICATION)
                public class SecurityFilter implements ContainerRequestFilter {
                
                    @Context
                    private ResourceInfo resourceInfo;
                
                    // You can get the header from the `requestContext`
                    @Override
                    public void filter(ContainerRequestContext requestContext) {
                        Method resourceMethod = resourceInfo.getResourceMethod();
                        SecurityCheck annotation = resourceMethod.getAnnotation(SecurityCheck.class);
                        // get some value from annotation
                
                        if (notAllowedAccess) {
                            throw new WebApplicationException(403);
                        }
                    }
                }
                

                这个(ResourceInfo)只有在你需要从注解中获取一些值时才需要,比如@SecurityCheck("SomeRoleAllowed").

                This (the ResourceInfo) is only necessary though if you need to get some value from the annotation, like @SecurityCheck("SomeRoleAllowed").

                如果您不需要该值,并且您想要的只是对任何带注释的方法进行过滤,那么您可以创建一个 DynamicFeature,在其中将每个方法绑定到一个过滤器.例如

                If you don't need the value, and all you want is for any method annotated to be filtered, then you can either create a DynamicFeature, where you bind each method to a filter. For example

                @Provider
                public class SecurityCheckDynamicFeature implements DynamicFeature {
                    @Override
                    public void configure(ResourceInfo info, FeatureContext context) {
                        Method method = info.getResourceMethod();
                        SecurityCheck annotation = method.getAnnotation(SecurityCheck.class);
                        if (annotation != null) {
                            context.register(SecurityFilter.class);
                        }
                    }
                }
                

                或者另一种方法是在自定义注释上使用 @NameBinding

                Or another way is to just use @NameBinding on the custom annotation

                @NameBinding
                @Target(...)
                @Retention
                public @interface SecurityCheck {}
                

                然后你需要用注解来注解 SecurityFilter 类.任何带注释的方法或类都将通过过滤器.

                Then you need to annotate the SecurityFilter class with the annotation also. Any method or class annotated will go through the filter.

                其他资源:

                • 过滤器和拦截器

                这篇关于我可以向 JAX-RS 方法添加自定义注释以验证访问权限吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!

                上一篇:使用 @Controller 获取所有带注释的控制器 下一篇:使用 proguard 保留特定注释

                相关文章

                最新文章

                <i id='yaJl9'><tr id='yaJl9'><dt id='yaJl9'><q id='yaJl9'><span id='yaJl9'><b id='yaJl9'><form id='yaJl9'><ins id='yaJl9'></ins><ul id='yaJl9'></ul><sub id='yaJl9'></sub></form><legend id='yaJl9'></legend><bdo id='yaJl9'><pre id='yaJl9'><center id='yaJl9'></center></pre></bdo></b><th id='yaJl9'></th></span></q></dt></tr></i><div id='yaJl9'><tfoot id='yaJl9'></tfoot><dl id='yaJl9'><fieldset id='yaJl9'></fieldset></dl></div>

                  <tfoot id='yaJl9'></tfoot>
                  <legend id='yaJl9'><style id='yaJl9'><dir id='yaJl9'><q id='yaJl9'></q></dir></style></legend>
                    <bdo id='yaJl9'></bdo><ul id='yaJl9'></ul>

                    <small id='yaJl9'></small><noframes id='yaJl9'>