2

我有一个看起来像的拦截器

@Interceptor
@Provider
@ServerInterceptor
@SecurityChecked
public class SecurityCheckInterceptor implements PreProcessInterceptor, AcceptedByMethod, PostProcessInterceptor {
    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityCheckInterceptor.class);

    @Nullable
    @Override
    public ServerResponse preProcess(final HttpRequest request, final ResourceMethod method) throws Failure, WebApplicationException {
        final List<String> authToken = request.getHttpHeaders().getRequestHeader(AUTH_TOKEN);

        if (authToken == null || !isValidToken(authToken.get(0))) {
            final ServerResponse serverResponse = new ServerResponse();
            serverResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
            return serverResponse;
        }

        return null;
    }

    @SuppressWarnings("rawtypes")
    @Override
    public boolean accept(final Class declaring, final Method method) {
        // return declaring.isAnnotationPresent(SecurityChecked.class);
        return method.isAnnotationPresent(SecurityChecked.class);
    }

    @Override
    public void postProcess(final ServerResponse response) {
        LOGGER.info("post-processing response " + response.getEntity());
    }

}

我想要的是 ?
- 每次响应返回时,我都需要添加一个新AUTH_TOKEN
- 原始值request可以访问请求标头,其中一个标头的形式为

signature:user:expires
  • 我需要访问user形成此request标头以生成新的基于时间的令牌

我怎样才能访问request标题?

4

1 回答 1

1

我添加了

@Context HttpServletRequest servletRequest;

这让我可以访问标题。

我修改后的拦截器看起来像

@Interceptor
@Provider
@ServerInterceptor
@SecurityChecked
public class SecurityCheckInterceptor implements PreProcessInterceptor, AcceptedByMethod, PostProcessInterceptor {
    private static final Pattern PATTERN = Pattern.compile(":");
    @Context
    HttpServletRequest servletRequest;

    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityCheckInterceptor.class);

    @Nullable
    @Override
    public ServerResponse preProcess(final HttpRequest request, final ResourceMethod method) throws Failure, WebApplicationException {
        final List<String> authToken = request.getHttpHeaders().getRequestHeader(AUTH_TOKEN);

        if (authToken == null || !isValidToken(authToken.get(0))) {
            final ServerResponse serverResponse = new ServerResponse();
            serverResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
            return serverResponse;
        }

        return null;
    }

    @SuppressWarnings("rawtypes")
    @Override
    public boolean accept(final Class declaring, final Method method) {
        // return declaring.isAnnotationPresent(SecurityChecked.class);
        return method.isAnnotationPresent(SecurityChecked.class);
    }

    @Override
    public void postProcess(final ServerResponse response) {
        final String header = servletRequest.getHeader(AUTH_TOKEN);
        LOGGER.info("post-processing response " + header);
        final String authToken = TokenUtils.createToken(PATTERN.split(header)[1]);
    }
}

在日志中我看到

(http--0.0.0.0-9090-1) post-processing response InvalidTokenValue:user:1377552546572
于 2013-08-26T21:34:41.933 回答