2

我有一个 PicketlinkPathAuthorizer接口的自定义实现,用于检查用户是否允许使用 URL。

public class BssPathAuthorizer implements PathAuthorizer {

    @Inject
    Identity identity;

    @Override
    public boolean authorize(PathConfiguration pathConfiguration, 
                             HttpServletRequest request, 
                             HttpServletResponse response) {

        if (identity != null){

            LOG.log(Level.FINE, "Identity loggato: {0}", identity.isLoggedIn());
            String uri = request.getRequestURI();
            String contextpath = request.getContextPath();
            LOG.log(Level.FINE, "URI: {0}, context path: {1}", 
                new Object[]{uri, contextpath});

            Method m = findMethod(uri);
            ...
        }

通过 获取方法后findMethod(),我将检查一些注释,然后true如果用户有权限则返回。

  • 有没有一种简单的方法可以从请求的 URL(例如:)中检索 Java 方法.../user/edit

  • 实现它的类方法是什么(例如UserManager.edit())?

4

1 回答 1

2

您需要从 JAX-RS 获得的信息在ResourceInfo界面中可用。

请参阅下面如何在您的 PicketlinkPathAuthorizer实施中提供此信息。

定义一个类来存储你需要的数据

定义一个带有注释的类,该类@RequestScoped将存储目标类和方法:

@RequestScoped
public class RequestTarget {

    private Class<?> targetClass;
    private Method targetMethod;

    // Default constructor, getters and setters ommited
}

确保您使用的是包中的@RequestScoped注释。javax.enterprise.context

创建请求过滤器

创建一个ContainerRequestFilter以填充RequestTarget

@Provider
@Priority(1)
public class RequestTargetPopulator implements ContainerRequestFilter {

    @Context
    private ResourceInfo resourceInfo;

    @Inject
    private RequestTarget target;

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        target.setTargetClass(resourceInfo.getResourceClass());
        target.setTargetMethod(resourceInfo.getResourceMethod());
    }
}

带有值的@Priority注释1确保此过滤器将在其他过滤器之前执行。

执行注射

然后你终于可以执行RequestTargetusing的注入了@Inject

public class CustomPathAuthorizer implements PathAuthorizer {

    @Inject
    private RequestTarget target;

    @Override
    public boolean authorize(PathConfiguration pathConfiguration, 
                             HttpServletRequest request, 
                             HttpServletResponse response) {

        Class<?> targetClass = target.getTargetClass();
        Method targetMethod = target.getTargetMethod();

        ...
    }
}
于 2016-04-08T12:36:09.667 回答