0

我正在使用具有身份验证和授权的 Embedded Jetty 创建我的第一个 Restful Web 服务,并且我有一个过滤器,我想在其中注入一个用户对象(员工),然后我可以使用 ResteasyProviderFactory.pushContext() 在服务 bean 中检索 @上下文注释,但无论我尝试什么对象总是为空。我将不胜感激任何帮助。

@PreMatching
public class AuthenticationHandler implements ContainerRequestFilter {


@Inject private PxCredentialService credentialService;


@Override
public void filter(ContainerRequestContext requestContext) throws IOException {

    Response faultresponse = createFaultResponse();

    String authorization = requestContext.getHeaderString("Authorization");
    String[] parts = authorization.split(" ");
    if (parts.length != 2 || !"Basic".equals(parts[0])) {
        requestContext.abortWith(createFaultResponse());
        return;
    }

    String decodedValue = null;
    try {
        decodedValue = new String(Base64Utility.decode(parts[1]));
    } catch (Base64Exception ex) {
        requestContext.abortWith(createFaultResponse());
        return;
    }
    String[] namePassword = decodedValue.split(":");
    Employee emp = credentialService.getCredentialsByLoginAndPass(namePassword[0], namePassword[1], true);
    if ( emp != null) {
    ResteasyProviderFactory.pushContext(Employee.class, emp);
    } else {
        throw new NullPointerException("False Login");//requestContext.abortWith(Response.status(401).build());
    }

}

@Path( "/people" )
public class PeopleRestService implements credentials {
@Inject private PeopleService peopleService;
@Inject private GenericUserRightsUtil genericUserRightsUtil;


@Produces( { "application/json" } )
@GET
public Collection<Person> getPeople(@Context Employee emp) {

    Employee emp = (Employee)crc.getProperty("Employee");

    return peopleService.getPeople( page, 5 );
}

}

4

1 回答 1

0

据我了解,您需要一种简单的方法来识别在资源方法中执行请求的用户。您是否考虑过为请求设置 aSecurityContext和 a ?Principal

在您的过滤器中,如果用户凭据有效,请执行以下操作

final SecurityContext currentSecurityContext = requestContext.getSecurityContext();
requestContext.setSecurityContext(new SecurityContext() {

    @Override
    public Principal getUserPrincipal() {

        return new Principal() {

            @Override
            public String getName() {
                return username;
            }
        };
    }

    @Override
    public boolean isUserInRole(String role) {
        return true;
    }

    @Override
    public boolean isSecure() {
        return currentSecurityContext.isSecure();
    }

    @Override
    public String getAuthenticationScheme() {
        return "Basic";
    }
});

您的资源方法将如下所示:

@GET
@Path("{id}")
@Produces(MediaType.APPLICATION_JSON)
public Response foo(@PathParam("id") Long id, 
                    @Context SecurityContext securityContext) {
    ...
}

要获得Principal,请使用:

Principal principal = securityContext.getUserPrincipal();
String username = principal.getName();
于 2017-11-02T10:10:55.487 回答