{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 ら.Afraid 的问题《JAX-RS 2.0 Filter parameters via @NameBinding anno》','https://www.manongdao.com/q-521210.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I've created some JAX-RS 2.0 resources (using Jeresey 2.4 running in a Servlet container) and a filter that handles authentication and authorisation that can be selectively applied via a @NameBinding annotation. This all works great.
I would like to be able to define some parameters on this annotation (specifically, security permissions that are required to access each method/resource) that can be available to the filter at runtime to alter this behaviour.
I notice that interceptors can do this via javax.ws.rs.ext.InterceptorContext.getAnnotations() but there is no equivalent in javax.ws.rs.container.ContainerRequestContext for filters. Any ideas how this may be achieved? I would like to be able to do something like the following:
@Target({TYPE, METHOD})
@Retention(value = RetentionPolicy.RUNTIME)
@NameBinding
public @interface Secured {
String[] requiredPermissions() default {};
}
@Secured
@Priority(Priorities.AUTHENTICATION)
public class SecurityRequestFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext containerRequestContext) throws IOException {
// extract credentials, verify them and check that the user has required permissions, aborting if not
}
}
@Path("/userConfiguration/")
public class UserConfigurationResource {
@GET
@Produces(MediaType.APPLICATION_XML)
@Secured(requiredPermissions = {"configuration-permission"})
public Response getConfig(@Context HttpServletRequest httpServletRequest) {
// produce a response
}
}
You can get this information from UriInfo, particularly it's (Jersey specific) ExtendedUriInfo subinterface. To obtain an instance either invoke ContainerRequestContext#getUriInfo() and cast it
or inject it into your filter:
then
In the second approach you can implement DynamicFeature and assign your filter only to a particular resource methods (i.e. in case the configuration of the filter is more complex, filter applies only to a couple of methods and you want to reduce the overhead, ...). Take a look at the implementation of RolesAllowedDynamicFeature which adds support for security annotations over resource methods in Jersey.
For a non-vendor specific solution, since JAX-RS 2.0 you can use
ResourceInfo: