我有一个拦截器,看起来像
@Interceptor
@Provider
@ServerInterceptor
@SecurityChecked
public class SecurityCheckInterceptor implements PreProcessInterceptor, AcceptedByMethod, PostProcessInterceptor {
private static final Logger LOGGER = LoggerFactory.getLogger(SecurityCheckInterceptor.class);
@Nullable
@Override
public ServerResponse preProcess(final HttpRequest request, final ResourceMethod method) throws Failure, WebApplicationException {
final List<String> authToken = request.getHttpHeaders().getRequestHeader(AUTH_TOKEN);
if (authToken == null || !isValidToken(authToken.get(0))) {
final ServerResponse serverResponse = new ServerResponse();
serverResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
return serverResponse;
}
return null;
}
@SuppressWarnings("rawtypes")
@Override
public boolean accept(final Class declaring, final Method method) {
// return declaring.isAnnotationPresent(SecurityChecked.class);
return method.isAnnotationPresent(SecurityChecked.class);
}
@Override
public void postProcess(final ServerResponse response) {
LOGGER.info("post-processing response " + response.getEntity());
}
}
我想要什么?
- 每次响应返回时,我都需要添加一个新的 AUTH_TOKEN 值
- 原始请求可以访问请求 header ,其中一个 header 的形式为
signature:user:expires
- 我需要访问
user形成此requestheader 以生成新的基于时间的 token
我怎样才能访问请求 header ?
最佳答案
我加了
@Context HttpServletRequest servletRequest;
这让我可以访问标题。
我修改后的拦截器看起来像
@Interceptor
@Provider
@ServerInterceptor
@SecurityChecked
public class SecurityCheckInterceptor implements PreProcessInterceptor, AcceptedByMethod, PostProcessInterceptor {
private static final Pattern PATTERN = Pattern.compile(":");
@Context
HttpServletRequest servletRequest;
private static final Logger LOGGER = LoggerFactory.getLogger(SecurityCheckInterceptor.class);
@Nullable
@Override
public ServerResponse preProcess(final HttpRequest request, final ResourceMethod method) throws Failure, WebApplicationException {
final List<String> authToken = request.getHttpHeaders().getRequestHeader(AUTH_TOKEN);
if (authToken == null || !isValidToken(authToken.get(0))) {
final ServerResponse serverResponse = new ServerResponse();
serverResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
return serverResponse;
}
return null;
}
@SuppressWarnings("rawtypes")
@Override
public boolean accept(final Class declaring, final Method method) {
// return declaring.isAnnotationPresent(SecurityChecked.class);
return method.isAnnotationPresent(SecurityChecked.class);
}
@Override
public void postProcess(final ServerResponse response) {
final String header = servletRequest.getHeader(AUTH_TOKEN);
LOGGER.info("post-processing response " + header);
final String authToken = TokenUtils.createToken(PATTERN.split(header)[1]);
}
}
在我看到的日志中
(http--0.0.0.0-9090-1) post-processing response InvalidTokenValue:user:1377552546572
关于java - 后处理拦截器 : How to access HTTP request?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18453222/