我想用某种“角色”属性来注释我的所有 JAX-RS 资源,该属性将由访问控制过滤器通过上下文读取。此类 JAX-RS 资源的示例是(psuedo):
@Path("foo")
public class FooResource {
@GET
@Context(roles = "admin,user")
public Response foo() {
return Response.noContent().build();
}
}
因此,AccessControlFilter 将有权访问特定于资源的“角色”值:
public class AccessControlFilter {
@Override
public void filter(ContainerRequestContext context) throws IOException {
String accessToken = accessToken(context);
String roles = context.getContext("roles");
// ... validate access Token against roles ...
}
@Nullable
private static String accessToken(ContainerRequestContext context) {
Map<String, Cookie> cookies = context.getCookies();
Cookie accessTokenCookie = cookies.get("access_token");
if (accessTokenCookie != null) {
return accessTokenCookie.getValue();
}
return null;
}
}
我一直在挖掘:
最佳答案
只需将 ResourceInfo
注入(inject)过滤器类即可。从那里您可以获取资源Method
。然后只需使用一些反射来获取注释即可。
@Context
private ResourceInfo resourceInfo;
@Override
public void filter(...) {
Method method = resourceInfo.getResourceMethod();
MyAnnotation anno = method.getAnnotation(MyAnnotation.class);
if (anno != null) {
String roles = anno.value();
}
}
关于Java (Jersey 2 + Grizzly 2) JAX-RS 端点的自定义资源注释?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41370315/