我使用 jax-rs 构建了 REST API。为了处理身份验证,我使用拦截器。当身份验证失败时,我返回 WebApplicationException,如下所示:
try
{
Authentication authentication = authenticationManager
.authenticate(new UsernamePasswordAuthenticationToken(policy.getUserName(), policy.getPassword()));
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(authentication);
}
catch (AuthenticationServiceException | BadCredentialsException e)
{
throw new WebApplicationException(Response.Status.UNAUTHORIZED); //TODO set response status
}
但它返回 startus 500 而不是 401。
当我在服务中抛出 WebApplicationExceptions 时,它返回我设置的状态,但在拦截器中它不起作用。如何从拦截器返回401?
jaxrs:服务器配置:
<jaxrs:server id="restService" address="/rest">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<jaxrs:inInterceptors>
<ref bean="securityInterceptor"/>
</jaxrs:inInterceptors>
</jaxrs:server>
<bean id="serviceBean" class="some_package.CustomerService"/>
<bean id="securityInterceptor" class="some_package.AuthenticatorInterceptor"/>
最佳答案
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.ext.Provider;
@Provider
public class Example implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext requestContext) {
requestContext.abortWith(Response.status(Status.UNAUTHORIZED).build());
}
}
关于java - jaxrs - 拦截器返回状态 500 时抛出错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25604012/