访问

访问

关注
发信
关注(28)粉丝(399)

java - PostProcessInterceptor:如何访问HTTP请求?

我有一个看起来像的拦截器

@Interceptor
@Provider
@ServerInterceptor
@SecurityChecked
public class SecurityCheckInterceptor implements PreProcessInterceptor, AcceptedByMethod, PostProcessInterceptor {
    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityCheckInterceptor.class);

    @Nullable
    @Override
    public ServerResponse preProcess(final HttpRequest request, final ResourceMethod method) throws Failure, WebApplicationException {
        final List<String> authToken = request.getHttpHeaders().getRequestHeader(AUTH_TOKEN);

        if (authToken == null || !isValidToken(authToken.get(0))) {
            final ServerResponse serverResponse = new ServerResponse();
            serverResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
            return serverResponse;
        }

        return null;
    }

    @SuppressWarnings("rawtypes")
    @Override
    public boolean accept(final Class declaring, final Method method) {
        // return declaring.isAnnotationPresent(SecurityChecked.class);
        return method.isAnnotationPresent(SecurityChecked.class);
    }

    @Override
    public void postProcess(final ServerResponse response) {
        LOGGER.info("post-processing response " + response.getEntity());
    }

}


我想要的是 ?
-每当回复返回时,我都需要添加一个新的AUTH_TOKEN
-原始的request可以访问请求标头,并且标头之一的格式如下

signature:user:expires



我需要访问此user标头中的request以生成新的基于时间的令牌


如何访问request标头?

最佳答案

我加了

@Context HttpServletRequest servletRequest;


这使我可以访问标题。

我修改后的拦截器看起来像

@Interceptor
@Provider
@ServerInterceptor
@SecurityChecked
public class SecurityCheckInterceptor implements PreProcessInterceptor, AcceptedByMethod, PostProcessInterceptor {
    private static final Pattern PATTERN = Pattern.compile(":");
    @Context
    HttpServletRequest servletRequest;

    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityCheckInterceptor.class);

    @Nullable
    @Override
    public ServerResponse preProcess(final HttpRequest request, final ResourceMethod method) throws Failure, WebApplicationException {
        final List<String> authToken = request.getHttpHeaders().getRequestHeader(AUTH_TOKEN);

        if (authToken == null || !isValidToken(authToken.get(0))) {
            final ServerResponse serverResponse = new ServerResponse();
            serverResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
            return serverResponse;
        }

        return null;
    }

    @SuppressWarnings("rawtypes")
    @Override
    public boolean accept(final Class declaring, final Method method) {
        // return declaring.isAnnotationPresent(SecurityChecked.class);
        return method.isAnnotationPresent(SecurityChecked.class);
    }

    @Override
    public void postProcess(final ServerResponse response) {
        final String header = servletRequest.getHeader(AUTH_TOKEN);
        LOGGER.info("post-processing response " + header);
        final String authToken = TokenUtils.createToken(PATTERN.split(header)[1]);
    }
}


在日志中,我看到了

(http--0.0.0.0-9090-1) post-processing response InvalidTokenValue:user:1377552546572

10-02 05:11
Powered by LMLPHP ©2024 访问 0.042146