我有一个看起来像的拦截器
@Interceptor
@Provider
@ServerInterceptor
@SecurityChecked
public class SecurityCheckInterceptor implements PreProcessInterceptor, AcceptedByMethod, PostProcessInterceptor {
private static final Logger LOGGER = LoggerFactory.getLogger(SecurityCheckInterceptor.class);
@Nullable
@Override
public ServerResponse preProcess(final HttpRequest request, final ResourceMethod method) throws Failure, WebApplicationException {
final List<String> authToken = request.getHttpHeaders().getRequestHeader(AUTH_TOKEN);
if (authToken == null || !isValidToken(authToken.get(0))) {
final ServerResponse serverResponse = new ServerResponse();
serverResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
return serverResponse;
}
return null;
}
@SuppressWarnings("rawtypes")
@Override
public boolean accept(final Class declaring, final Method method) {
// return declaring.isAnnotationPresent(SecurityChecked.class);
return method.isAnnotationPresent(SecurityChecked.class);
}
@Override
public void postProcess(final ServerResponse response) {
LOGGER.info("post-processing response " + response.getEntity());
}
}
我想要的是 ?
-每当回复返回时,我都需要添加一个新的
AUTH_TOKEN
值-原始的
request
可以访问请求标头,并且标头之一的格式如下signature:user:expires
我需要访问此
user
标头中的request
以生成新的基于时间的令牌如何访问
request
标头? 最佳答案
我加了
@Context HttpServletRequest servletRequest;
这使我可以访问标题。
我修改后的拦截器看起来像
@Interceptor
@Provider
@ServerInterceptor
@SecurityChecked
public class SecurityCheckInterceptor implements PreProcessInterceptor, AcceptedByMethod, PostProcessInterceptor {
private static final Pattern PATTERN = Pattern.compile(":");
@Context
HttpServletRequest servletRequest;
private static final Logger LOGGER = LoggerFactory.getLogger(SecurityCheckInterceptor.class);
@Nullable
@Override
public ServerResponse preProcess(final HttpRequest request, final ResourceMethod method) throws Failure, WebApplicationException {
final List<String> authToken = request.getHttpHeaders().getRequestHeader(AUTH_TOKEN);
if (authToken == null || !isValidToken(authToken.get(0))) {
final ServerResponse serverResponse = new ServerResponse();
serverResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
return serverResponse;
}
return null;
}
@SuppressWarnings("rawtypes")
@Override
public boolean accept(final Class declaring, final Method method) {
// return declaring.isAnnotationPresent(SecurityChecked.class);
return method.isAnnotationPresent(SecurityChecked.class);
}
@Override
public void postProcess(final ServerResponse response) {
final String header = servletRequest.getHeader(AUTH_TOKEN);
LOGGER.info("post-processing response " + header);
final String authToken = TokenUtils.createToken(PATTERN.split(header)[1]);
}
}
在日志中,我看到了
(http--0.0.0.0-9090-1) post-processing response InvalidTokenValue:user:1377552546572