问题描述

我已经按照下面链接中pandadb给出的所有步骤进行了操作如何选择使用自定义Dropwizard过滤器保护资源

I have followed all the steps given in Answer by pandadb in below linkHow to Optionally Protect a Resource with Custom Dropwizard Filter

我在资源方法中添加了自定义注释，但是未调用自定义授权过滤器.

I added my custom annotaion to the resource method but the custom authorisation filter is not being called.

谁能告诉我我可能错过的事情.

can anyone tell me what i might have missed.

更新:-我正在使用java8的dropwizard 1.0，并使用maven构建应用.

Update:- I am using dropwizard 1.0 using java8 and building the app using maven.

推荐答案

首先检查此Dropwizard功能示例和 Dropwizard授权.然后，请提供更多详细信息，已经完成的操作以及正在使用的Dropwizard版本.

First of all check this Dropwizard Feature example and Dropwizard Authorization. Then please provide more details, what you have done already and what Dropwizard Version you are using.

毕竟，我已经猜到了，您已经做了什么...

After all I have to guess, what you have done already...

您已创建自定义授权者?

You have create your custom authorizer?

public class YourCustomAuthorizer implements Authorizer<User> {
    @Override
    public boolean authorize(User user, String role) {
        return user.getName().equals("good-guy") && role.equals("ADMIN");
    }
}

您已注释资源?

@RolesAllowed("ADMIN")
@GET
public SecretPlan getSecretPlan() {
    return dao.findPlanForUser(user);
}

您在应用程序运行方法中注册了身份验证和授权类吗?

You registered the authentication and authorization classes in your application run method?

@Override
public void run(ExampleConfiguration configuration,
                Environment environment) {
    environment.jersey().register(new AuthDynamicFeature(
            new BasicCredentialAuthFilter.Builder<User>()
                .setAuthenticator(new YourCustomAuthenticator())
                .setAuthorizer(new YourCustomAuthorizer())
                .setRealm("SUPER SECRET STUFF")
                .buildAuthFilter()));
    environment.jersey().register(RolesAllowedDynamicFeature.class);
    //If you want to use @Auth to inject a custom Principal type into your resource
    environment.jersey().register(new AuthValueFactoryProvider.Binder<>(User.class));
}

如果您已完成此操作，并且您之前进行过身份验证没问题，那么它应该可以工作.如果要在不进行身份验证/授权的情况下授权所有GETS，并且仅对经过身份验证的用户授权POST，则可以执行以下操作:

If you have done this, it should work, if your authentication is done before and is ok. If you want to authorize all GETS without authentication/autorization and authorize only POSTs for authenticated users, you can do this:

// do not add any annotations here and all users without authentication can do this GET @RolesAllowed("ADMIN")
// do not use '@Auth User user' in method params and do not annotate this method with '@Auth' if you want non authenticated users to do the GET
@GET
public SecretPlan getSecretPlan() {
    return dao.findPlanForUser(user);
}

//here just authorized useras can do HTTP POSTs
@RolesAllowed("ADMIN")
@GET
public SecretPlan postSecretPlan() {
    return dao.findPlanForUser(user);
}

我过去遇到的另一个问题是，我使用ANT和IVY而不是Maven来构建应用程序.如果做错了，这可能会导致一些问题.

Another problem I had in past, was that I build my application with ANT and IVY and not with Maven. This can cause several problems, if doing it wrong.

如果您的问题仍未解决，请提供更多信息，而不是请解决".*

If your problem is not solved, please provide more informations than "It does not work, please help".*

这篇关于具有DynamicFeature的Dropwizard customAuthorizationFilter的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！