本文介绍了JAX-RS和自定义授权的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 29岁程序员,3月因学历无情被辞! 我正在尝试保护JAX-RS端点,目前正在尝试弄清楚身份验证和授权是如何工作的。大多数示例都非常简单,因为它们只是通过web.xml从Java EE App-Server角色中捎带。I'm trying to secure the JAX-RS endpoint and am currently trying to figure out how the authentication and authorization work. Most examples are quite simple as they only piggyback from Java EE App-Server role via web.xml.我想知道如何使用除Java EE AS以外的其他东西角色。例如:我想使用会话或某种令牌(或某种标识符)。I'm wondering how to use something else than the Java EE AS roles. For example: I'd like to use session or some sort of token (or some sort of identifier).推荐答案这一切取决于您正在使用的JAX-RS实现。我在嵌入式 Jersey /docs.codehaus.org/display/JETTY/Jetty+Documentation\"rel =noreferrer> Jetty 。It all depends upon the JAX-RS implementation you're using. I'm using Jersey on embedded Jetty.SecurityHandler sh = new SecurityHandler();// the UserRealm is the collection of users, and a mechanism to determine if// provided credentials are validsh.setUserRealm(new MyUserRealm());// the Authenticator is a strategy for extracting authentication credentials// from the request. BasicAuthenticator uses HTTP Basic Authsh.setAuthenticator(new BasicAuthenticator());参见如何使用嵌入式Jetty配置安全性一旦你拥有 HttpServletRequest 中的code> Principal ,您可以将这些注入到JAX-RS请求的上下文中。Once you have the Principal in the HttpServletRequest, you can inject these into the context of the JAX-RS request.public abstract class AbstractResource { private Principal principal; @Context public void setSecurityContext(SecurityContext context) { principal = context.getUserPrincipal(); } protected Principal getPrincipal() { return principal; }}@Path("/some/path")public class MyResource extends AbstractResource { @GET public Object get() { Principal user = this.getPrincipal(); // etc }} 这篇关于JAX-RS和自定义授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云!