RoleBasedSecurityFilter

RoleBasedSecurityFilter

关注
发信
关注(28)粉丝(399)

是否可以禁用RESTEasy的RoleBasedSecurityFilter.java?

本文介绍了是否可以禁用RESTEasy的RoleBasedSecurityFilter.java?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在开发一个使用JBoss RESTEasy(resteasy-jaxrs-3.0.8)的Web应用程序,但是我想禁用 RoleBasedSecurityFilter.java ,仅使用我自己的自定义SecurityInterceptor类(就像RoleBasedSecurityFilter类一样也实现了javax.ws.rs.container.ContainerRequestFilter,因此它们都是安全筛选器.

I am developing a Web application which uses JBoss RESTEasy (resteasy-jaxrs-3.0.8) but I want to disable the RoleBasedSecurityFilter.java and only use my own custom SecurityInterceptor class (which also implements javax.ws.rs.container.ContainerRequestFilter just as the RoleBasedSecurityFilter class does, so they are both security filters).

这样做的原因是调用 isUserInRole()方法,它在我的应用程序中始终返回false.结果,抛出了 ForbiddenException ,这阻止了用户访问他应该有权访问的资源.

The reason for this is that line 43 in RoleBasedSecurityFilter.java calls a isUserInRole() method, which always returns false in my application. And as result a ForbiddenException gets thrown, which prevents the user from accessing resources he should have access to.

我真的很喜欢能够使用 @RolesAllowed注释来声明哪些角色可以访问某些功能,但是如所解释的那样, RoleBasedSecurityFilter 类阻止了此功能.所以我的问题是,有人知道如何禁用一个特定的RESTEasy过滤器(即 RoleBasedSecurityFilter )吗?

I really like being able to use the @RolesAllowed annotation to declare which roles have access to certain functionalities, but as explained, the RoleBasedSecurityFilter class is blocking this. So my question is, does anyone know how to disable one specific RESTEasy filter (i.e. RoleBasedSecurityFilter)?

我想这可能会在部署描述符(web.xml)中完成(例如,使用上下文参数元素),但是我不知道如何实际禁用该过滤器.

I'd imagine that it might be done in the deployment descriptor (web.xml) (for example with a context-param element), but I have no clue how to actually disable the filter.

我意识到我也可以更改我正在使用的RESTEasy库的 RoleBasedSecurityFilter.java 文件中的行,但是这种方法对我来说太过棘手,因为我不想被困住以便每次我升级RESTEasy版本时再次应用此技巧. (不知道会多久一次..)

I realize I could also change the line in the RoleBasedSecurityFilter.java file in the RESTEasy library I am using, but that approach is too hacky for me as I don't want to be stuck having to apply this hack again everytime I would upgrade my RESTEasy version. (not sure how often that would be though..)

推荐答案

您可以通过在web.inf部署描述符中添加此配置来启用/禁用基于角色的安全性.

You can enable / disable the role based security by adding this configuration in the web.inf deployment descriptor.

<context-param>
    <param-name>resteasy.role.based.security</param-name>
    <param-value>true</param-value>
</context-param>

希望这会有所帮助.

这篇关于是否可以禁用RESTEasy的RoleBasedSecurityFilter.java?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-12 06:20
Powered by LMLPHP ©2025 RoleBasedSecurityFilter 0.040327