某些服务调用的 Resteasy 通用查询参数
我正在使用 Resteasy 的客户端框架,并且有一些需要对服务器进行身份验证的方法。身份验证是通过会话票证实现的,并且该票证必须作为查询参数包含在请求 URL 中。默认情况下,我需要将票证传递给所有服务调用,如下所示:
@Path("/services")
public class MyServiceClient {
@POST
@Path("service1")
public void callService1(@QueryParam("ticket") String ticket);
@GET
@Path("service2")
@Produces("text/plain")
public String callService2(@QueryParam("ticket") String ticket, ...);
}
但我不想将票证参数传递给每个服务调用。我需要一个解决方案,以通用的方式将其设置为每个调用的查询参数。因此,我的服务调用方法将仅采用除票证之外的实际服务参数。但是,当请求服务时,票证将包含在请求 URL 中。
有办法做到这一点吗?
提前致谢。
I'm using Resteasy's client framework and I have some methods which require authentication to the server. The authentication is achieved via a session ticket and this ticket must be included as a query parameter in the request URL. By default solution I need to pass the ticket to all my service calls as follows:
@Path("/services")
public class MyServiceClient {
@POST
@Path("service1")
public void callService1(@QueryParam("ticket") String ticket);
@GET
@Path("service2")
@Produces("text/plain")
public String callService2(@QueryParam("ticket") String ticket, ...);
}
But I don't want to pass the ticket parameter to each of my service calls. I need a solution to set it as a query parameter for each of these calls in a common way. So, my service call methods will only take actual service parameters except the ticket. But, when a service is requested the ticket will be included at the request URL.
Is there a way to do this?
Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我也有同样的情况。很抱歉复活了一个旧线程,但无论如何...
与其将票证放在查询字符串上,为什么不将其作为 HTTP 标头包含进来,特别是像这样的授权标头:
您也可以接受基本身份验证。这样您就可以从网络浏览器中使用 API,而无需任何花哨的插件或扩展。标头如下所示:
然后,在服务器端代码中,使用 HttpServletFilter 来保护对 RestEasyServlet 的所有访问。在 doFilter 方法中,读取 Authorization 标头。仅当标头签出时才调用 chain.doFilter (它将把请求传递给 RestEasyServlet)。如果它不存在或已过期或无效等,则从您的过滤器返回 HTTP 401。
如果您的身份验证标头以“Token”开头,请去掉前六个字符,然后获取其余的值并在您的会话数据库表或映射。如果它在那里并且没有过期,那么就让他们通过。
如果您的 auth 标头以“Basic”开头,请去掉前六个字符并使用 Base64 解码其余字符。在“:”上拆分并使用两个标记在数据库中查找用户。
我也在我的过滤器中做了一些作弊。由于无论如何我都必须从数据库中查找该令牌(或用户名/密码),因此我从 ResultSet 创建一个 User 对象并将其存储在过滤器上的 ThreadLocal 中。然后,我在过滤器上提供一个静态方法,让我可以从 JVM 中的其他任何位置访问“当前用户”。我在过滤器中使用 try/finally 来清除 ThreadLocal,以便在请求完成后它总是会被清除。
I have the same situation. Sorry for resurrecting an old thread, but anyway...
Instead of putting the ticket on the query string, why not include it as an HTTP header, specifically, an Authorization header like this:
You could also accept Basic auth too. This let's you exercise the API from a web browser without any fancy plugins or extensions. The header would look like this:
Then, in your server-side code, use an HttpServletFilter to guard all access to your RestEasyServlet. In the doFilter method, read the Authorization header. Only call chain.doFilter (which will pass the request on to the RestEasyServlet) if the header checks out. If it's not there or expired or invalid, etc, then from your filter return an HTTP 401.
If your auth header starts with "Token ", strip off the first six chars and then grab the rest of the value and do a lookup in your session database table or Map. If it's in there and not expired, then let them through.
If your auth header starts with "Basic ", strip off the first six chars and Base64 decode the rest. Split on the ":" and use the two tokens to look the user up in your database.
I also cheat a little in my filter. Since I have to look that token (or username/password) up from a database anyway, I create a User object from the ResultSet and store it in a ThreadLocal on the filter. I then provide a static method on my filter that let's me access the "current user" from anywhere else in the JVM. I use a try/finally in my filter to clear the ThreadLocal so that it'll always get cleared out after the request is finished.
我认为您可以将 @PathParams 绑定到封闭类,这样它们就可以在每个方法中使用而无需重新声明。我从未尝试过,但在这里看到了一个例子:
http://www.mastertheboss.com/web -interfaces/309-handling-web-parameters-with-resteasy.html
I think you can bind @PathParams to the enclosing class so they can be used in each method without redeclaration. I've never tried it but saw an example, here:
http://www.mastertheboss.com/web-interfaces/309-handling-web-parameters-with-resteasy.html