1 回答
TA贡献1998条经验 获得超6个赞
我找到了一个可行的解决方案。它包括向接口和类添加几行。@JWTTokenNeededJWTTokenNeededFilter
我最终得到了以下代码:
JWTTokenNeedFilter:
@Provider
@JWTTokenNeeded
@Priority(Priorities.AUTHENTICATION)
public class JWTTokenNeededFilter implements ContainerRequestFilter {
@Context
private ResourceInfo resourceInfo;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
// Get the HTTP Authorization header from the request
String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
try {
// Extract the token from the HTTP Authorization header
String token = authorizationHeader.substring("Bearer".length()).trim();
// Validate the token
Claims claims = Jwts.parser().setSigningKey("MYSECRET".getBytes("UTF-8")).parseClaimsJws(token).getBody();
Method method =resourceInfo.getResourceMethod();
if( method != null){
// Get allowed permission on method
JWTTokenNeeded JWTContext = method.getAnnotation(JWTTokenNeeded.class);
Role permission = JWTContext.Permissions();
if(permission != Role.NoRights ) {
// Get Role from jwt
String roles = claims.get("Role", String.class);
Role roleUser = Role.valueOf(roles);
// if role allowed != role jwt -> UNAUTHORIZED
if (!permission.equals(roleUser)) {
throw new Exception("no roles");
}
}
}
}
catch (Exception e) {
e.printStackTrace();
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
}
}
}
@JWTTokenNeeded接口:
@javax.ws.rs.NameBinding
@Retention(RUNTIME)
@Target({TYPE, METHOD})
public @interface JWTTokenNeeded {
Role Permissions() default Role.NoRights;
}
允许角色访问终端节点就像添加@JWTTokenNeeded(Permissions = Role.Admin)
下面是一个示例:
@Path("User")
public class UserResource {
@EJB
private UserappDAO userDAO;
@GET
@JWTTokenNeeded(Permissions = Role.Admin)
@Produces("application/json")
public List<Userapp> all() {
return userDAO.getAll();
}
}
添加回答
举报