嵌入式Jetty:http请求到达后如何运行安全处理程序?

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了嵌入式Jetty:http请求到达后如何运行安全处理程序?相关的知识,希望对你有一定的参考价值。

我使用嵌入式Jetty和Jersey。我的问题是:在HTTP请求到达Jersey类之前,是否有可能使码头的SecurityHandler生效?

这是我的代码:(很抱歉,它可能太多了。)jetty服务器初始化的类:

public class JettyHttpComponent extends AbstractLifeCycleComponent {

    private static final String REST_SOURCE_KEY = "jersey.config.server.provider.classnames";

    //TODO Security config and implementation
    public int start() throws RuntimeException {

        Server jettyServer = new Server(8080);
        ServletContextHandler context = new ServletContextHandler(jettyServer, "/", ServletContextHandler.SESSIONS|ServletContextHandler.SECURITY);
        context.setContextPath("/");
        context.setSecurityHandler(basicAuth());


        ServletHolder jerseyServlet = context.addServlet(
             org.glassfish.jersey.servlet.ServletContainer.class, "/*");
        jerseyServlet.setInitOrder(0);

        //load rest resources
        jerseyServlet.setInitParameter(REST_SOURCE_KEY, IndexService.class.getCanonicalName());


        try {
            jettyServer.start();
            jettyServer.join();
        } catch(Exception e) {
            e.printStackTrace();
        } finally {
            jettyServer.destroy();
        }
        return 0;
    }

    public int stop() throws RuntimeException {
        //close resources
        try {
            close();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
        System.out.println("Server stopped.");
        return 0;
    }

    private SecurityHandler basicAuth() {
        ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
        LoginService loginService = new LDAPLoginService();
        securityHandler.setLoginService(loginService);  
        return securityHandler;
    }

}

LDAPLoginService中的basicAuth()类是我定制的登录类,扩展了AbstractLoginService

Jersey类处理http请求:

@Path("/index")
public class IndexService extends BaseRestService {

    @PUT
    @Consumes(MediaType.APPLICATION_JSON)
    @Produces(MediaType.APPLICATION_JSON)
    public Response index(@Context SecurityContext securityContext,
            @Context HttpHeaders headers,
            @Context HttpServletRequest httpRequest,
            @QueryParam("algorithm") String algorithm,
            @QueryParam("executionMode") String mode,
            String request) {
        long t1 = System.currentTimeMillis();
        String response = null;
        IndexContext context = null;
        try {
            init();
            //setup context with security, headers, options and request
            ServiceUserContext suc = buildServiceUserContext(securityContext, httpRequest);
            if (suc == null) {
                return Response.status(Status.UNAUTHORIZED).entity(response).build();
            }
            ServiceDataContext sdc = buildServiceDataContext(request);
            context = IndexContext.builder().algorithm(algorithm).serviceDataContext(sdc).
                    serviceUserContext(suc).build();
            //dispatch service to entity matching core services
            dispatch(context);
        } catch(Throwable t) {
            handlerErrors(t, context);
        } finally {
            if (context != null) {
                close(context);
                response = context.getServiceDataContext().getResponse();
                System.out.println("Index takes: " + (System.currentTimeMillis() - t1) + " ms");
            }
        }
        return Response.status(Status.OK).entity(response).build();
    }   
}

在方法buildServiceDataContext(),我打电话给securityContext.getUserPrincipal(),并且扩展LDAPLoginServiceAbstractLoginService类在到达securityContext.getUserPrincipal()之前什么都不做。是否有可能在一开始就运行安全检查,甚至在Jersey类开始处理请求之前?谢谢。

答案

正如@Paul Samsotha所说,ContainerRequestFilter是一个不错的选择。

以上是关于嵌入式Jetty:http请求到达后如何运行安全处理程序?的主要内容,如果未能解决你的问题,请参考以下文章

Embedded Jetty:在安全的 https 服务器中,ContextHandler 重定向到 http URI

运行具有 200 个节点的 Selenium Grid 2。如何增加 Jetty 线程?

Jetty如何检测HTTP连接是不是被客户端关闭

Jetty入门(1-2)配置Jetty - 独立运行模式

Jetty 和其他容器如何在遵守 Servlet 规范的同时利用 NIO?

Jetty嵌入式Web容器攻略