如何设置aop MethodInterceptor与Jersey资源一起工作?
以下是我尝试过的,遵循这个文档:
步骤1 - InterceptionService
public class MyInterceptionService implements InterceptionService
{
private final Provider<AuthFilter> authFilterProvider;
@Inject
public HK2MethodInterceptionService(Provider<AuthFilter> authFilterProvider)
{
this.authFilterProvider = authFilterProvider;
}
/**
* Match any class.
*/
@Override
public Filter getDescriptorFilter()
{
return BuilderHelper.allFilter();
}
/**
* Intercept all Jersey resource methods for security.
*/
@Override
@Nullable
public List<MethodInterceptor> getMethodInterceptors(final Method method)
{
// don't intercept methods with PermitAll
if (method.isAnnotationPresent(PermitAll.class))
{
return null;
}
return Collections.singletonList(new MethodInterceptor()
{
@Override
public Object invoke(MethodInvocation methodInvocation) throws Throwable
{
if (!authFilterProvider.get().isAllowed(method))
{
throw new ForbiddenException();
}
return methodInvocation.proceed();
}
});
}
/**
* No constructor interception.
*/
@Override
@Nullable
public List<ConstructorInterceptor> getConstructorInterceptors(Constructor<?> constructor)
{
return null;
}
}
步骤2 -注册服务
public class MyResourceConfig extends ResourceConfig
{
public MyResourceConfig()
{
packages("package.with.my.resources");
// UPDATE: answer is remove this line
register(MyInterceptionService.class);
register(new AbstractBinder()
{
@Override
protected void configure()
{
bind(AuthFilter.class).to(AuthFilter.class).in(Singleton.class);
// UPDATE: answer is add the following line
// bind(MyInterceptionService.class).to(InterceptionService.class).in(Singleton.class);
}
});
}
}
然而,这似乎不起作用,因为我的资源方法都没有被拦截。这是因为我用@ManagedAsync和我所有的资源吗?什么好主意吗?
另外,请不要建议使用ContainerRequestFilter。请参阅这个问题,了解为什么我不能使用一个来处理安全性。
我认为,而不是调用register(MyInterceptionService.class)你可能要添加到你的configure()语句:
bind(MyInterceptionService.class).to(InterceptionService.class).in(Singleton.class)
我不确定它是否会起作用,因为我自己没有尝试过,所以你的结果可能会有所不同lol