EJB 是怎样通过Resteasy进行验证的

最新推荐文章于 2021-03-02 02:19:05 发布

wcye001

最新推荐文章于 2021-03-02 02:19:05 发布

阅读量283

点赞数 1

本文链接：https://blog.csdn.net/wcye001/article/details/51513415

版权

今天用SOAPUI发request到后台，给了个401 error，想跟踪下代码来查看如何进行验证的，于是就各种找。

1. 现在的项目用的是EJB3，JBOSS，查看web.xml 可以看到是用Resteasy 进行验证的：

<web-app>
...
   <context-param>
      <context-name>resteasy.role.based.security</context-name>
      <context-value>true</context-value>
   </context-param>
</web-app>

以下摘自JBOSS官网（貌似resteasy也是JBOSS的？）：

How does Resteasy do authorization? Well, its really simple. It just sees if a method is annotated with @RolesAllowed and then just does HttpServletRequest.isUserInRole. If one of the the @RolesAllowed passes, then allow the request, otherwise, a response is sent back with a 401 (Unauthorized) response code.

所以也就是说只要 HttpServletRequest.isUserInRole给个true 就OK了

以下更多的resteasy配置在web.xml中供您参考：

<web-app>

   <context-param>
      <context-name>resteasy.role.based.security</context-name>
      <context-value>true</context-value>
   </context-param>

   <listener>
      <listener-class>org.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
   </listener>

   <servlet>
      <servlet-name>Resteasy</servlet-name>
      <servlet-class>org.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
   </servlet>

   <servlet-mapping>
      <servlet-name>Resteasy</servlet-name>
      <url-pattern>/*</url-pattern>
   </servlet-mapping>

   <security-constraint>
      <web-resource-collection>
         <web-resource-name>Resteasy</web-resource-name>
         <url-pattern>/security</url-pattern>
      </web-resource-collection>
       <auth-constraint>
         <role-name>admin</role-name>
         <role-name>user</role-name>
      </auth-constraint>
  </security-constraint>

   <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>Test</realm-name>
   </login-config>

   <security-role>
      <role-name>admin</role-name>
   </security-role>
   <security-role>
      <role-name>user</role-name>
   </security-role>


</web-app>

2.再来看看Resteasy 与EJB的集成:

Resteasy currently only has simple integration with EJBs. To make an EJB a JAX-RS resource, you must annotate an SLSB's @Remote or @Local interface with JAX-RS annotations:

1)应该有一个@Remote or @Local aannotation在你的EJB里，通常在类名上面，E.G.：

2）Next, in RESTeasy's web.xml file you must manually register the EJB with RESTeasy using the resteasy.jndi.resources <context-param>

<web-app>
   <display-name>Archetype Created Web Application</display-name>
   <context-param>
      <param-name>resteasy.jndi.resources</param-name>
      <param-value>LibraryBean/local</param-value>
   </context-param>

   <listener>
      <listener-class>org.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
   </listener>

   <servlet>
      <servlet-name>Resteasy</servlet-name>
      <servlet-class>org.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
   </servlet>

   <servlet-mapping>
      <servlet-name>Resteasy</servlet-name>
      <url-pattern>/*</url-pattern>
   </servlet-mapping>

</web-app>

第一篇博客，也不review一遍了，如果有错误的地方，敬请指出

wcye001

关注

1
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
EJB 是怎样通过Resteasy进行验证的

今天用SOAPUI发request到后台，给了个401 error，想跟踪下代码来查看如何进行验证的，于是就各种找。1. 现在的项目用的是EJB3，JBOSS，查看web.xml 可以看到是用Resteasy 进行验证的：... resteasy.role.based.security true 以下摘自JBOSS官网（貌似reste
复制链接

扫一扫