java jax-rs拦截器_为webService添加Interceptor(拦截器)

今天写一个简单的拦截器，以webService接口为例：

背景：H5的一个项目，只要调用H5webService 接口下面的方法都会触发一个AuthorityInterceptor去验证是否调用类型是H5，session是否失效.

1.需要自己定义一个Interceptor，我定义的Interceptor去验证调用类型moduleType和session：

packagecom.lcc.h5.ws;importcom.lcc.api.dto.session.SessionInfo;importcom.lcc.api.exception.AccessDeniedException;importcom.lcc.api.web.common.ModuleType;importcom.lcc.logger.Logger;importcom.lcc.logger.LoggerFactory;importcom.lcc.service.BaseAuthorityService;importorg.apache.commons.lang3.StringUtils;importorg.apache.cxf.interceptor.Fault;importorg.apache.cxf.message.Message;importorg.apache.cxf.phase.AbstractPhaseInterceptor;importorg.apache.cxf.transport.http.AbstractHTTPDestination;importjavax.servlet.http.HttpServletRequest;public class AuthorityInterceptor extends AbstractPhaseInterceptor{private static final Logger LOGGER = LoggerFactory.getLogger(AuthorityInterceptor.class);privateBaseAuthorityService authorityService;publicAuthorityInterceptor(String phase) {super(phase);

}publicAuthorityInterceptor() {this("post-stream");

}

@Overridepublic void handleMessage(Message message) throwsFault {

Fault fault= new Fault(new AccessDeniedException("illeagl moduleType access"));

fault.setStatusCode(421);

HttpServletRequest httpRequest=(HttpServletRequest) message.get(AbstractHTTPDestination.HTTP_REQUEST);

String sessionId= httpRequest.getHeader("Token");if(StringUtils.isBlank(sessionId)) {

LOGGER.info("blank session");throwfault;

}

LOGGER.info("session authority, session id {}", sessionId);

String moduleKey= httpRequest.getHeader("moduleType");if(StringUtils.isEmpty(moduleKey)) {

LOGGER.info("moduleType is empty");throwfault;

}

ModuleType module=ModuleType.fromKey(moduleKey);

SessionInfo sessionInfo= null;if(ModuleType.H5.equals(module)) {

sessionInfo=authorityService.getSessionInfo(sessionId);if (sessionInfo == null) {throwfault;

}

}else{throwfault;

}

}public voidsetAuthorityService(BaseAuthorityService authorityService) {this.authorityService =authorityService;

}

}

上面Interceptor用到的java bean:

public abstract class SessionInfo implementsSerializable {private static final long serialVersionUID = 6544973626519192604L;privateString key;//timestamp

privateLong createdAt;//unit: second

privateLong expiryTime;publicString getKey() {returnkey;

}public voidsetKey(String key) {this.key =key;

}publicLong getCreatedAt() {returncreatedAt;

}public voidsetCreatedAt(Long createdAt) {this.createdAt =createdAt;

}publicLong getExpiryTime() {returnexpiryTime;

}public voidsetExpiryTime(Long expiryTime) {this.expiryTime =expiryTime;

}

@OverridepublicString toString() {return new StringBuilder().append("{key: ").append(key).append(", createdAt: ").append(createdAt)

.append(", expiryTime: ").append(expiryTime).append("}").toString();

}

}

=====================

为了防止别人恶意访问接口，我们可以给调用类型加密，内部调用直接传入加密后的String，在后台去转换验证即可.

public enumModuleType {

H5("md5加密码");privateString key;

ModuleType(String key) {this.key =key;

}publicString getKey() {returnkey;

}

}

BaseAuthorityService及其实现类 请参考http://www.cnblogs.com/cc-java/p/6625998.html

2.Interceptor写好了，接下来就看下怎么在xml配置文件里面为webService配置Interceptor

到这里就已经为h5WebService接口配置好AuthorityInterceptor拦截器了；只要访问这个接口都会先进入拦截器里面去验证session和项目调用的类型；