在 Guice 过滤器中创建主体
Create Principal in Guice Filter
我正在尝试在 Guice 中实现自定义身份验证过滤器。我收到令牌,从令牌中获取用户名和领域,然后创建一个委托人。现在我卡住了,我不知道如何设置校长。如果我能像这样设置就好了request.setUserPrincipal(principal);,但显然我不能。
我该怎么做?
我的 doFilter 方法如下所示:
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
String authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION);
if (authorizationHeader != null && authorizationHeader.length() > 0) {
String token = authorizationHeader.substring("Bearer".length()).trim();
if (token.length() > 0) {
try {
Credentials credentials = securityService.getCredentials(token);
String username = credentials.getUsername();
String realm = credentials.getRealm();
Principal principal = new HttpPrincipal(username, realm);
// request.setUserPrincipal(principal);
LOGGER.info(credentials);
} catch (Exception e) {
LOGGER.error(e);
}
}
}
filterChain.doFilter(servletRequest, servletResponse);
}
servlet 规范第 13.10 节说:
The container establishes the caller identity of a request prior to
dispatching the request to the servlet engine. The caller identity
remains unchanged throughout the processing of the request or until
the application sucessfully calls authenticate, login or logout on the
request.
这就是没有setUserPrincipal的原因。
不过有个好消息。您可以提供自己的 getUserPrincipal,因为您可以提供自己的 HttpServletRequest 对象。任何 servlet 过滤器都可以做到。查看您的代码,您正在使用两个参数调用链方法:请求和响应。无需传递您收到的相同对象。
规范甚至为您提供了一个帮手class:HttpServletRequestWrapper。您只需创建自己的请求 class 作为包装器的子 class 并覆盖您想要的任何方法,例如 getUserPrincipal.
我正在尝试在 Guice 中实现自定义身份验证过滤器。我收到令牌,从令牌中获取用户名和领域,然后创建一个委托人。现在我卡住了,我不知道如何设置校长。如果我能像这样设置就好了request.setUserPrincipal(principal);,但显然我不能。
我该怎么做?
我的 doFilter 方法如下所示:
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
String authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION);
if (authorizationHeader != null && authorizationHeader.length() > 0) {
String token = authorizationHeader.substring("Bearer".length()).trim();
if (token.length() > 0) {
try {
Credentials credentials = securityService.getCredentials(token);
String username = credentials.getUsername();
String realm = credentials.getRealm();
Principal principal = new HttpPrincipal(username, realm);
// request.setUserPrincipal(principal);
LOGGER.info(credentials);
} catch (Exception e) {
LOGGER.error(e);
}
}
}
filterChain.doFilter(servletRequest, servletResponse);
}
servlet 规范第 13.10 节说:
The container establishes the caller identity of a request prior to dispatching the request to the servlet engine. The caller identity remains unchanged throughout the processing of the request or until the application sucessfully calls authenticate, login or logout on the request.
这就是没有setUserPrincipal的原因。
不过有个好消息。您可以提供自己的 getUserPrincipal,因为您可以提供自己的 HttpServletRequest 对象。任何 servlet 过滤器都可以做到。查看您的代码,您正在使用两个参数调用链方法:请求和响应。无需传递您收到的相同对象。
规范甚至为您提供了一个帮手class:HttpServletRequestWrapper。您只需创建自己的请求 class 作为包装器的子 class 并覆盖您想要的任何方法,例如 getUserPrincipal.