Reputation: 489
I am trying to create a filter for a REST API I have developed following these question Best practice for REST token-based authentication with JAX-RS and Jersey.
The problem is whatever of the methods I am invoking the filter doesnt appear to work.
These are my classes:
Secured.java
@NameBinding
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
public @interface Secured {
}
AuthenticationFilter.java
@Secured
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter{
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
// Get the HTTP Authorization header from the request
String authorizationHeader =
requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
// Check if the HTTP Authorization header is present and formatted correctly
if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
throw new NotAuthorizedException("Authorization header must be provided");
}
// Extract the token from the HTTP Authorization header
String token = authorizationHeader.substring("Bearer".length()).trim();
try {
// Validate the token
validateToken(token);
} catch (Exception e) {
requestContext.abortWith(
Response.status(Response.Status.UNAUTHORIZED).build());
}
}
private void validateToken(String token) throws Exception {
// Check if it was issued by the server and if it's not expired
// Throw an Exception if the token is invalid
}
}
RestService.java
@Path("/test")
public class RestService {
TestDAO testDAO;
@GET
@Secured
@Path("/myservice")
@Produces("application/json")
public List<Test> getEverisTests() {
testDAO=(TestDAO) SpringApplicationContext.getBean("testDAO");
long start = System.currentTimeMillis();
List<Test> ret = testDAO.getTests();
long end = System.currentTimeMillis();
System.out.println("TIEMPO TOTAL: " + (end -start));
return ret;
}
}
RestApplication.java
public class RestApplication extends Application{
private Set<Object> singletons = new HashSet<Object>();
public RestApplication() {
singletons.add(new RestService());
singletons.add(new AuthenticationFilter());
}
@Override
public Set<Object> getSingletons() {
return singletons;
}
}
I am missing something? Thanks in advance.
Upvotes: 3
Views: 4666
Reputation: 489
The solution was to update Jboss modules of resteasy following this page resteasy and selecting the version of resteasy that I was using.
Thanks for the answers by the way!
Upvotes: 1
Reputation: 131237
Your AuthenticationFilter
may not be registered.
It's very likely you have an Application
subclass somewhere in your application. Use it to register the filter:
@ApplicationPath("api")
public class ApiConfig extends Application {
@Override
public Set<Class<?>> getClasses() {
HashSet<Class<?>> classes = new HashSet<>();
classes.add(AuthenticationFilter.class);
...
return classes;
}
}
Upvotes: 7
Reputation: 364
I can't yet comment so this goes into an answer:
I don't understand how the @Secured mechanism works. Did you try to remove all @Secured annotations? The filter should then be active for all endpoints.
If it still does not work most probably you will have to register it manually in your application.
If it does work afterwards you have at least a hint on where to look for the problem ...
Upvotes: 0