我参加了很多论坛来了解流程,但仍然对正确的流程感到困惑。我正在使用Dropwizard,首先我想从REST API获取令牌(用户名和密码将在基本身份验证中提供),然后下次将此令牌传递到每个请求中。主班 environment.jersey() .register( new AuthDynamicFeature( new JwtAuthFilter.Builder<User>() .setAuthenticator(new MarginCalcAuthenticator()) .setAuthorizer( new CalcAuthorizer()) .setRealm("BASIC-AUTH-REALM") .buildAuthFilter()));environment.jersey().register(RolesAllowedDynamicFeature.class); environment.jersey().register(new AuthValueFactoryProvider.Binder<User>(User.class));AuthFilter@Priority(Priorities.AUTHENTICATION)public class JwtAuthFilter<P extends Principal> extends AuthFilter<JWTCredentials, P> { private static final Logger LOGGER = LoggerFactory.getLogger(JwtAuthFilter.class); public static final String AUTHENTICATION_HEADER = "Authorization"; @Override public void filter(final ContainerRequestContext requestContext) throws IOException { String authCredentials = requestContext.getHeaderString(AUTHENTICATION_HEADER);认证者public class CalcAuthenticator implements Authenticator<JWTCredentials, User> { public Optional<User> authenticate(JWTCredentials credentials) throws AuthenticationException { AdminAuthenticationService authService = new AdminAuthenticationService(); User userObj = authService.authenticate(credentials.getJwtToken()); if (userObj == null) { throw new WebApplicationException(Status.UNAUTHORIZED); } return Optional.of(userObj); }}我正在从Postman调试,它正在击中我的API genToken,但它从未出现在JwtAuthFilter或CalcAuthenticator中。谁能帮助我了解流程?我想了解流程。
1 回答
小怪兽爱吃肉
TA贡献1852条经验 获得超1个赞
使用@RolesAllowed(或其他任何authz anno)注释的类或方法是身份验证所必需的。auth仅在您告诉它的方法(或类)上完成。
流程 在环境中注册过滤器,身份验证器等->启动服务器->从UI或邮递员请求令牌->它将命中AuthFilter->您可以调用身份验证器进行令牌验证->身份验证请求并发送响应因此。
添加回答
举报
0/150
提交
取消