主页
产品
Red Hat JBoss Enterprise Application Platform
7.3
Developing Web Services Applications
2.15.3. 设置编程安全性

2.15.3. 设置编程安全性

JAX-RS 包含用于收集有关安全请求的安全信息的编程 API。javax.ws.rs.core.SecurityContext 界面有一个方法来确定进行安全 HTTP 调用的用户的身份。它还允许您检查当前用户是否属于某个角色：

public interface SecurityContext {

   public Principal getUserPrincipal();
   public boolean isUserInRole(String role);
   public boolean isSecure();
   public String getAuthenticationScheme();
}

public interface SecurityContext {

   public Principal getUserPrincipal();
   public boolean isUserInRole(String role);
   public boolean isSecure();
   public String getAuthenticationScheme();
}

Copy to Clipboard

Toggle word wrap

您可以通过利用 @ Context 注释将它注入字段、setter 方法或资源方法参数来访问 SecurityContext 实例。

@Path("test")
public class SecurityContextResource {
    @Context
    SecurityContext securityContext;

    @GET
    @Produces("text/plain")
    public String get() {
        if (!securityContext.isUserInRole("admin")) {
            throw new WebApplicationException(Response.serverError().status(HttpResponseCodes.SC_UNAUTHORIZED)
                    .entity("User " + securityContext.getUserPrincipal().getName() + " is not authorized").build());
        }
        return "Good user " + securityContext.getUserPrincipal().getName();
    }
}

@Path("test")
public class SecurityContextResource {
    @Context
    SecurityContext securityContext;

    @GET
    @Produces("text/plain")
    public String get() {
        if (!securityContext.isUserInRole("admin")) {
            throw new WebApplicationException(Response.serverError().status(HttpResponseCodes.SC_UNAUTHORIZED)
                    .entity("User " + securityContext.getUserPrincipal().getName() + " is not authorized").build());
        }
        return "Good user " + securityContext.getUserPrincipal().getName();
    }
}

Copy to Clipboard

Toggle word wrap

返回顶部

2.15.3. 设置编程安全性

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links