I'm using Resteasy's client framework and I have some methods which require authentication to the server. The authentication is achieved via a session ticket and this ticket must be included as a query parameter in the request URL. By default solution I need to pass the ticket to all my service calls as follows:
@Path("/services")
public class MyServiceClient {
@POST
@Path("service1")
public void callService1(@QueryParam("ticket") String ticket);
@GET
@Path("service2")
@Produces("text/plain")
pub开发者_运维技巧lic String callService2(@QueryParam("ticket") String ticket, ...);
}
But I don't want to pass the ticket parameter to each of my service calls. I need a solution to set it as a query parameter for each of these calls in a common way. So, my service call methods will only take actual service parameters except the ticket. But, when a service is requested the ticket will be included at the request URL.
Is there a way to do this?
Thanks in advance.
I have the same situation. Sorry for resurrecting an old thread, but anyway...
Instead of putting the ticket on the query string, why not include it as an HTTP header, specifically, an Authorization header like this:
Authorization: Token ABCD1234-1234-1234-1234-ABCD1234ABCD
You could also accept Basic auth too. This let's you exercise the API from a web browser without any fancy plugins or extensions. The header would look like this:
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
Then, in your server-side code, use an HttpServletFilter to guard all access to your RestEasyServlet. In the doFilter method, read the Authorization header. Only call chain.doFilter (which will pass the request on to the RestEasyServlet) if the header checks out. If it's not there or expired or invalid, etc, then from your filter return an HTTP 401.
If your auth header starts with "Token ", strip off the first six chars and then grab the rest of the value and do a lookup in your session database table or Map. If it's in there and not expired, then let them through.
If your auth header starts with "Basic ", strip off the first six chars and Base64 decode the rest. Split on the ":" and use the two tokens to look the user up in your database.
I also cheat a little in my filter. Since I have to look that token (or username/password) up from a database anyway, I create a User object from the ResultSet and store it in a ThreadLocal on the filter. I then provide a static method on my filter that let's me access the "current user" from anywhere else in the JVM. I use a try/finally in my filter to clear the ThreadLocal so that it'll always get cleared out after the request is finished.
I think you can bind @PathParams to the enclosing class so they can be used in each method without redeclaration. I've never tried it but saw an example, here: http://www.mastertheboss.com/web-interfaces/309-handling-web-parameters-with-resteasy.html
精彩评论