小编Fra*_*ank的帖子

对于RESTful企业应用程序,我需要对所有调用进行身份验证,但我无法提供系统所有用户都具有的通用组/ rolt.我通过LDAP进行身份验证和授权(这不应该对此问题产生影响).

如果我在下面的web.xml中留下注释掉的元素,我根本不会得到任何身份验证.如何在不需要共同角色的情况下进行身份验证？此外,空的auth-consraint不起作用.

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation=" http://java.sun.com/xml/ns/javaee       http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <context-param>
        <!-- fpe: This one is necessary. -->
        <param-name>resteasy.role.based.security</param-name>
        <param-value>true</param-value>
    </context-param>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Resteasy</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
            <http-method>DELETE</http-method>
        </web-resource-collection>
<!--        <auth-constraint> -->
<!--            <role-name>*</role-name> -->
<!--        </auth-constraint> -->
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>Login</realm-name>
    </login-config>
<!--    <security-role> -->
<!--        <role-name>the_common_role</role-name> -->
<!--    </security-role> -->
</web-app>

我正在尝试验证在JBoss AS 7中运行的应用程序中通过我的(合同优先)REST接口传来的所有传入XML文件.我编写了一个用于Pretty-Printing的@Decorator(如JBoss RESTeasy文档中的示例)和一个类似的用于为unmarshaller打开XML模式验证.不幸的是,unmarshaller的装饰器从未被调用过.

以下是Pretty Decorator的代码:

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

import javax.xml.bind.Marshaller;

import org.jboss.resteasy.annotations.Decorator;

@Target({ElementType.TYPE, ElementType.METHOD, ElementType.PARAMETER, ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
@Decorator(processor = PrettyProcessor.class, target = Marshaller.class)
public @interface Pretty {}

并实施:

import java.lang.annotation.Annotation;

import javax.ws.rs.core.MediaType;
import javax.xml.bind.Marshaller;
import javax.xml.bind.PropertyException;

import org.apache.log4j.Logger;
import org.jboss.resteasy.annotations.DecorateTypes;
import org.jboss.resteasy.spi.interception.DecoratorProcessor;

@DecorateTypes({ "text/*+xml", "application/*+xml", MediaType.APPLICATION_XML, MediaType.TEXT_XML })
public class PrettyProcessor implements DecoratorProcessor<Marshaller, Pretty> {
    private static final Logger LOGGER = Logger.getLogger(PrettyProcessor.class);

    @Override
    public Marshaller decorate(Marshaller target, Pretty annotation, Class type, Annotation[] annotations, MediaType …