阜阳专业网站建设,黄冈网站建设流程,ppt模板免费下载 素材手机版,怎么做网站版面分析input发送a.jax在使用已可用的HTTP协议实施Web服务时#xff0c;REST带来了很多便利。 通过仅通过指定的URL触发GET#xff0c;POST和其他HTTP方法#xff0c;您将确保通过REST服务的响应来完成某些工作。 但是#xff0c;无论REST给开发人员带来了什么便利#xff0c;安全… input发送a.jax 在使用已可用的HTTP协议实施Web服务时REST带来了很多便利。 通过仅通过指定的URL触发GETPOST和其他HTTP方法您将确保通过REST服务的响应来完成某些工作。 但是无论REST给开发人员带来了什么便利安全性和访问控制的主题都应始终得到解决。 本文将向您展示如何使用HTTP标头和JAX-RS 2.0拦截器来实现基于用户的简单身份验证。 认证者 让我们从一个Authenticator类开始。 该带有以下代码的DemoAuthenticator提供了必要的方法用于对请求访问REST Web服务的所有用户进行身份验证。 请通读代码并在此处提供注释以指导理解。 DemoAuthenticator的代码 package com.developerscrappad.business;import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import java.security.GeneralSecurityException;
import javax.security.auth.login.LoginException;public final class DemoAuthenticator {private static DemoAuthenticator authenticator null;// A user storage which stores username, passwordprivate final MapString, String usersStorage new HashMap();// A service key storage which stores service_key, usernameprivate final MapString, String serviceKeysStorage new HashMap();// An authentication token storage which stores service_key, auth_token.private final MapString, String authorizationTokensStorage new HashMap();private DemoAuthenticator() {// The usersStorage pretty much represents a user table in the databaseusersStorage.put( username1, passwordForUser1 );usersStorage.put( username2, passwordForUser2 );usersStorage.put( username3, passwordForUser3 );/*** Service keys are pre-generated by the system and is given to the* authorized client who wants to have access to the REST API. Here,* only username1 and username2 is given the REST service access with* their respective service keys.*/serviceKeysStorage.put( f80ebc87-ad5c-4b29-9366-5359768df5a1, username1 );serviceKeysStorage.put( 3b91cab8-926f-49b6-ba00-920bcf934c2a, username2 );}public static DemoAuthenticator getInstance() {if ( authenticator null ) {authenticator new DemoAuthenticator();}return authenticator;}public String login( String serviceKey, String username, String password ) throws LoginException {if ( serviceKeysStorage.containsKey( serviceKey ) ) {String usernameMatch serviceKeysStorage.get( serviceKey );if ( usernameMatch.equals( username ) usersStorage.containsKey( username ) ) {String passwordMatch usersStorage.get( username );if ( passwordMatch.equals( password ) ) {/*** Once all params are matched, the authToken will be* generated and will be stored in the* authorizationTokensStorage. The authToken will be needed* for every REST API invocation and is only valid within* the login session*/String authToken UUID.randomUUID().toString();authorizationTokensStorage.put( authToken, username );return authToken;}}}throw new LoginException( Dont Come Here Again! );}/*** The method that pre-validates if the client which invokes the REST API is* from a authorized and authenticated source.** param serviceKey The service key* param authToken The authorization token generated after login* return TRUE for acceptance and FALSE for denied.*/public boolean isAuthTokenValid( String serviceKey, String authToken ) {if ( isServiceKeyValid( serviceKey ) ) {String usernameMatch1 serviceKeysStorage.get( serviceKey );if ( authorizationTokensStorage.containsKey( authToken ) ) {String usernameMatch2 authorizationTokensStorage.get( authToken );if ( usernameMatch1.equals( usernameMatch2 ) ) {return true;}}}return false;}/*** This method checks is the service key is valid** param serviceKey* return TRUE if service key matches the pre-generated ones in service key* storage. FALSE for otherwise.*/public boolean isServiceKeyValid( String serviceKey ) {return serviceKeysStorage.containsKey( serviceKey );}public void logout( String serviceKey, String authToken ) throws GeneralSecurityException {if ( serviceKeysStorage.containsKey( serviceKey ) ) {String usernameMatch1 serviceKeysStorage.get( serviceKey );if ( authorizationTokensStorage.containsKey( authToken ) ) {String usernameMatch2 authorizationTokensStorage.get( authToken );if ( usernameMatch1.equals( usernameMatch2 ) ) {/*** When a client logs out, the authentication token will be* remove and will be made invalid.*/authorizationTokensStorage.remove( authToken );return;}}}throw new GeneralSecurityException( Invalid service key and authorization token match. );}
} 通用代码说明 通常只有几个重要的项目组成了身份验证器即 服务密钥 授权令牌 用户名和密码 。 用户名和密码通常成对使用。 服务密钥 服务密钥对于某些读者而言可能是新的。 在某些公共REST API服务中系统会生成一个服务密钥有时也称为API密钥然后将其发送到允许访问REST服务的用户/客户端通过电子邮件或其他方式。 因此除了仅使用用户名和密码登录REST服务外系统还将检查服务密钥是否允许用户/客户端访问REST API。 用户名密码和服务密钥均已在上面的代码中预定义仅用于演示目的。 授权令牌 进行身份验证后通过login方法系统将为已身份验证的用户生成授权令牌。 该令牌通过HTTP响应传递回用户/客户端以后将用于任何REST API调用。 用户/客户端将必须找到一种方法来在整个登录会话中进行存储和使用。 我们稍后再讨论。 必需的HTTP标头名称定义 向前发展而不是将服务密钥和授权令牌作为HTTP参数Form或Query传递给服务器端应用程序我们将其作为HTTP Header传递。 这是为了让请求在被目标REST方法处理之前先被过滤。 HTTP标头的名称如下 HTTP标头名称 描述 service_key 使HTTP客户端能够访问REST Web服务的服务密钥。 这是认证和授权HTTP请求的第一层。 auth_token 在用户名/密码认证时生成的令牌该令牌将用于任何REST Web Service调用稍后显示的认证方法除外。 REST API实施 为了方便和进一步减少代码错误我们将HTTP标头名称作为静态最终变量放入接口中以供其余类使用。 DemoHTTPHeaderNames.java的代码 package com.developerscrappad.intf;public interface DemoHTTPHeaderNames {public static final String SERVICE_KEY service_key;public static final String AUTH_TOKEN auth_token;
} 为了实现身份验证过程和其他演示方法在DemoBusinessRESTResourceProxy中定义了方法的签名在适当的HTTP方法参数中定义了业务签名并在DemoBusinessRESTResource中定义了业务实现。 DemoBusinessRESTResourceProxy.java的代码 package com.developerscrappad.intf;import java.io.Serializable;
import javax.ejb.Local;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;Local
Path( demo-business-resource )
public interface DemoBusinessRESTResourceProxy extends Serializable {POSTPath( login )Produces( MediaType.APPLICATION_JSON )public Response login(Context HttpHeaders httpHeaders,FormParam( username ) String username,FormParam( password ) String password );GETPath( demo-get-method )Produces( MediaType.APPLICATION_JSON )public Response demoGetMethod();POSTPath( demo-post-method )Produces( MediaType.APPLICATION_JSON )public Response demoPostMethod();POSTPath( logout )public Response logout(Context HttpHeaders httpHeaders);
} DemoBusinessRESTResource.java的代码 package com.developerscrappad.business;import com.developerscrappad.intf.DemoBusinessRESTResourceProxy;
import com.developerscrappad.intf.DemoHTTPHeaderNames;
import java.security.GeneralSecurityException;
import javax.ejb.Stateless;
import javax.json.Json;
import javax.json.JsonObject;
import javax.json.JsonObjectBuilder;
import javax.security.auth.login.LoginException;
import javax.ws.rs.FormParam;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;Stateless( name DemoBusinessRESTResource, mappedName ejb/DemoBusinessRESTResource )
public class DemoBusinessRESTResource implements DemoBusinessRESTResourceProxy {private static final long serialVersionUID -6663599014192066936L;Overridepublic Response login(Context HttpHeaders httpHeaders,FormParam( username ) String username,FormParam( password ) String password ) {DemoAuthenticator demoAuthenticator DemoAuthenticator.getInstance();String serviceKey httpHeaders.getHeaderString( DemoHTTPHeaderNames.SERVICE_KEY );try {String authToken demoAuthenticator.login( serviceKey, username, password );JsonObjectBuilder jsonObjBuilder Json.createObjectBuilder();jsonObjBuilder.add( auth_token, authToken );JsonObject jsonObj jsonObjBuilder.build();return getNoCacheResponseBuilder( Response.Status.OK ).entity( jsonObj.toString() ).build();} catch ( final LoginException ex ) {JsonObjectBuilder jsonObjBuilder Json.createObjectBuilder();jsonObjBuilder.add( message, Problem matching service key, username and password );JsonObject jsonObj jsonObjBuilder.build();return getNoCacheResponseBuilder( Response.Status.UNAUTHORIZED ).entity( jsonObj.toString() ).build();}}Overridepublic Response demoGetMethod() {JsonObjectBuilder jsonObjBuilder Json.createObjectBuilder();jsonObjBuilder.add( message, Executed demoGetMethod );JsonObject jsonObj jsonObjBuilder.build();return getNoCacheResponseBuilder( Response.Status.OK ).entity( jsonObj.toString() ).build();}Overridepublic Response demoPostMethod() {JsonObjectBuilder jsonObjBuilder Json.createObjectBuilder();jsonObjBuilder.add( message, Executed demoPostMethod );JsonObject jsonObj jsonObjBuilder.build();return getNoCacheResponseBuilder( Response.Status.ACCEPTED ).entity( jsonObj.toString() ).build();}Overridepublic Response logout(Context HttpHeaders httpHeaders ) {try {DemoAuthenticator demoAuthenticator DemoAuthenticator.getInstance();String serviceKey httpHeaders.getHeaderString( DemoHTTPHeaderNames.SERVICE_KEY );String authToken httpHeaders.getHeaderString( DemoHTTPHeaderNames.AUTH_TOKEN );demoAuthenticator.logout( serviceKey, authToken );return getNoCacheResponseBuilder( Response.Status.NO_CONTENT ).build();} catch ( final GeneralSecurityException ex ) {return getNoCacheResponseBuilder( Response.Status.INTERNAL_SERVER_ERROR ).build();}}private Response.ResponseBuilder getNoCacheResponseBuilder( Response.Status status ) {CacheControl cc new CacheControl();cc.setNoCache( true );cc.setMaxAge( -1 );cc.setMustRevalidate( true );return Response.status( status ).cacheControl( cc );}
} login方法用于验证用户名密码以及正确的服务密钥。 在login之后 将生成授权令牌并将其返回给客户端。 客户端稍后将不得不将其用于任何其他方法调用。 demoGetMethod和demoPostMethod只是伪方法它们出于演示目的返回JSON消息但有一个特殊条件即必须存在有效的授权令牌。 logout方法用于使用户退出REST服务 用户由“ auth_token ”标识。 服务密钥和授权令牌将通过以下方式提供给REST服务方法 Context HttpHeaders httpHeaders httpHeaders是javax.ws.rs.core.HttpHeaders的实例是一个对象其中包含标题名称和值供以后使用该应用程序使用。 但是为了使REST服务接受HTTP标头首先需要通过REST请求拦截器和响应拦截器来完成某些操作。 通过JAX-RS 2.0拦截器使用HTTP标头进行身份验证 由于某些安全限制只是不要希望可以使用任何REST客户端传递任何HTTP标头并希望REST服务接受它。 就是那样行不通。 为了使特定的标头在REST服务中被接受我们必须非常明确地在响应过滤器拦截器中定义HTTP标头的接受。 DemoRESTResponseFilter.java的代码 package com.developerscrappad.interceptors;import com.developerscrappad.intf.DemoHTTPHeaderNames;
import java.io.IOException;
import java.util.logging.Logger;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.ext.Provider;Provider
PreMatching
public class DemoRESTResponseFilter implements ContainerResponseFilter {private final static Logger log Logger.getLogger( DemoRESTResponseFilter.class.getName() );Overridepublic void filter( ContainerRequestContext requestCtx, ContainerResponseContext responseCtx ) throws IOException {log.info( Filtering REST Response );responseCtx.getHeaders().add( Access-Control-Allow-Origin, * ); // You may further limit certain client IPs with Access-Control-Allow-Origin instead of *responseCtx.getHeaders().add( Access-Control-Allow-Credentials, true );responseCtx.getHeaders().add( Access-Control-Allow-Methods, GET, POST, DELETE, PUT );responseCtx.getHeaders().add( Access-Control-Allow-Headers, DemoHTTPHeaderNames.SERVICE_KEY , DemoHTTPHeaderNames.AUTH_TOKEN );}
} DemoRESTResponseFilter是一个实现ContainerResponseFilter的JAX-RS 2.0拦截器。 不要忘记同时使用Provide和PreMatching对其进行注释。 为了允许接受某些特定的自定义HTTP标头标头名称“ Access-Control-Allow-Headers ”后跟带有“”的标头值因为分隔符必须作为自定义标头值的一部分添加。 这是通知浏览器或REST客户端允许的自定义标头的方法。 其余的标头用于CORS您可以在我们的文章Java EE 7 / JAX-RS 2.0 – REST上的CORS如何使REST API从其他域访问中 。 接下来要验证和验证服务密钥和授权令牌我们需要从HTTP标头中将其提取出来并使用请求过滤器拦截器对其进行预处理。 DemoRESTRequestFilter的代码 package com.developerscrappad.interceptors;import com.developerscrappad.business.DemoAuthenticator;
import com.developerscrappad.intf.DemoHTTPHeaderNames;
import java.io.IOException;
import java.util.logging.Logger;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;Provider
PreMatching
public class DemoRESTRequestFilter implements ContainerRequestFilter {private final static Logger log Logger.getLogger( DemoRESTRequestFilter.class.getName() );Overridepublic void filter( ContainerRequestContext requestCtx ) throws IOException {String path requestCtx.getUriInfo().getPath();log.info( Filtering request path: path );// IMPORTANT!!! First, Acknowledge any pre-flight test from browsers for this case before validating the headers (CORS stuff)if ( requestCtx.getRequest().getMethod().equals( OPTIONS ) ) {requestCtx.abortWith( Response.status( Response.Status.OK ).build() );return;}// Then check is the service key exists and is valid.DemoAuthenticator demoAuthenticator DemoAuthenticator.getInstance();String serviceKey requestCtx.getHeaderString( DemoHTTPHeaderNames.SERVICE_KEY );if ( !demoAuthenticator.isServiceKeyValid( serviceKey ) ) {// Kick anyone without a valid service keyrequestCtx.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build() );return;}// For any pther methods besides login, the authToken must be verifiedif ( !path.startsWith( /demo-business-resource/login/ ) ) {String authToken requestCtx.getHeaderString( DemoHTTPHeaderNames.AUTH_TOKEN );// if it isnt valid, just kick them out.if ( !demoAuthenticator.isAuthTokenValid( serviceKey, authToken ) ) {requestCtx.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build() );}}}
} 要获取标头值我们调用ContainerRequestContext对象实例的getHeaderString方法例如 String serviceKey requestCtx.getHeaderString( service_key ); DemoRESTRequestFilter中的其余代码在验证和验证服务密钥和授权令牌方面非常简单。 REST服务部署 不要忘记定义用于启用REST服务的web.xml。 web.xml的代码 javax.ws.rs.core.Application1javax.ws.rs.core.Application/rest-api/* 对于本演示我将编译后的代码打包到一个名为RESTSecurityWithHTTPHeaderDemo.war的war文件中。 我选择在开发人员域crappad.com此博客的域上的Glassfish 4.0上进行部署。 如果您正在阅读本教程中的所有内容则可以选择自己的其他域。 REST API URL将采用以下格式 http://domain:port/RESTSecurityWithHTTPHeaderDemo/rest-api/path/method-path/ 无论如何我正在使用的测试客户端的URL摘要是 方法 REST URL HTTP方法 DemoBusinessRESTResourceProxy.login http://developerscrappad.com:8080/RESTSecurityWithHTTPHeaderDemo/rest-api/demo-business-resource/login/ 开机自检 DemoBusinessRESTResourceProxy。 demoGetMethod http://developerscrappad.com:8080/RESTSecurityWithHTTPHeaderDemo/rest-api/demo-business-resource/demo-get-method/ 得到 DemoBusinessRESTResourceProxy。 demoPostMethod http://developerscrappad.com:8080/RESTSecurityWithHTTPHeaderDemo/rest-api/demo-business-resource/demo-post-method/ 开机自检 DemoBusinessRESTResourceProxy.logout http://developerscrappad.com:8080/RESTSecurityWithHTTPHeaderDemo/rest-api/demo-business-resource/logout/ 开机自检 REST客户端 总而言之这是我编写的用于测试REST API的REST客户端。 REST客户端只是一个HTML文件特别是HTML5它支持Web存储该文件利用jQuery进行REST API调用。 REST客户端的作用如下 首先REST客户端将在没有服务密钥和授权令牌的情况下进行REST API调用。 呼叫将被拒绝HTTP状态为401未授权 接下来它将使用“ username2”的特定服务密钥目前在Authenticator.java中进行硬编码执行登录。 收到授权令牌后它将被存储在sessionStorage中以备将来使用。 然后它将调用虚拟的get和post方法。 之后它将执行注销 用户注销后客户端将执行对虚拟get and post方法的调用但是由于授权令牌的到期访问将被HTTP状态401拒绝。 rest-auth-test.html的代码 htmlheadtitleREST Authentication Tester/titlemeta charsetUTF-8/headbodydiv idlogMsgDiv/divscript srchttp://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js/scriptscript typetext/javascriptvar $ jQuery.noConflict();// Disable async$.ajaxSetup( { async: false } );// Using Service Key 3b91cab8-926f-49b6-ba00-920bcf934c2a and username2// This is what happens when there you call the REST APIs without a service key and authorisation token$.ajax( {cache: false,crossDomain: true,url: http://www.developerscrappad.com:8080/RESTSecurityWithHTTPHeaderDemo/rest-api/demo-business-resource/demo-post-method/,type: POST,success: function( jsonObj, textStatus, xhr ) {var htmlContent $( #logMsgDiv ).html( ) p stylecolor: red;If this is portion is executed, something must be wrong/p;$( #logMsgDiv ).html( htmlContent );},error: function( xhr, textStatus, errorThrown ) {var htmlContent $( #logMsgDiv ).html( ) p stylecolor: red;This is what happens when there you call the REST APIs without a service key and authorisation token. br /HTTP Status: xhr.status , Unauthorized access to demo-post-method/p;$( #logMsgDiv ).html( htmlContent );}} );// Performing login with username2 and passwordForUser2$.ajax( {cache: false,crossDomain: true,headers: {service_key: 3b91cab8-926f-49b6-ba00-920bcf934c2a},dataType: json,url: http://www.developerscrappad.com:8080/RESTSecurityWithHTTPHeaderDemo/rest-api/demo-business-resource/login/,type: POST,data: {username: username2,password: passwordForUser2},success: function( jsonObj, textStatus, xhr ) {sessionStorage.auth_token jsonObj.auth_token;var htmlContent $( #logMsgDiv ).html( ) pPerform Login. Gotten auth-token as: sessionStorage.auth_token /p;$( #logMsgDiv ).html( htmlContent );},error: function( xhr, textStatus, errorThrown ) {console.log( HTTP Status: xhr.status );console.log( Error textStatus: textStatus );console.log( Error thrown: errorThrown );}} );// After login, execute demoteGetMethod with the auth-token obtained$.ajax( {cache: false,crossDomain: true,headers: {service_key: 3b91cab8-926f-49b6-ba00-920bcf934c2a,auth_token: sessionStorage.auth_token},dataType: json,url: http://www.developerscrappad.com:8080/RESTSecurityWithHTTPHeaderDemo/rest-api/demo-business-resource/demo-get-method/,type: GET,success: function( jsonObj, textStatus, xhr ) {var htmlContent $( #logMsgDiv ).html( ) pAfter login, execute demoteGetMethod with the auth-token obtained. JSON Message: jsonObj.message /p;$( #logMsgDiv ).html( htmlContent );},error: function( xhr, textStatus, errorThrown ) {console.log( HTTP Status: xhr.status );console.log( Error textStatus: textStatus );console.log( Error thrown: errorThrown );}} );// Execute demoPostMethod with the auth-token obtained$.ajax( {cache: false,crossDomain: true,headers: {service_key: 3b91cab8-926f-49b6-ba00-920bcf934c2a,auth_token: sessionStorage.auth_token},dataType: json,url: http://www.developerscrappad.com:8080/RESTSecurityWithHTTPHeaderDemo/rest-api/demo-business-resource/demo-post-method/,type: POST,success: function( jsonObj, textStatus, xhr ) {var htmlContent $( #logMsgDiv ).html( ) pExecute demoPostMethod with the auth-token obtained. JSON message: jsonObj.message /p;$( #logMsgDiv ).html( htmlContent );},error: function( xhr, textStatus, errorThrown ) {console.log( HTTP Status: xhr.status );console.log( Error textStatus: textStatus );console.log( Error thrown: errorThrown );}} );// Lets logout after all the above. No content expected$.ajax( {cache: false,crossDomain: true,headers: {service_key: 3b91cab8-926f-49b6-ba00-920bcf934c2a,auth_token: sessionStorage.auth_token},url: http://www.developerscrappad.com:8080/RESTSecurityWithHTTPHeaderDemo/rest-api/demo-business-resource/logout/,type: POST,success: function( jsonObj, textStatus, xhr ) {var htmlContent $( #logMsgDiv ).html( ) pLets logout after all the above. No content expected./p;$( #logMsgDiv ).html( htmlContent );},error: function( xhr, textStatus, errorThrown ) {console.log( HTTP Status: xhr.status );console.log( Error textStatus: textStatus );console.log( Error thrown: errorThrown );}} );// This is what happens when someone reuses the authorisation token after a user had been logged out$.ajax( {cache: false,crossDomain: true,headers: {service_key: 3b91cab8-926f-49b6-ba00-920bcf934c2a,auth_token: sessionStorage.auth_token},url: http://www.developerscrappad.com:8080/RESTSecurityWithHTTPHeaderDemo/rest-api/demo-business-resource/demo-get-method/,type: GET,success: function( jsonObj, textStatus, xhr ) {var htmlContent $( #logMsgDiv ).html( ) p stylecolor: red;If this is portion is executed, something must be wrong/p;$( #logMsgDiv ).html( htmlContent );},error: function( xhr, textStatus, errorThrown ) {var htmlContent $( #logMsgDiv ).html( ) p stylecolor: red;This is what happens when someone reuses the authorisation token after a user had been logged out br /HTTP Status: xhr.status , Unauthorized access to demo-get-method/p;$( #logMsgDiv ).html( htmlContent );}} );/script/body
/html结果 rest-auth-test.html不需要与war文件打包在一起这是为了将调用客户端脚本与服务器端应用程序分开以模拟跨域请求。 要运行rest-auth-test.html您需要做的就是从Web浏览器执行它。 对我来说我已经通过Firefox使用Firebug插件完成了此操作结果如下 rest-auth-test.html的结果 效果很好。 第一个和最后一个请求将被拒绝为401未经授权HTTP状态因为它是在身份验证之前和注销之后执行的无效auth_token 。 最后的话 在JAX-RS 2.0应用程序中处理自定义HTTP标头时只需记住将自定义HTTP标头名称作为响应过滤器中“ Access-Control-Allow-Header ”的一部分包含在内即可。 Access-Control-Allow-Headers: custom_header_name1, custom_header_name2 之后可以通过REST上下文在javax.ws.rs.core.HttpHeaders的帮助下在REST Web服务方法中轻松获得HTTP标头。 不要忘记对CORS的限制和影响在REST请求和响应拦截器中都应注意这一点。 感谢您的阅读希望本文对您有所帮助。 相关文章 Java EE 7 / JAX-RS 2.0 – REST上的CORS如何使REST API从其他域访问 http://en.wikipedia.org/wiki/Cross-origin_resource_sharing http://www.html5rocks.com/zh-CN/tutorials/cors/ http://www.w3.org/TR/cors/ https://developer.mozilla.org/en/docs/HTTP/Access_control_CORS 翻译自: https://www.javacodegeeks.com/2014/10/java-ee-7-jax-rs-2-0-simple-rest-api-authentication-authorization-with-custom-http-header.htmlinput发送a.jax
