|
此版本仍在开发中,尚未被视为稳定版本。对于最新的稳定版本,请使用 Spring Boot 3.4.3! |
Jersey
使用 Spring Security 保护 Jersey 端点
Spring Security 可用于保护基于 Jersey 的 Web 应用程序,其方式与用于保护基于 Spring MVC 的 Web 应用程序的方式大致相同。
但是,如果要将 Spring Security 的方法级安全性与 Jersey 一起使用,则必须将 Jersey 配置为使用setStatus(int)而sendError(int).
这可以防止 Jersey 在 Spring Security 有机会向 Client 端报告身份验证或授权失败之前提交响应。
这jersey.config.server.response.setStatusOverSendErrorproperty 必须设置为true在应用程序的ResourceConfigbean,如以下示例所示:
import java.util.Collections;
import org.glassfish.jersey.server.ResourceConfig;
import org.springframework.stereotype.Component;
@Component
public class JerseySetStatusOverSendErrorConfig extends ResourceConfig {
public JerseySetStatusOverSendErrorConfig() {
register(Endpoint.class);
setProperties(Collections.singletonMap("jersey.config.server.response.setStatusOverSendError", true));
}
}
Use Jersey Alongside Another Web Framework
To use Jersey alongside another web framework, such as Spring MVC, it should be configured so that it will allow the other framework to handle requests that it cannot handle.
First, configure Jersey to use a filter rather than a servlet by configuring the spring.jersey.type application property with a value of filter.
Second, configure your ResourceConfig to forward requests that would have resulted in a 404, as shown in the following example.
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.servlet.ServletProperties;
import org.springframework.stereotype.Component;
@Component
public class JerseyConfig extends ResourceConfig {
public JerseyConfig() {
register(Endpoint.class);
property(ServletProperties.FILTER_FORWARD_ON_404, true);
}
}