Unable to retrieve post data using ,@Context HttpServletRequest when passed to OAuthTokenRequest using Oltu

心不动则不痛 提交于 2019-12-20 11:55:11

问题


I'm using Oltu for Oauth2.

When using @Context HttpServletRequest request I am unable to retrieve post data

When I am using @FormParam I am able to retrieve post data.

On passing request to OAuthTokenRequest

OAuthTokenRequest oauthRequest = new OAuthTokenRequest(request);

I am getting following error

{"error":"invalid_request","error_description":"Missing grant_type parameter value"}

When debugging on the oltu OAuthTokenRequest class following code is used to retrive param value

public String getParam(String name) {
        return this.request.getParameter(name); // from request it is unable to get post data.As i am getting request object using  @Context HttpServletRequest request .
    }

It is said that using @Context HttpServletRequest request it is not possible to get post data for using @Context HttpServletRequest request So, my question is

How to get HttpServletRequest request with post data in jax-ws so that I can pass HttpServletRequest request to OAuthTokenRequest This is my code

@Path("/token")
public class TokenEndpoint {

 @POST
    @Consumes("application/x-www-form-urlencoded")
    @Produces("application/json")
    public Response authorize(@FormParam("state") String state,@Context HttpServletRequest request) throws OAuthSystemException {
        try {
        // here I am unable to get value of request.getParameter("state") 
       // but using (@FormParam("state") I am able to get value of post parameter state
            request.getParameter("state");
            // exception is thrown from following code 
            OAuthTokenRequest oauthRequest = new OAuthTokenRequest(request);

回答1:


Found a workaround (read the comments).

OLTU Issue #26

Jersey is consuming the POST data.
The solution is to wrap the HttpServletRequest and override getParameters().
This is the wrapper:

public class OAuthRequestWrapper extends HttpServletRequestWrapper {

    private MultivaluedMap<String, String> form;

    public OAuthRequestWrapper(HttpServletRequest request, MultivaluedMap<String, String> form)
    { super(request); this.form = form; }

    @Override
    public String getParameter(String name) {
        String value = super.getParameter(name);
        if (value == null)
        { value = form.getFirst(name); }
        return value;
    }
}

And this is how to implement the token POST method:

@POST
@Path("/token")
@Consumes("application/x-www-form-urlencoded")
@Produces("application/json")
public Response token(@Context HttpServletRequest request, MultivaluedMap<String, String> form) {   

    [...]

    OAuthTokenRequest oauthRequest = new OAuthTokenRequest(new OAuthRequestWrapper(request, form));

    [...]

}



回答2:


There's also the issue of the resource server endpoint failing to retrieve token values from post requests (jersey as jax-rs implementation), this is because validator interface implementations in the resource server code use

httpServletRequest.getParameterValues(param);

this issue can be worked around by overriding String[] getParameterValues(String) in the same HttpServletRequestWrapper proposed by Matteo, note the extra condition, it's important for catching empty token requests (the method should return null if no token is passed):

@Override
public String[] getParameterValues(String name) {
    String[] values = super.getParameterValues(name);
    if(values == null && form.get(name) != null){
        values = new String[form.get(name).size()];
        values = form.get(name).toArray(values);
    }
    return values;
}

relevant in apache oltu 1.0.0




回答3:


I found another option to this limitation of not being able to get the parameters required for oltu in a JAX-RS handler.

Instead of using a HttpServletRequestWrapper object, simply call the HttpServletRequest.getParameterMap() method inside of your WebFilter implementation. This will load the request object's cached parameter map with all of the request's parameters, making these parameters available for the life of this request object.

I prefer this method since it makes the JAX-RS handler cleaner, and I'm already using a WebFilter to deny access to all non-oauth requests without a valid token.

I've verified this works in both Jersey and CXF.



来源:https://stackoverflow.com/questions/22376810/unable-to-retrieve-post-data-using-context-httpservletrequest-when-passed-to-o

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!