How do I get JSON RPC Request body from HttpServletRequest in Spring Security method
323 views
Skip to first unread message
JavaDeveloper
Jul 28, 2012, 5:33:06 PM7/28/12
to json...@googlegroups.com
I am implementing Spring Security around JSON PRC server methods. I will like to get method name, and method parameters from the request body inside the security method for authorization checking. But when I use stream reader to read the request body. I get no data and exception that say something like ... "Request has already been read.", The exception happens after the doFilter method of Spring Security is executed
Does any one knows how to use Spring servlet security on services that are exposed via JSONServiceExporter and get request body in the security method"
My security method and class is as follow:
public class RestApiAccessFilter extends OncePerRequestFilter {
private AuthUtil authUtil;
private SignatureService signatureService;
private AuthenticationService.Iface authenticationService;
private static final Logger LOGGER = LoggerFactory.getLogger(RestApiAccessFilter.class);
private AuthenticationService.Client authenticationClient;
private static String[] SIGNATURE_EXCLUDED_METHODS = {"createSignature"};
private String targetMethod;
private String apiKey;
public RestApiAccessFilter() {
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
// In here I want to get Request body from HttpServletRquest, change it JSONObject and get "method" tag value and parameters
getRequestBody(request, resposne) // See below
filterChain.doFilter(request, response);
}
String getRequestBody(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException {
StringBuilder requestBuilder = new StringBuilder();
BufferedReader buffReader = null;
char[] charBuffer = new char[128];
int bytesRead;
String lineRead;
try {
buffReader = request.getReader();
while ((bytesRead = buffReader.read(charBuffer)) != -1) {
requestBuilder.append(charBuffer, 0, bytesRead);
}
} catch (IOException ex) {
throw ex;
} finally {
if (buffReader != null) {
buffReader.close();
}
}
return requestBuilder.toString();
}
}
The request is as the following example:
{
"id":1,
"jsonrpc":"2.0",
"method":"getAdvertiserById",
"params":[
"5625faa2-32d5-4586-a664-74abf3ca55ec",
"USA",
"123",
false
]
}
Your help is greatly appreciated
Does any one knows how to use Spring servlet security on services that are exposed via JSONServiceExporter and get request body in the security method"
My security method and class is as follow:
public class RestApiAccessFilter extends OncePerRequestFilter {
private AuthUtil authUtil;
private SignatureService signatureService;
private AuthenticationService.Iface authenticationService;
private static final Logger LOGGER = LoggerFactory.getLogger(RestApiAccessFilter.class);
private AuthenticationService.Client authenticationClient;
private static String[] SIGNATURE_EXCLUDED_METHODS = {"createSignature"};
private String targetMethod;
private String apiKey;
public RestApiAccessFilter() {
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
// In here I want to get Request body from HttpServletRquest, change it JSONObject and get "method" tag value and parameters
getRequestBody(request, resposne) // See below
filterChain.doFilter(request, response);
}
String getRequestBody(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException {
StringBuilder requestBuilder = new StringBuilder();
BufferedReader buffReader = null;
char[] charBuffer = new char[128];
int bytesRead;
String lineRead;
try {
buffReader = request.getReader();
while ((bytesRead = buffReader.read(charBuffer)) != -1) {
requestBuilder.append(charBuffer, 0, bytesRead);
}
} catch (IOException ex) {
throw ex;
} finally {
if (buffReader != null) {
buffReader.close();
}
}
return requestBuilder.toString();
}
}
The request is as the following example:
{
"id":1,
"jsonrpc":"2.0",
"method":"getAdvertiserById",
"params":[
"5625faa2-32d5-4586-a664-74abf3ca55ec",
"USA",
"123",
false
]
}
Your help is greatly appreciated
Reply all
Reply to author
Forward
0 new messages