使用Jersey/Grizzly的基本HTTP身份验证 [英] Basic HTTP authentication with Jersey / Grizzly
问题描述
我已经使用JAX-RS,Jersey和Grizzly编写了一个简单的REST服务器.这是我启动服务器的方式:
I've written a simple REST server using JAX-RS, Jersey and Grizzly. This is how I start the server:
URI baseUri = UriBuilder.fromUri("http://localhost/api")
.port(8081)
.build();
ResourceConfig rc = new PackagesResourceConfig("se.aioobe.resources");
HttpServer httpServer = GrizzlyServerFactory.createHttpServer(baseUri, rc);
现在,我需要使用基本HTTP身份验证来保护资源,但我不知道该怎么做.
Now I need to protect the resources using Basic HTTP authentication, and I can't figure out how to do this.
如果更易于使用,我可以从Grizzly切换到Jetty,但我确实很看重Grizzly提供的简单配置/启动.
I can switch from Grizzly to for instance Jetty if it is simpler to get it to work, but I really value the simple configuration / start up that Grizzly provides.
我已经阅读了很多教程.他们都提到了web.xml,但是在我当前的配置中,我没有一个. (我需要为HTTP身份验证添加一个吗?)我发现以下 问题,它们都不起作用:-(
I've read a lot of tutorials. They all mention the web.xml but in my current configuration I don't have one. (Do I need to add one for HTTP authentication?) I've found the following questions, neither of them is of any help :-(
(目前不需要SSL.目前的身份验证仅是为了防止公众窥视我们的Beta.)
(No SSL required at this point. The authentication is at this point just to prevent the public from peeking at our beta.)
TL; DR :如何向Jersey/Grizzly Webapp添加基本的HTTP身份验证?
TL;DR: How do I add basic HTTP authentication to a Jersey / Grizzly webapp?
推荐答案
- Maven工件:
- jersey-server(v 1.17)
- jersey-grizzly2(v 1.17)
- Maven artifacts:
- jersey-server (v 1.17)
- jersey-grizzly2 (v 1.17)
我创建了这个
ContainerRequestFilter:public class AuthFilter implements ContainerRequestFilter { // Exception thrown if user is unauthorized. private final static WebApplicationException unauthorized = new WebApplicationException( Response.status(Status.UNAUTHORIZED) .header(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"realm\"") .entity("Page requires login.").build()); @Override public ContainerRequest filter(ContainerRequest containerRequest) throws WebApplicationException { // Automatically allow certain requests. String method = containerRequest.getMethod(); String path = containerRequest.getPath(true); if (method.equals("GET") && path.equals("application.wadl")) return containerRequest; // Get the authentication passed in HTTP headers parameters String auth = containerRequest.getHeaderValue("authorization"); if (auth == null) throw unauthorized; auth = auth.replaceFirst("[Bb]asic ", ""); String userColonPass = Base64.base64Decode(auth); if (!userColonPass.equals("admin:toHah1ooMeor6Oht")) throw unauthorized; return containerRequest; } }然后我更改了启动代码以包括过滤器:
And I then changed the startup code to include the filter:
URI baseUri = UriBuilder.fromUri("http://localhost/api") .port(8081) .build(); ResourceConfig rc = new PackagesResourceConfig("se.aioobe.resources"); // Add AuthFilter //////////// rc.getProperties().put("com.sun.jersey.spi.container.ContainerRequestFilters", "<YOUR PACKAGE FOR AuthFilter>.AuthFilter"); ////////////////////////////// HttpServer httpServer = GrizzlyServerFactory.createHttpServer(baseUri, rc);这篇关于使用Jersey/Grizzly的基本HTTP身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
