Jhipster + REST客户端+身份验证 [英] Jhipster + REST client + authentication
问题描述
我需要了解如何对REST客户端进行身份验证(可以是Paw,可以是android应用程序,可以是将AFNetworking与jHipster结合使用的iOs应用程序,我认为更笼统地说,我不是专家的春季启动)
I need to understand how to authenticate a REST client (could be Paw, could be an android app, an iOs app using AFNetworking with jHipster and I think, more in general, with spring-boot of which I am no expert).
虽然我能够在登录浏览器时获得令牌,并随后在以下请求中使用此令牌,但我不理解如何首先使用RESTful最佳实践进行身份验证.
While I am able to obtain a token when logged in a browser, and subsequently use this token in the following requests, I do not understand how I can authenticate in the first place using RESTful best practices.
例如,在Paw.app中,我可以通过基本身份验证或Oauth2,但我不了解如何像在Web浏览器上那样简单地获取会话令牌.
For example, in Paw.app, I can pass a Basic authentication, or Oauth2, but I don't understand how to get the session token simply authenticating as I do on a web browser.
类似地,在AFNetworking中,我可以通过基本身份验证,例如
Similarly, in AFNetworking I am able to pass basic authentication, e.g.
NSString*auth=[NSString stringWithFormat:@"%@:%@", @"admin", @"admin"];
NSString *authValue = [NSString stringWithFormat:@"Basic %@", [auth base64EncodedString]];
[manager.requestSerializer setValue:authValue forHTTPHeaderField:@"Authorization"];
但是我很难理解如何使用jHipster/spring boot中捆绑的会话安全性进行身份验证.
But I struggle to understand how to authenticate with the session security which is bundled in jHipster/spring boot.
推荐答案
这里总结了我如何实现该解决方案.这是真正的快速代码,但请以伪代码为准,因为它可能不正确.
Here a summarisation of how I implemented the solution. It’s real swift code, but please take it as pseudocode, as it might be incorrect.
-
调用您需要调用的任何方法,并为该方法传递成功的回调(块或等效方法)和失败的回调
make a call to whatever method you need to call, passing in such method a callback (block, or equivalent) for the success and one for the failure
func action(
URLString:String,
method:Method,
encoding:Encoding = .JSON,
parameters:[String : AnyObject]?,
success:(statusCode:Int, responseObject:AnyObject)->Void,
failure:(statusCode:Int, error:NSError)->Void
)
方法es中. /events您将处理特定的故障情况,即状态码为401.
Inside the method es. /events you handle a particular case of failure, which is when the status code is 401.
if(r!.statusCode==ResponseCodes.HTTP_UNAUTHORIZED.rawValue){
loginAndAction(URLString, method: method, encoding: encoding, parameters: parameters, success: success, failure: failure)
}else{
failure(statusCode: response.response!.statusCode, error:response.result.error!)
}
在这种特殊情况下,您无需返回结果并调用失败回调,而是调用login()方法,该方法在必要的参数之后接受原始的success()回调
func loginAndAction(
URLString:String,
method:Method,
encoding: Encoding,
parameters:[String:AnyObject]?,
success:(statusCode:Int, responseObject:AnyObject)->Void,
failure:(statusCode:Int, error:NSError)->Void
)->Void
如果身份验证成功
if the authentication succeeds
var d:[String:AnyObject] = response.result.value as! [String:AnyObject]
self.authToken = d["access_token"] as! String
action(URLString, method: method,encoding:encoding, parameters: parameters, success: success, failure: failure)
此时,方法操作可以使用适当的工作令牌.
at this point the method action could use a proper working token.
这应该每天仅发生一次(基于令牌到期),这是一种适用于oauth2 refresh_token调用的机制.
This should happen only once a day (based on the token expiration), and it is a mechanism appliable to the oauth2 refresh_token call.
这篇关于Jhipster + REST客户端+身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
