如何在JAX-RS服务中读取授权标头 [英] How to read authorization header in JAX-RS service
问题描述
p>
sUrl = getURL()+/com.cabRoutePlanner.Login/Login;
var oHeaders = {};
oHeaders ['Authorization'] =Basic+ btoa(getUserName()+:+ getPassword());
var request = {
headers:oHeaders,
requestUri:sUrl,
data:connectionData,
method:POST
} ;
OData.request(request,onSuccessForRegister,onRegError);
现在,我想在JAX-RS服务中读取此授权标头,即返回用户名和密码在我的Java Rest服务中,并检查我的数据库。我感到困惑的是,我不知道如何使用这个授权头。如果有人能够向我展示REST服务中函数的声明,并且只是为了访问我的用户名和密码,那就太好了。
我以某种方式编写代码,有一点直觉和Eclipse的巨大帮助
@Path(/ Log)
@POST
@Produces(MediaType.APPLICATION_JSON)
公共响应日志(HttpServletRequest req)抛出JSONException
{
JSONObject returnObject = new JSONObject();
字符串授权= req.getHeader(Authorization);
if(授权!= null&&授权.startsWith(基本))
{
// byte [] message = authorization.substring(Basic.length() ).trim()的getBytes();
String credentials = authorization.substring(Basic.length())。trim();
byte [] encoded = DatatypeConverter.parseBase64Binary(credentials);
字符串decodedString =新字符串(已解码);
String [] actualCredentials = decodedString.split(:);
String ID = actualCredentials [0];
String Password = actualCredentials [1];
字符串结果= actualLog(ID,密码);
if(Result.equals(ID does not exist))
{
returnObject.put(Result,ID does not exist);
return Response.status(401).entity(returnObject).build();
$ b else if(Result.equals(Password for given User))
{
returnObject.put(Result,Password incorrect for给定用户);
return Response.status(401).entity(returnObject).build();
}
else
{
returnObject.put(Result,Result);
return Response.status(200).entity(returnObject).build();
}
}
else
{
returnObject.put(Result,Authorization header wrong);
return Response.status(401).entity(returnObject).build();
$ / code $ / pre
现在,这是当前正在获得的异常我无法理解它: 2014年10月6日下午4:13:59 com.sun.jersey.spi .container.ContainerRequest getEntity
SEVERE:未找到Java类javax.servlet.http.HttpServletRequest和Java类型接口javax.servlet.http.HttpServletRequest和MIME媒体类型application / octet-stream的消息正文阅读器。
兼容MIME媒体类型的注册邮件正文阅读器是:
application / octet-stream - >
com.sun.jersey.core.impl.provider.entity.ByteArrayProvider
com.sun.jersey.core.impl.provider.entity.FileProvider
com.sun.jersey.core。 impl.provider.entity.InputStreamProvider
com.sun.jersey.core.impl.provider.entity.DataSourceProvider
com.sun.jersey.core.impl.provider.entity.RenderedImageProvider
* / * - >
com.sun.jersey.core.impl.provider.entity.FormProvider
com.sun.jersey.core.impl.provider.entity.MimeMultipartProvider
com.sun.jersey.core。 impl.provider.entity.StringProvider
com.sun.jersey.core.impl.provider.entity.ByteArrayProvider
com.sun.jersey.core.impl.provider.entity.FileProvider
com .sun.jersey.core.impl.provider.entity.InputStreamProvider
com.sun.jersey.core.impl.provider.entity.DataSourceProvider
com.sun.jersey.core.impl.provider.entity .XMLJAXBElementProvider $ General
com.sun.jersey.core.impl.provider.entity.ReaderProvider
com.sun.jersey.core.impl.provider.entity.DocumentProvider
com.sun。 jersey.core.impl.provider.entity.SourceProvider $ StreamSourceReader
com.sun.jersey.core.impl.provider.entity.SourceProvider $ SAXSourceReader
com.sun.jersey.core.impl.provider。 entity.SourceProvider $ DOMSourceReader
com.sun.jersey.json.impl.provider.entity.JSONJAXBElementProvider $ General
com.sun.jersey.json.impl。 provider.entity.JSONArrayProvider $ General
com.sun.jersey.json.impl.provider.entity.JSONObjectProvider $ General
com.sun.jersey.core.impl.provider.entity.XMLRootElementProvider $ General
com.sun.jersey.core.impl.provider.entity.XMLListElementProvider $ General
com.sun.jersey.core.impl.provider.entity.XMLRootObjectProvider $ General
com.sun.jersey .core.impl.provider.entity.EntityHolderReader
com.sun.jersey.json.impl.provider.entity.JSONRootElementProvider $ General
com.sun.jersey.json.impl.provider.entity.JSONListElementProvider $ General
com.sun.jersey.json.impl.provider.entity.JacksonProviderProxy
解决方案 您应该使用 @Context HttpServletRequest请求
在您的方法中注入请求,如下所示:
public response log(@Context HttpServletRequest req)throws JSONException
可以注入的其他有用对象ng @Context
(请参阅JAX-RS规范了解详细信息):
-
Application
-
UriInfo
, HttpHeaders $ c $ b $ li $ $ c $ SecurityContext
,
-
提供者
c $ c>,请求
-
ServletConfig
, ServletContext
, HttpServletRequest
和 HttpServletResponse
>
所以在你的情况下,你也可以使用 @Context HttpHeaders headers
然后
列表< String> authHeaders = headers.getRequestHeader(HttpHeaders.AUTHORIZATION);
I am new to Authorization header, trying to create authorization(and authentication) using a JAX-RS service
My snippet at the javascript looks like this:
sUrl = getURL() + "/com.cabRoutePlanner.Login/Login";
var oHeaders = {};
oHeaders['Authorization'] = "Basic " + btoa(getUserName() + ":" + getPassword());
var request = {
headers : oHeaders,
requestUri : sUrl,
data: connectionData,
method : "POST"
};
OData.request(request, onSuccessForRegister, onRegError);
Now, I want to read this authorization header at the JAX-RS service, i.e username and password back in my Java Rest service and check with my db. What I am confused with is, I don't know how to consume this authorization header. If somebody could just show me the declaration of the function in the REST service and just to access my username and passwrd, it'd be great.
I wrote the code somehow, with a little intuition and great help from Eclipse
@Path("/Log")
@POST
@Produces(MediaType.APPLICATION_JSON)
public Response log(HttpServletRequest req)throws JSONException
{
JSONObject returnObject = new JSONObject();
String authorization = req.getHeader("Authorization");
if (authorization != null && authorization.startsWith("Basic"))
{
//byte[] message = authorization.substring("Basic".length()).trim().getBytes();
String credentials = authorization.substring("Basic".length()).trim();
byte[] decoded = DatatypeConverter.parseBase64Binary(credentials);
String decodedString = new String(decoded);
String[] actualCredentials = decodedString.split(":");
String ID = actualCredentials[0];
String Password = actualCredentials[1];
String Result = actualLog(ID, Password);
if(Result.equals("ID Does not exist"))
{
returnObject.put("Result", "ID Does not exist");
return Response.status(401).entity(returnObject).build();
}
else if(Result.equals("Password incorrect for given User"))
{
returnObject.put("Result", "Password incorrect for given User");
return Response.status(401).entity(returnObject).build();
}
else
{
returnObject.put("Result", Result);
return Response.status(200).entity(returnObject).build();
}
}
else
{
returnObject.put("Result", "Authorization header wrong");
return Response.status(401).entity(returnObject).build();
}
}
Now, here is the current Exception I am getting and I'm not able to understand it:
Oct 06, 2014 4:13:59 PM com.sun.jersey.spi.container.ContainerRequest getEntity
SEVERE: A message body reader for Java class javax.servlet.http.HttpServletRequest, and Java type interface javax.servlet.http.HttpServletRequest, and MIME media type application/octet-stream was not found.
The registered message body readers compatible with the MIME media type are:
application/octet-stream ->
com.sun.jersey.core.impl.provider.entity.ByteArrayProvider
com.sun.jersey.core.impl.provider.entity.FileProvider
com.sun.jersey.core.impl.provider.entity.InputStreamProvider
com.sun.jersey.core.impl.provider.entity.DataSourceProvider
com.sun.jersey.core.impl.provider.entity.RenderedImageProvider
*/* ->
com.sun.jersey.core.impl.provider.entity.FormProvider
com.sun.jersey.core.impl.provider.entity.MimeMultipartProvider
com.sun.jersey.core.impl.provider.entity.StringProvider
com.sun.jersey.core.impl.provider.entity.ByteArrayProvider
com.sun.jersey.core.impl.provider.entity.FileProvider
com.sun.jersey.core.impl.provider.entity.InputStreamProvider
com.sun.jersey.core.impl.provider.entity.DataSourceProvider
com.sun.jersey.core.impl.provider.entity.XMLJAXBElementProvider$General
com.sun.jersey.core.impl.provider.entity.ReaderProvider
com.sun.jersey.core.impl.provider.entity.DocumentProvider
com.sun.jersey.core.impl.provider.entity.SourceProvider$StreamSourceReader
com.sun.jersey.core.impl.provider.entity.SourceProvider$SAXSourceReader
com.sun.jersey.core.impl.provider.entity.SourceProvider$DOMSourceReader
com.sun.jersey.json.impl.provider.entity.JSONJAXBElementProvider$General
com.sun.jersey.json.impl.provider.entity.JSONArrayProvider$General
com.sun.jersey.json.impl.provider.entity.JSONObjectProvider$General
com.sun.jersey.core.impl.provider.entity.XMLRootElementProvider$General
com.sun.jersey.core.impl.provider.entity.XMLListElementProvider$General
com.sun.jersey.core.impl.provider.entity.XMLRootObjectProvider$General
com.sun.jersey.core.impl.provider.entity.EntityHolderReader
com.sun.jersey.json.impl.provider.entity.JSONRootElementProvider$General
com.sun.jersey.json.impl.provider.entity.JSONListElementProvider$General
com.sun.jersey.json.impl.provider.entity.JacksonProviderProxy
解决方案 You should use @Context HttpServletRequest request
to inject request in your method, like this:
public Response log(@Context HttpServletRequest req) throws JSONException
Other useful objects that could be injected using @Context
are (see JAX-RS spec for details):
Application
UriInfo
, HttpHeaders
SecurityContext
,
Providers
, Request
ServletConfig
, ServletContext
, HttpServletRequest
and HttpServletResponse
So in your case you could use also @Context HttpHeaders headers
and then
List<String> authHeaders = headers.getRequestHeader(HttpHeaders.AUTHORIZATION);
这篇关于如何在JAX-RS服务中读取授权标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文