Jersey/Grizzly 的基本 HTTP 身份验证

Basic HTTP authentication with Jersey / Grizzly(Jersey/Grizzly 的基本 HTTP 身份验证)

问题描述

我使用 JAX-RS、Jersey 和 Grizzly 编写了一个简单的 REST 服务器.这就是我启动服务器的方式:

I've written a simple REST server using JAX-RS, Jersey and Grizzly. This is how I start the server:

URI baseUri = UriBuilder.fromUri("http://localhost/api")
                        .port(8081)
                        .build();

ResourceConfig rc = new PackagesResourceConfig("se.aioobe.resources");
HttpServer httpServer = GrizzlyServerFactory.createHttpServer(baseUri, rc);

现在我需要使用基本 HTTP 身份验证来保护资源，但我不知道该怎么做.

Now I need to protect the resources using Basic HTTP authentication, and I can't figure out how to do this.

如果让其工作更简单，我可以从 Grizzly 切换到例如 Jetty，但我非常重视 Grizzly 提供的简单配置/启动.

I can switch from Grizzly to for instance Jetty if it is simpler to get it to work, but I really value the simple configuration / start up that Grizzly provides.

我已经阅读了很多教程.他们都提到了 web.xml，但在我目前的配置中我没有.(我需要为 HTTP 身份验证添加一个吗?)我找到了 以下问题，它们都没有任何帮助:-(

I've read a lot of tutorials. They all mention the web.xml but in my current configuration I don't have one. (Do I need to add one for HTTP authentication?) I've found the following questions, neither of them is of any help :-(

(此时不需要 SSL.此时的身份验证只是为了防止公众偷看我们的测试版.)

(No SSL required at this point. The authentication is at this point just to prevent the public from peeking at our beta.)

TL;DR:如何将基本 HTTP 身份验证添加到 Jersey/Grizzly webapp?

TL;DR: How do I add basic HTTP authentication to a Jersey / Grizzly webapp?

推荐答案

根据 这篇博文.

我的解决方案包括:

• Maven 工件:
  • 球衣服务器 (v 1.17)
  • jersey-grizzly2 (v 1.17)

  我创建了这个 ContainerRequestFilter:

  public class AuthFilter implements ContainerRequestFilter {
  
      // Exception thrown if user is unauthorized.
      private final static WebApplicationException unauthorized =
         new WebApplicationException(
             Response.status(Status.UNAUTHORIZED)
                     .header(HttpHeaders.WWW_AUTHENTICATE, "Basic realm="realm"")
                     .entity("Page requires login.").build());
  
      @Override
      public ContainerRequest filter(ContainerRequest containerRequest) 
              throws WebApplicationException {
  
          // Automatically allow certain requests.
          String method = containerRequest.getMethod();
          String path = containerRequest.getPath(true);
          if (method.equals("GET") && path.equals("application.wadl"))
              return containerRequest;
  
          // Get the authentication passed in HTTP headers parameters
          String auth = containerRequest.getHeaderValue("authorization");
          if (auth == null)
              throw unauthorized;
  
          auth = auth.replaceFirst("[Bb]asic ", "");
          String userColonPass = Base64.base64Decode(auth);
  
          if (!userColonPass.equals("admin:toHah1ooMeor6Oht"))
              throw unauthorized;
  
          return containerRequest;
      }
  }
  

  然后我更改了启动代码以包含过滤器:

  And I then changed the startup code to include the filter:

  URI baseUri = UriBuilder.fromUri("http://localhost/api")
                          .port(8081)
                          .build();
  
  ResourceConfig rc = new PackagesResourceConfig("se.aioobe.resources");
  
  // Add AuthFilter ////////////
  rc.getProperties().put("com.sun.jersey.spi.container.ContainerRequestFilters",
                         "<YOUR PACKAGE FOR AuthFilter>.AuthFilter");
  //////////////////////////////
  
  HttpServer httpServer = GrizzlyServerFactory.createHttpServer(baseUri, rc);
  

  这篇关于Jersey/Grizzly 的基本 HTTP 身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！