我使用 JAX-RS、Jersey 和 Grizzly 编写了一个简单的 REST 服务器.这就是我启动服务器的方式:
I've written a simple REST server using JAX-RS, Jersey and Grizzly. This is how I start the server:
URI baseUri = UriBuilder.fromUri("http://localhost/api")
.port(8081)
.build();
ResourceConfig rc = new PackagesResourceConfig("se.aioobe.resources");
HttpServer httpServer = GrizzlyServerFactory.createHttpServer(baseUri, rc);
现在我需要使用基本 HTTP 身份验证来保护资源,但我不知道该怎么做.
Now I need to protect the resources using Basic HTTP authentication, and I can't figure out how to do this.
如果让其工作更简单,我可以从 Grizzly 切换到例如 Jetty,但我非常重视 Grizzly 提供的简单配置/启动.
I can switch from Grizzly to for instance Jetty if it is simpler to get it to work, but I really value the simple configuration / start up that Grizzly provides.
我已经阅读了很多教程.他们都提到了 web.xml,但在我目前的配置中我没有.(我需要为 HTTP 身份验证添加一个吗?)我找到了 以下问题,它们都没有任何帮助:-(
I've read a lot of tutorials. They all mention the web.xml but in my current configuration I don't have one. (Do I need to add one for HTTP authentication?) I've found the following questions, neither of them is of any help :-(
(此时不需要 SSL.此时的身份验证只是为了防止公众偷看我们的测试版.)
(No SSL required at this point. The authentication is at this point just to prevent the public from peeking at our beta.)
TL;DR:如何将基本 HTTP 身份验证添加到 Jersey/Grizzly webapp?
TL;DR: How do I add basic HTTP authentication to a Jersey / Grizzly webapp?
根据 这篇博文.
我的解决方案包括:
Maven 工件:球衣服务器 (v 1.17)jersey-grizzly2 (v 1.17)我创建了这个 ContainerRequestFilter
:
public class AuthFilter implements ContainerRequestFilter {
// Exception thrown if user is unauthorized.
private final static WebApplicationException unauthorized =
new WebApplicationException(
Response.status(Status.UNAUTHORIZED)
.header(HttpHeaders.WWW_AUTHENTICATE, "Basic realm="realm"")
.entity("Page requires login.").build());
@Override
public ContainerRequest filter(ContainerRequest containerRequest)
throws WebApplicationException {
// Automatically allow certain requests.
String method = containerRequest.getMethod();
String path = containerRequest.getPath(true);
if (method.equals("GET") && path.equals("application.wadl"))
return containerRequest;
// Get the authentication passed in HTTP headers parameters
String auth = containerRequest.getHeaderValue("authorization");
if (auth == null)
throw unauthorized;
auth = auth.replaceFirst("[Bb]asic ", "");
String userColonPass = Base64.base64Decode(auth);
if (!userColonPass.equals("admin:toHah1ooMeor6Oht"))
throw unauthorized;
return containerRequest;
}
}
然后我更改了启动代码以包含过滤器:
And I then changed the startup code to include the filter:
URI baseUri = UriBuilder.fromUri("http://localhost/api")
.port(8081)
.build();
ResourceConfig rc = new PackagesResourceConfig("se.aioobe.resources");
// Add AuthFilter ////////////
rc.getProperties().put("com.sun.jersey.spi.container.ContainerRequestFilters",
"<YOUR PACKAGE FOR AuthFilter>.AuthFilter");
//////////////////////////////
HttpServer httpServer = GrizzlyServerFactory.createHttpServer(baseUri, rc);
上一篇:ContainerRequestFilter ContainerResponseFilter 没有被调用ContainerRequestFilter、ContainerResponseFilter