问题描述
@Provider
@Secured
@Priority(Priorities.AUTHENTICATION)
public class SecurityFilter implements ContainerRequestFilter {
private static final String LOGGER_NAME ="SecurityFilter";
private static final String CLASS_NAME ="SecurityFilter.java";
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Logger.log(" requestContext: " + requestContext,LOGGER_NAME,CLASS_NAME,null,Logger.INFO,GroupId.ID);
String authHeader = requestContext.getHeaderString("Authorization");
if (authHeader == null || !authHeader.startsWith("Basic")) {
requestContext.abortWith(Response.status(401).header("WWW-Authenticate","Basic").build());
return;
}
String[] tokens = (new String(Base64.getDecoder().decode(authHeader.split(" ")[1]),"UTF-8")).split(":");
final String username = tokens[0];
final String password = tokens[1];
if (username.equals("admin") && password.equals("123")) {
// all good
}
else {
requestContext.abortWith(Response.status(401).entity("Incorrect username or pass").build());
return;
}
}
}
我正在将RestEasy jar和Java 1.8一起使用。 有人可以指导我吗? 我已经实现了基本身份验证,但是它无法正常工作,因此请仔细阅读。
我的Web.xml在下面给出
<servlet-name>AvApp</servlet-name>
<url-pattern>/servicesyes/*</url-pattern>
</servlet-mapping>
<!-- this should be the same URL pattern as the servlet-mapping property -->
<context-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
<param-value>/servicesyes</param-value>
</context-param>
<context-param>
<param-name>resteasy.scan</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>resteasy.providers</param-name>
<param-value>in.avenues.exh.test.SecurityInterceptor</param-value>
</context-param>
<context-param>
<param-name>resteasy.resources</param-name>
<param-value>in.avenues.exh.controllers.RESTApi</param-value>
</context-param>
<context-param>
<param-name>resteasy.role.based.security</param-name>
<param-value>true</param-value>
</context-param>
<listener>
<listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
</listener>
<servlet>
<servlet-name>AvApp</servlet-name>
<servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>in.avenues.exh.controllers.RESTApi</param-value>
</init-param>
</servlet>
<error-page>
<error-code>401</error-code>
<location>/error401.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/exhouse/secure/exceptionHandler.jsp</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/error403.html</location>
</error-page>
<error-page>
<exception-type>
javax.servlet.ServletException
</exception-type >
<location>/exhouse/secure/exceptionHandler.jsp</location>
</error-page>
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>in.avenues.exh.controllers.SecurityFilter</filter-class>
<init-param>
<param-name>SecuritFilterAuth</param-name>
<param-value>in.avenues.exh.controllers.RESTApi</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<servlet-name>AvApp</servlet-name>
</filter-mapping>
<!-- Add Security for RESTful Web Services Using Basic Authentication -->
<security-constraint>
<web-resource-collection>
<web-resource-name>AvApp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>admin</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
这是web.xml文件数据。 除此之外,我还有我的终点 我需要在终端实现基本身份验证以提供安全性。 我尽力没有找到任何解决方案。 ContainerRequestFilter看起来像这样
解决方法
如果您只想处理基本身份验证,则无需自己实施过滤器。您可以按照以下说明使用服务器的内置机制: https://docs.jboss.org/resteasy/docs/4.5.6.Final/userguide/html/Securing_JAX-RS_and_RESTeasy.html。 在这种情况下,您可以按照以下说明配置安全领域(例如,通过简单的realm.properties文件):https://wiki.eclipse.org/Jetty/Tutorial/Realms
我猜想该过滤器未正确在RESTeasy中注册。您还可以使用@Context(javax.ws.rs.core.Context)来检查实际服务。这会将安全性上下文作为参数注入:
public void foo(@Context SecurityContext sc) {
if (sc.isUserInRole(role))
...
Principal p = sc.getUserPrincipal();
}
就像@Context一样,您可以用来注入Request对象,从而使您可以访问基本的auth标头。