如何使用RestEasy在Java服务器端实现基本身份验证?我已将过滤器附加为Java Code.Sample代码已附加

编程问答 2023-02-13

问题描述

@Provider
@Secured
@Priority(Priorities.AUTHENTICATION)
public class SecurityFilter implements ContainerRequestFilter {
    private static final String LOGGER_NAME  ="SecurityFilter";
    private static final String CLASS_NAME  ="SecurityFilter.java";

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        Logger.log(" requestContext: " + requestContext,LOGGER_NAME,CLASS_NAME,null,Logger.INFO,GroupId.ID);
        String authHeader = requestContext.getHeaderString("Authorization");
        if (authHeader == null || !authHeader.startsWith("Basic")) {
            requestContext.abortWith(Response.status(401).header("WWW-Authenticate","Basic").build());
            return;
        }

        String[] tokens = (new String(Base64.getDecoder().decode(authHeader.split(" ")[1]),"UTF-8")).split(":");
        final String username = tokens[0];
        final String password = tokens[1];

        if (username.equals("admin") && password.equals("123")) {
            // all good
        }
        else {
            requestContext.abortWith(Response.status(401).entity("Incorrect username or pass").build());
            return;
        }
    }

}

我正在将RestEasy jar和Java 1.8一起使用。 有人可以指导我吗? 我已经实现了基本身份验证,但是它无法正常工作,因此请仔细阅读。

我的Web.xml在下面给出

        <servlet-name>AvApp</servlet-name>
        <url-pattern>/servicesyes/*</url-pattern>
    </servlet-mapping>
    
    <!-- this should be the same URL pattern as the servlet-mapping property -->
     <context-param>
        <param-name>resteasy.servlet.mapping.prefix</param-name>
        <param-value>/servicesyes</param-value>
    </context-param>
    
    <context-param>
        <param-name>resteasy.scan</param-name>
        <param-value>true</param-value>
    </context-param>
    <context-param>
        <param-name>resteasy.providers</param-name>
        <param-value>in.avenues.exh.test.SecurityInterceptor</param-value>
    </context-param>
    
    <context-param>
        <param-name>resteasy.resources</param-name>
        <param-value>in.avenues.exh.controllers.RESTApi</param-value>
    </context-param>
    <context-param>
      <param-name>resteasy.role.based.security</param-name>
      <param-value>true</param-value>
   </context-param>
   
   <listener>
      <listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
   </listener>
    
    <servlet>
        <servlet-name>AvApp</servlet-name>
        <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
        <init-param>
            <param-name>javax.ws.rs.Application</param-name>
            <param-value>in.avenues.exh.controllers.RESTApi</param-value>
        </init-param>
    </servlet>
    
    <error-page>
        <error-code>401</error-code>
        <location>/error401.jsp</location>
    </error-page>
    <error-page>
        <error-code>500</error-code>
        <location>/exhouse/secure/exceptionHandler.jsp</location>
    </error-page>

    <error-page>
        <error-code>403</error-code>
        <location>/error403.html</location>
    </error-page>

    <error-page>
        <exception-type>
            javax.servlet.ServletException
        </exception-type >
        <location>/exhouse/secure/exceptionHandler.jsp</location>
    </error-page>
    
    <filter>
         <filter-name>SecurityFilter</filter-name>
        <filter-class>in.avenues.exh.controllers.SecurityFilter</filter-class>
        <init-param>
            <param-name>SecuritFilterAuth</param-name>
            <param-value>in.avenues.exh.controllers.RESTApi</param-value>
        </init-param>
    </filter>
    <filter-mapping>
            <filter-name>SecurityFilter</filter-name>
            <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
         <filter-name>SecurityFilter</filter-name>
        <servlet-name>AvApp</servlet-name>
    </filter-mapping>
    
    <!-- Add Security for RESTful Web Services Using Basic Authentication  -->
<security-constraint>
      <web-resource-collection>
         <web-resource-name>AvApp</web-resource-name>
         <url-pattern>/*</url-pattern>
      </web-resource-collection>
      
       <auth-constraint>
         <role-name>admin</role-name>
         <role-name>admin</role-name>
      </auth-constraint>
  </security-constraint>

   <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>admin</realm-name>
   </login-config>

   <security-role>
      <role-name>admin</role-name>
   </security-role>
   <security-role>
      <role-name>user</role-name>
   </security-role>

这是web.xml文件数据。 除此之外,我还有我的终点 我需要在终端实现基本身份验证以提供安全性。 我尽力没有找到任何解决方案。 ContainerRequestFilter看起来像这样

解决方法

如果您只想处理基本身份验证,则无需自己实施过滤器。您可以按照以下说明使用服务器的内置机制: https://docs.jboss.org/resteasy/docs/4.5.6.Final/userguide/html/Securing_JAX-RS_and_RESTeasy.html。 在这种情况下,您可以按照以下说明配置安全领域(例如,通过简单的realm.properties文件):https://wiki.eclipse.org/Jetty/Tutorial/Realms

我猜想该过滤器未正确在RESTeasy中注册。您还可以使用@Context(javax.ws.rs.core.Context)来检查实际服务。这会将安全性上下文作为参数注入:

public void foo(@Context SecurityContext sc) {
  if (sc.isUserInRole(role))
    ...
  Principal p = sc.getUserPrincipal();
}

就像@Context一样,您可以用来注入Request对象,从而使您可以访问基本的auth标头。

javajavajax-rsrestapi

相关问答

导入项目后报错问题
依赖报错 idea导入项目后依赖报错,解决方案:https://blog....
idea不能识别yaml文件
使用mybatis plus常见错误
错误1:代码生成器依赖和mybatis依赖冲突 启动项目时报错如下...
gradle常见问题与错误
错误1:gradle项目控制台输出为乱码 # 解决方案:https://bl...
Mybatis Plus传入参数0不起作用
错误还原:在查询的过程中,传入的workType为0时,该条件不起...
linux中make编译源码包失败
报错如下,gcc版本太低 ^ server.c:5346:31: 错误:‘struct...