Jersey/Grizzly 的基本 HTTP 身份验证

2022-01-21 00:00:00 java jax-rs jersey grizzly http-authentication

我使用 JAX-RS、Jersey 和 Grizzly 编写了一个简单的 REST 服务器.这就是我启动服务器的方式:

I've written a simple REST server using JAX-RS, Jersey and Grizzly. This is how I start the server:

URI baseUri = UriBuilder.fromUri("http://localhost/api")
                        .port(8081)
                        .build();

ResourceConfig rc = new PackagesResourceConfig("se.aioobe.resources");
HttpServer httpServer = GrizzlyServerFactory.createHttpServer(baseUri, rc);

现在我需要使用基本 HTTP 身份验证来保护资源,但我不知道该怎么做.

Now I need to protect the resources using Basic HTTP authentication, and I can't figure out how to do this.

如果让其工作更简单,我可以从 Grizzly 切换到例如 Jetty,但我非常重视 Grizzly 提供的简单配置/启动.

I can switch from Grizzly to for instance Jetty if it is simpler to get it to work, but I really value the simple configuration / start up that Grizzly provides.

我已经阅读了很多教程.他们都提到了 web.xml,但在我目前的配置中我没有.(我需要为 HTTP 身份验证添加一个吗?)我找到了 以下问题,它们都没有任何帮助:-(

I've read a lot of tutorials. They all mention the web.xml but in my current configuration I don't have one. (Do I need to add one for HTTP authentication?) I've found the following questions, neither of them is of any help :-(

(此时不需要 SSL.此时的身份验证只是为了防止公众偷看我们的测试版.)

(No SSL required at this point. The authentication is at this point just to prevent the public from peeking at our beta.)

TL;DR:如何将基本 HTTP 身份验证添加到 Jersey/Grizzly webapp?

TL;DR: How do I add basic HTTP authentication to a Jersey / Grizzly webapp?

推荐答案

根据 这篇博文.

我的解决方案包括:

  • Maven 工件:
    • 球衣服务器 (v 1.17)
    • jersey-grizzly2 (v 1.17)

    我创建了这个 ContainerRequestFilter:

    public class AuthFilter implements ContainerRequestFilter {

    // Exception thrown if user is unauthorized.
    private final static WebApplicationException unauthorized =
       new WebApplicationException(
           Response.status(Status.UNAUTHORIZED)
                   .header(HttpHeaders.WWW_AUTHENTICATE, "Basic realm="realm"")
                   .entity("Page requires login.").build());

    @Override
    public ContainerRequest filter(ContainerRequest containerRequest) 
            throws WebApplicationException {

        // Automatically allow certain requests.
        String method = containerRequest.getMethod();
        String path = containerRequest.getPath(true);
        if (method.equals("GET") && path.equals("application.wadl"))
            return containerRequest;

        // Get the authentication passed in HTTP headers parameters
        String auth = containerRequest.getHeaderValue("authorization");
        if (auth == null)
            throw unauthorized;

        auth = auth.replaceFirst("[Bb]asic ", "");
        String userColonPass = Base64.base64Decode(auth);

        if (!userColonPass.equals("admin:toHah1ooMeor6Oht"))
            throw unauthorized;

        return containerRequest;
    }
}

    然后我更改了启动代码以包含过滤器:

    And I then changed the startup code to include the filter:

    URI baseUri = UriBuilder.fromUri("http://localhost/api")
                        .port(8081)
                        .build();

ResourceConfig rc = new PackagesResourceConfig("se.aioobe.resources");

// Add AuthFilter ////////////
rc.getProperties().put("com.sun.jersey.spi.container.ContainerRequestFilters",
                       "<YOUR PACKAGE FOR AuthFilter>.AuthFilter");
//////////////////////////////

HttpServer httpServer = GrizzlyServerFactory.createHttpServer(baseUri, rc);

相关文章