Jersey/Grizzly 的基本 HTTP 身份验证

我使用 JAX-RS、Jersey 和 Grizzly 编写了一个简单的 REST 服务器.这就是我启动服务器的方式:

I've written a simple REST server using JAX-RS, Jersey and Grizzly. This is how I start the server:

URI baseUri = UriBuilder.fromUri("http://localhost/api")
                        .port(8081)
                        .build();

ResourceConfig rc = new PackagesResourceConfig("se.aioobe.resources");
HttpServer httpServer = GrizzlyServerFactory.createHttpServer(baseUri, rc);

现在我需要使用基本 HTTP 身份验证来保护资源,但我不知道该怎么做.

Now I need to protect the resources using Basic HTTP authentication, and I can't figure out how to do this.

如果让其工作更简单,我可以从 Grizzly 切换到例如 Jetty,但我非常重视 Grizzly 提供的简单配置/启动.

I can switch from Grizzly to for instance Jetty if it is simpler to get it to work, but I really value the simple configuration / start up that Grizzly provides.

我已经阅读了很多教程.他们都提到了 web.xml,但在我目前的配置中我没有.(我需要为 HTTP 身份验证添加一个吗?)我找到了 以下问题,它们都没有任何帮助:-(

I've read a lot of tutorials. They all mention the web.xml but in my current configuration I don't have one. (Do I need to add one for HTTP authentication?) I've found the following questions, neither of them is of any help :-(

(此时不需要 SSL.此时的身份验证只是为了防止公众偷看我们的测试版.)

(No SSL required at this point. The authentication is at this point just to prevent the public from peeking at our beta.)

TL;DR:如何将基本 HTTP 身份验证添加到 Jersey/Grizzly webapp?

TL;DR: How do I add basic HTTP authentication to a Jersey / Grizzly webapp?

推荐答案

根据 这篇博文.

我的解决方案包括:

  • Maven 工件:
    • 球衣服务器 (v 1.17)
    • jersey-grizzly2 (v 1.17)

    我创建了这个 ContainerRequestFilter:

    public class AuthFilter implements ContainerRequestFilter {
    
        // Exception thrown if user is unauthorized.
        private final static WebApplicationException unauthorized =
           new WebApplicationException(
               Response.status(Status.UNAUTHORIZED)
                       .header(HttpHeaders.WWW_AUTHENTICATE, "Basic realm="realm"")
                       .entity("Page requires login.").build());
    
        @Override
        public ContainerRequest filter(ContainerRequest containerRequest) 
                throws WebApplicationException {
    
            // Automatically allow certain requests.
            String method = containerRequest.getMethod();
            String path = containerRequest.getPath(true);
            if (method.equals("GET") && path.equals("application.wadl"))
                return containerRequest;
    
            // Get the authentication passed in HTTP headers parameters
            String auth = containerRequest.getHeaderValue("authorization");
            if (auth == null)
                throw unauthorized;
    
            auth = auth.replaceFirst("[Bb]asic ", "");
            String userColonPass = Base64.base64Decode(auth);
    
            if (!userColonPass.equals("admin:toHah1ooMeor6Oht"))
                throw unauthorized;
    
            return containerRequest;
        }
    }
    

    然后我更改了启动代码以包含过滤器:

    And I then changed the startup code to include the filter:

    URI baseUri = UriBuilder.fromUri("http://localhost/api")
                            .port(8081)
                            .build();
    
    ResourceConfig rc = new PackagesResourceConfig("se.aioobe.resources");
    
    // Add AuthFilter ////////////
    rc.getProperties().put("com.sun.jersey.spi.container.ContainerRequestFilters",
                           "<YOUR PACKAGE FOR AuthFilter>.AuthFilter");
    //////////////////////////////
    
    HttpServer httpServer = GrizzlyServerFactory.createHttpServer(baseUri, rc);
    

相关文章