Java 在JBOSS EAP 6.3中,从RESTFul客户端调用RESTFul Web服务时出现HTTP错误401(两者位于同一安全域)
我有两个网络应用程序-empService和empClient。我刚刚从服务中心打印了一条“Hello World”消息。我将这两个应用程序放在同一个安全域上。当我直接调用我的服务应用程序时,它会要求提供登录凭据以打开网页。但是当我从客户端调用它时,它抛出了HTTP错误401(未经授权)。因为它们都使用相同的安全域,所以当我调用服务权限时,客户端也应该被授予访问权限。如果我需要在代码中添加其他内容,请告诉我Java 在JBOSS EAP 6.3中,从RESTFul客户端调用RESTFul Web服务时出现HTTP错误401(两者位于同一安全域),java,web-services,security,jboss,Java,Web Services,Security,Jboss,我有两个网络应用程序-empService和empClient。我刚刚从服务中心打印了一条“Hello World”消息。我将这两个应用程序放在同一个安全域上。当我直接调用我的服务应用程序时,它会要求提供登录凭据以打开网页。但是当我从客户端调用它时,它抛出了HTTP错误401(未经授权)。因为它们都使用相同的安全域,所以当我调用服务权限时,客户端也应该被授予访问权限。如果我需要在代码中添加其他内容,请告诉我 empService - src - com.channel.empl
empService
- src
- com.channel.employee.service
- Employee
- EmployeeService
- WebContent
- WEB-INF
- classes
- employee-roles.properties
- employee-users.properties
- jboss-web.xml
- web.xml
- hello.jsp
empClient
- src
- com.channel.employee.client
- EmployeeClient
- WebContent
- WEB-INF
- classes
- employee-roles.properties
- employee-users.properties
- jboss-web.xml
- web.xml
Employee.java
@Path("/")
public class Employee {
/*@Inject
static EmployeeService employeeService;*/
EmployeeService employeeService=new EmployeeService();
@GET
@Path("/xml")
@Produces({ "application/xml" })
@RolesAllowed({"employee"})
public String getHelloWorldXML() {
return "<xml><result>" + employeeService.createHelloMessage("Employee") + "</result></xml>";
}
}
EmployeeService.java
public class EmployeeService {
String createHelloMessage(String name) {
return "Hello " + name + "!";
}
}
employee-roles.properties
usaaemp1=employee
usaaemp2=employee
employee-users.properties
usaaemp1=usaaemp11
usaaemp2=usaaemp22
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/Employee</security-domain>
</jboss-web>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>empService</display-name>
<welcome-file-list>
<welcome-file>hello.jsp</welcome-file>
</welcome-file-list>
<context-param>
<param-name>resteasy.role.based.security</param-name>
<param-value>true</param-value>
</context-param>
<servlet-mapping>
<servlet-name>javax.ws.rs.core.Application</servlet-name>
<url-pattern>/employee/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>EmployeeChannel</web-resource-name>
<url-pattern>/employee/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>employee</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<!-- <realm-name>Specify Realm Name Here</realm-name> -->
</login-config>
<security-role>
<role-name>employee</role-name>
</security-role>
</web-app>
hello.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<a href="employee/xml">Employee Channel</a>
</body>
</html>
EmployeeClient.java
public class EmployeeClient {
public static void main(String[] args){
try{
//Initiate a client request using the url as a parameter
ClientRequest request = new ClientRequest("http://localhost:8080/ent_securityprefs_empService/employee/xml");
request.accept("application/xml");
//To get the response based on the request
ClientResponse<String> response = request.get(String.class);
//Check the HTTP status of the request
//HTTP 200 indicates the request is OK
if(response.getStatus() != 200){
throw new RuntimeException("Failed request with HTTP status: "+response.getStatus());
}
//If we get a good response, now let's read it
BufferedReader br = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(response.getEntity().getBytes())));
String output;
//Loop over the br in order to print out the contents
System.out.println("\n*** Response from Server ***\n");
while((output = br.readLine()) != null){
System.out.println(output);
}
} catch(ClientProtocolException cpe) {
System.err.println(cpe);
} catch(IOException ioe){
System.err.println(ioe);
} catch(Exception e){
System.err.println(e);
}
}
}
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>empClient</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>EmployeeChannel</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>employee</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<!-- <realm-name>Specify Realm Name Here</realm-name> -->
</login-config>
<security-role>
<role-name>employee</role-name>
</security-role>
</web-app>
standalone-full.xml
<security-domain name="Employee" cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties" value="employee-users.properties"/>
<module-option name="rolesProperties" value="employee-roles.properties"/>
</login-module>
</authentication>
</security-domain>
emp服务
-src
-com.channel.employee.service
-雇员
-雇员服务
-网络内容
-WEB-INF
-班级
-employee-roles.properties
-employee-users.properties
-jboss-web.xml
-web.xml
-hello.jsp
empClient
-src
-com.channel.employee.client
-雇员客户
-网络内容
-WEB-INF
-班级
-employee-roles.properties
-employee-users.properties
-jboss-web.xml
-web.xml
Employee.java
@路径(“/”)
公营雇员{
/*@注入
静态员工服务员工服务*/
EmployeeService EmployeeService=新EmployeeService();
@得到
@路径(“/xml”)
@产生({“应用程序/xml”})
@允许的角色({“雇员”})
公共字符串getHelloWorldXML(){
return“+employeeService.createHelloMessage(“Employee”)+”;
}
}
EmployeeService.java
公营雇员服务{
字符串createHelloMessage(字符串名称){
返回“Hello”+name+“!”;
}
}
employee-roles.properties
usaaemp1=员工
usaaemp2=员工
employee-users.properties
usaaemp1=usaaemp11
usaaemp2=usaaemp22
jboss-web.xml
java:/jaas/Employee
web.xml
empService
hello.jsp
resteasy.role.based.security
真的
javax.ws.rs.core.Application
/雇员/*
雇员频道
/雇员/*
得到
邮递
EmployeeClient.java
公共类EmployeeClient{
公共静态void main(字符串[]args){
试一试{
//使用url作为参数启动客户端请求
ClientRequest请求=新ClientRequest(“http://localhost:8080/ent_securityprefs_empService/employee/xml");
请求。接受(“应用程序/xml”);
//根据请求获取响应
ClientResponse-response=request.get(String.class);
//检查请求的HTTP状态
//HTTP 200表示请求正常
if(response.getStatus()!=200){
抛出新的RuntimeException(“HTTP状态为+response.getStatus()的请求失败”);
}
//如果我们得到了很好的回应,现在让我们读一下
BufferedReader br=新的BufferedReader(新的InputStreamReader(新的ByteArrayInputStream(response.getEntity().getBytes()));
字符串输出;
//在br上循环以打印内容
System.out.println(“\n***来自服务器的响应***\n”);
而((output=br.readLine())!=null){
系统输出打印项次(输出);
}
}捕获(客户端协议异常cpe){
系统错误打印项次(cpe);
}捕获(ioe异常ioe){
系统错误打印项次(ioe);
}捕获(例外e){
系统错误println(e);
}
}
}
web.xml
empClient
雇员频道
/*
得到
邮递
雇员
基本的
雇员
standalone-full.xml
我认为您需要在客户请求时发送“登录凭据”
我建议始终查看服务器返回的错误代码,通常,它们会给出问题的解释
10.4.2未经授权
请求需要用户身份验证。响应必须包括WWW Authenticate标头字段(第14.47节),其中包含适用于请求资源的质询。客户可以使用合适的授权标头字段重复请求(第14.8节)。如果请求已包括授权凭据,则401响应表示已拒绝这些凭据的授权。如果401响应包含与先前响应相同的质询,并且用户代理已至少尝试了一次身份验证,则应向用户呈现响应中给出的实体,因为该实体可能包括相关诊断信息。HTTP访问身份验证在“HTTP身份验证:基本和摘要访问身份验证”中进行了说明
上述报价来自:
[编辑]
我没有读清楚你的帖子,我没有注意到你的客户是自己的过程 但我将留下以下文本,这是原始答案的一部分: 即使您的客户机和服务器在同一个应用程序中,也会收到一个外部http请求
@Path("/")
public class Employee {
@Inject
static EmployeeService employeeService;
@GET
@Path("/xml")
@Produces({ "application/xml" })
@RolesAllowed({"employee"})
public String getHelloWorldXML() {
return "<xml><result>" + employeeService.createHelloMessage("Employee") + "</result></xml>";
}
}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
<!-- An application that uses CDI must have a file named beans.xml.
The file can be completely empty (it has content only in certain
limited situations), but it must be present. -->
</beans>