Java 从JBOSS EAP 6.3中的servlet调用安全RESTEasy服务
我通过“安全约束”保护了我的RESTFul服务,该服务在web.xml中以servlet的形式被调用。但是,当servlet通过“安全约束”进行保护时,我不能从servlet调用该服务,当我对此进行注释时,我的服务不再受到保护,我可以从客户端调用该服务。请建议一种方法,使我可以保护我的服务,并仍然从servlet调用它 服务战争Java 从JBOSS EAP 6.3中的servlet调用安全RESTEasy服务,java,jboss7.x,resteasy,Java,Jboss7.x,Resteasy,我通过“安全约束”保护了我的RESTFul服务,该服务在web.xml中以servlet的形式被调用。但是,当servlet通过“安全约束”进行保护时,我不能从servlet调用该服务,当我对此进行注释时,我的服务不再受到保护,我可以从客户端调用该服务。请建议一种方法,使我可以保护我的服务,并仍然从servlet调用它 服务战争 ent_securityprefs_empService -src -com.xxxx.channel.employee.servi
ent_securityprefs_empService
-src
-com.xxxx.channel.employee.service
-Employee.java
-Employees.java
-EmployeeService.java
-com.xxxx.channel.employee.service.bean
-EmployeeBean.java
-WebContent
-WEB-INF
-beans.xml
-jboss-web.xml
-web.xml
-hello.jsp
Employee.java
@XmlRootElement
public class Employee {
private int empId;
private String empName;
private String empAddress;
public int getEmpId() {
return empId;
}
public void setEmpId(int empId) {
this.empId = empId;
}
public String getEmpName() {
return empName;
}
public void setEmpName(String empName) {
this.empName = empName;
}
public String getEmpAddress() {
return empAddress;
}
public void setEmpAddress(String empAddress) {
this.empAddress = empAddress;
}
}
Employees.java
@XmlRootElement
public class Employees {
private List<Employee> employee;
public List<Employee> getEmployee() {
return employee;
}
public void setEmployee(List<Employee> employee) {
this.employee = employee;
}
}
EmployeeBean.java
@ApplicationScoped
public class EmployeeBean implements Serializable{
private TreeMap employeeMap;
public EmployeeBean(){
employeeMap = new TreeMap();
}
public TreeMap getEmployeeMap() {
return employeeMap;
}
public void setEmployeeMap(TreeMap employeeMap) {
this.employeeMap = employeeMap;
}
}
beans.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
<!-- An application that uses CDI must have a file named beans.xml.
The file can be completely empty (it has content only in certain
limited situations), but it must be present. -->
</beans>
EmployeeServlet.java
@WebServlet("/EmployeeServlet")
public class EmployeeServlet extends HttpServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
PrintWriter pw=res.getWriter();
res.setContentType("text/xml");
try{
//Initiate a client request using the url as a parameter
ClientRequest request = new ClientRequest("http://localhost:8080/ent_securityprefs_empService/rest/employee/1111");
request.accept("application/xml");
//To get the response based on the request
ClientResponse<String> response = request.get(String.class);
//Check the HTTP status of the request
//HTTP 200 indicates the request is OK
if(response.getStatus() != 200){
throw new RuntimeException("Failed request with HTTP status: "+response.getStatus());
}
//If we get a good response, now let's read it
BufferedReader br = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(response.getEntity().getBytes())));
String output;
//Loop over the br in order to print out the contents
while((output = br.readLine()) != null){
pw.println(output);
}
} catch(ClientProtocolException cpe) {
System.err.println(cpe);
} catch(IOException ioe){
System.err.println(ioe);
} catch(Exception e){
System.err.println(e);
}
pw.close();
}
}
@WebServlet(“/EmployeeServlet”)
公共类EmployeeServlet扩展了HttpServlet{
受保护的void doGet(HttpServletRequest-req,HttpServletResponse-res)抛出ServletException,IOException{
PrintWriter pw=res.getWriter();
res.setContentType(“text/xml”);
试一试{
//使用url作为参数启动客户端请求
ClientRequest请求=新ClientRequest(“http://localhost:8080/ent_securityprefs_empService/rest/employee/1111");
请求。接受(“应用程序/xml”);
//根据请求获取响应
ClientResponse-response=request.get(String.class);
//检查请求的HTTP状态
//HTTP 200表示请求正常
if(response.getStatus()!=200){
抛出新的RuntimeException(“HTTP状态为+response.getStatus()的请求失败”);
}
//如果我们得到了很好的回应,现在让我们读一下
BufferedReader br=新的BufferedReader(新的InputStreamReader(新的ByteArrayInputStream(response.getEntity().getBytes()));
字符串输出;
//在br上循环以打印内容
而((output=br.readLine())!=null){
pw.println(输出);
}
}捕获(客户端协议异常cpe){
系统错误打印项次(cpe);
}捕获(ioe异常ioe){
系统错误打印项次(ioe);
}捕获(例外e){
系统错误println(e);
}
关闭();
}
}
jboss-deployment-structure.xml
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="com.xxxx.channel"/>
</dependencies>
</deployment>
</jboss-deployment-structure>
- 注
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/Employee</security-domain>
</jboss-web>
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/Employee</security-domain>
</jboss-web>
java:/jaas/Employee
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>ent_securityprefs_emp</display-name>
<context-param>
<param-name>resteasy.role.based.security</param-name>
<param-value>true</param-value>
</context-param>
<security-constraint>
<web-resource-collection>
<web-resource-name>EmployeeChannel</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>*</role-name>
</security-role>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
安全参考文件
resteasy.role.based.security
真的
雇员频道
/*
得到
邮递
*
基本的
*
index.jsp
index.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Employee Client</title>
</head>
<body>
<form action="EmployeeServlet">
<table>
<tr>
<input type="submit" value="Employee Record" />
</tr>
</table>
</form>
</body>
</html>
员工客户
服务器配置文件
- 注
<security-domain name="Employee" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.provider.url" value="ldap://ha-adds-global.xxxx.com:3268"/>
<module-option name="bindDN" value="CN=prodjbsvc,OU=ServiceAccounts,OU=NOPOL,dc=eagle,dc=xxxx,dc=com"/>
<module-option name="bindCredential" value="XQtU@1lc"/>
<module-option name="baseCtxDN" value="dc=eagle,dc=xxxx,dc=com"/>
<module-option name="baseFilter" value="(&(sAMAccountName={0})(memberOf=CN=XXXX ALL_CONTRACTORS,OU=GROUPS,OU=SMO,OU=COSAs,DC=eagle,DC=usaa,DC=com))"/>
<module-option name="rolesCtxDN" value="ou=COSAs,dc=eagle,dc=xxxx,dc=com"/>
<module-option name="roleFilter" value="(sAMAccountName={0})"/>
<module-option name="roleAttributeID" value="memberOf"/>
<module-option name="roleAttributeIsDN" value="true"/>
<module-option name="roleNameAttributeID" value="cn"/>
<module-option name="roleRecursion" value="-1"/>
<module-option name="searchScope" value="SUBTREE_SCOPE"/>
<module-option name="allowEmptyPasswords" value="false"/>
<module-option name="java.naming.referral" value="follow"/>
</login-module>
</authentication>
</security-domain>
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/Employee</security-domain>
</jboss-web>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>ent_securityprefs_emp</display-name>
<context-param>
<param-name>resteasy.role.based.security</param-name>
<param-value>true</param-value>
</context-param>
<security-constraint>
<web-resource-collection>
<web-resource-name>EmployeeChannel</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>*</role-name>
</security-role>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Employee Client</title>
</head>
<body>
<form action="EmployeeServlet">
<table>
<tr>
<input type="submit" value="Employee Record" />
</tr>
</table>
</form>
</body>
</html>
<security-domain name="Employee" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.provider.url" value="ldap://ha-adds-global.xxxx.com:3268"/>
<module-option name="bindDN" value="CN=prodjbsvc,OU=ServiceAccounts,OU=NOPOL,dc=eagle,dc=xxxx,dc=com"/>
<module-option name="bindCredential" value="XQtU@1lc"/>
<module-option name="baseCtxDN" value="dc=eagle,dc=xxxx,dc=com"/>
<module-option name="baseFilter" value="(&(sAMAccountName={0})(memberOf=CN=XXXX ALL_CONTRACTORS,OU=GROUPS,OU=SMO,OU=COSAs,DC=eagle,DC=usaa,DC=com))"/>
<module-option name="rolesCtxDN" value="ou=COSAs,dc=eagle,dc=xxxx,dc=com"/>
<module-option name="roleFilter" value="(sAMAccountName={0})"/>
<module-option name="roleAttributeID" value="memberOf"/>
<module-option name="roleAttributeIsDN" value="true"/>
<module-option name="roleNameAttributeID" value="cn"/>
<module-option name="roleRecursion" value="-1"/>
<module-option name="searchScope" value="SUBTREE_SCOPE"/>
<module-option name="allowEmptyPasswords" value="false"/>
<module-option name="java.naming.referral" value="follow"/>
</login-module>
</authentication>
</security-domain>