Java Jersey webservice基本身份验证不要求输入用户名和密码
我已经实现了jersey Web服务,并试图通过在有人从浏览器调用Web服务时询问用户名和密码来验证Web服务。我不确定下面的代码中缺少了什么,当有人调用webservice URL时,它不是请求凭据,而是直接提交到下面的AuthFilter类。请帮助查找问题。下面是代码。 我还添加了我先前使用的CXF身份验证,我现在正试图用jersey实现 AuthFilter类 Web.xml.servlet映射 CXF基本身份验证 公共类AuthenticationFilter实现RequestHandler { 专用静态记录器Logger=Logger.getLoggerAuthenticationFilter.classJava Jersey webservice基本身份验证不要求输入用户名和密码,java,web-services,rest,jersey,jersey-client,Java,Web Services,Rest,Jersey,Jersey Client,我已经实现了jersey Web服务,并试图通过在有人从浏览器调用Web服务时询问用户名和密码来验证Web服务。我不确定下面的代码中缺少了什么,当有人调用webservice URL时,它不是请求凭据,而是直接提交到下面的AuthFilter类。请帮助查找问题。下面是代码。 我还添加了我先前使用的CXF身份验证,我现在正试图用jersey实现 AuthFilter类 Web.xml.servlet映射 CXF基本身份验证 公共类AuthenticationFilter实现RequestHandl
private static final String RIGHT_INVOKE_WEBSERVICE = "INVOKE_WEBSERVICE";
@Autowired
private UserInfoService userInfoService;
public Response handleRequest(Message request, ClassResourceInfo resourceClass) {
AuthorizationPolicy policy = (AuthorizationPolicy) request.get(AuthorizationPolicy.class);
if (policy == null) {
// issue an authentication challenge to give invoker a chance to reply with credentials
// (this is useful if web service is being called from a browser)
return Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic").build();
}
// check authorization realm - we currently only support Basic authentication
String realm = policy.getAuthorizationType();
if (!"Basic".equalsIgnoreCase(realm)) {
return Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic").build();
}
final String username = policy.getUserName();
final String password = policy.getPassword();
try {
boolean isRightExists = false;
DetailedUser detailedUser = userInfoService.readUserInfoAsUser(username, password);
if (detailedUser != null) {
Set<String> rights = detailedUser.getRights();
for (String right : rights) {
//TODO: We have additional rights to check
if (RIGHT_INVOKE_WEBSERVICE.equalsIgnoreCase(right)) {
isRightExists = true;
}
}
}
if (!isRightExists) {
return ErrorFactory.newFault(CommonError.ACCESS_DENIED);
}
} catch (AuthenticationException ae) {
return ErrorFactory.newFault(CommonError.AUTHENTICATION_FAILED);
}
return null;
}
您似乎混淆了基本身份验证和表单身份验证。基本身份验证使用标题,而表单身份验证显示登录表单。基本身份验证基于以下标题:
WWW-Authenticate
我知道表单身份验证,我不是在寻找表单身份验证,我曾经使用CXF进行身份验证。这对我们来说很好。我清楚地提到,当有人调用webservice时,它应该提供带有用户名和密码的弹出窗口。@user3157090 Basic auth不需要用户名和密码,而是需要提到的标题使用加密用户名和密码作为值,我刚刚添加了用于CXF的代码。请在底部输入我的代码。CXF基本身份验证。我们仅从标题获取用户名和密码,但当一些人调用Web服务时,它会要求弹出用户名和密码。
<servlet>
<servlet-name>restwebservice</servlet-name>
<servlet-class>
com.sun.jersey.spi.spring.container.servlet.SpringServlet
</servlet-class>
<init-param>
<param-name>com.sun.jersey.spi.container.ContainerRequestFilters</param-name>
<param-value>com.sun.jersey.api.container.filter.LoggingFilter;com.guthyrenker.inventory.ws.rest.v1.security.AuthFilter</param-value>
</init-param>
<init-param>
<param-name>
com.sun.jersey.config.property.packages
</param-name>
<param-value>com.guthyrenker.inventory.ws.rest.v1.service</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>restwebservice</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
private static final String RIGHT_INVOKE_WEBSERVICE = "INVOKE_WEBSERVICE";
@Autowired
private UserInfoService userInfoService;
public Response handleRequest(Message request, ClassResourceInfo resourceClass) {
AuthorizationPolicy policy = (AuthorizationPolicy) request.get(AuthorizationPolicy.class);
if (policy == null) {
// issue an authentication challenge to give invoker a chance to reply with credentials
// (this is useful if web service is being called from a browser)
return Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic").build();
}
// check authorization realm - we currently only support Basic authentication
String realm = policy.getAuthorizationType();
if (!"Basic".equalsIgnoreCase(realm)) {
return Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic").build();
}
final String username = policy.getUserName();
final String password = policy.getPassword();
try {
boolean isRightExists = false;
DetailedUser detailedUser = userInfoService.readUserInfoAsUser(username, password);
if (detailedUser != null) {
Set<String> rights = detailedUser.getRights();
for (String right : rights) {
//TODO: We have additional rights to check
if (RIGHT_INVOKE_WEBSERVICE.equalsIgnoreCase(right)) {
isRightExists = true;
}
}
}
if (!isRightExists) {
return ErrorFactory.newFault(CommonError.ACCESS_DENIED);
}
} catch (AuthenticationException ae) {
return ErrorFactory.newFault(CommonError.AUTHENTICATION_FAILED);
}
return null;
}
WWW-Authenticate