问题描述

我已经使用JAX-RS，Jersey和Grizzly编写了一个简单的REST服务器.这是我启动服务器的方式:

I've written a simple REST server using JAX-RS, Jersey and Grizzly. This is how I start the server:

URI baseUri = UriBuilder.fromUri("http://localhost/api")
                        .port(8081)
                        .build();

ResourceConfig rc = new PackagesResourceConfig("se.aioobe.resources");
HttpServer httpServer = GrizzlyServerFactory.createHttpServer(baseUri, rc);

现在，我需要使用基本HTTP身份验证来保护资源，但我不知道该怎么做.

Now I need to protect the resources using Basic HTTP authentication, and I can't figure out how to do this.

如果更易于使用，我可以从Grizzly切换到Jetty，但我确实很看重Grizzly提供的简单配置/启动.

I can switch from Grizzly to for instance Jetty if it is simpler to get it to work, but I really value the simple configuration / start up that Grizzly provides.

我已经阅读了很多教程.他们都提到了web.xml，但是在我当前的配置中，我没有一个. (我需要为HTTP身份验证添加一个吗?)我发现以下 问题，它们都不起作用:-(

I've read a lot of tutorials. They all mention the web.xml but in my current configuration I don't have one. (Do I need to add one for HTTP authentication?) I've found the following questions, neither of them is of any help :-(

(目前不需要SSL.目前的身份验证仅是为了防止公众窥视我们的Beta.)

(No SSL required at this point. The authentication is at this point just to prevent the public from peeking at our beta.)

TL; DR :如何向Jersey/Grizzly Webapp添加基本的HTTP身份验证?

TL;DR: How do I add basic HTTP authentication to a Jersey / Grizzly webapp?

推荐答案

基于此博客文章.

我的解决方案涉及:

• Maven工件:
  • jersey-server(v 1.17)
  • jersey-grizzly2(v 1.17)
  • Maven artifacts:
    • jersey-server (v 1.17)
    • jersey-grizzly2 (v 1.17)

    我创建了这个ContainerRequestFilter:

    public class AuthFilter implements ContainerRequestFilter {
    
        // Exception thrown if user is unauthorized.
        private final static WebApplicationException unauthorized =
           new WebApplicationException(
               Response.status(Status.UNAUTHORIZED)
                       .header(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"realm\"")
                       .entity("Page requires login.").build());
    
        @Override
        public ContainerRequest filter(ContainerRequest containerRequest)
                throws WebApplicationException {
    
            // Automatically allow certain requests.
            String method = containerRequest.getMethod();
            String path = containerRequest.getPath(true);
            if (method.equals("GET") && path.equals("application.wadl"))
                return containerRequest;
    
            // Get the authentication passed in HTTP headers parameters
            String auth = containerRequest.getHeaderValue("authorization");
            if (auth == null)
                throw unauthorized;
    
            auth = auth.replaceFirst("[Bb]asic ", "");
            String userColonPass = Base64.base64Decode(auth);
    
            if (!userColonPass.equals("admin:toHah1ooMeor6Oht"))
                throw unauthorized;
    
            return containerRequest;
        }
    }
    

    然后我更改了启动代码以包括过滤器:

    And I then changed the startup code to include the filter:

    URI baseUri = UriBuilder.fromUri("http://localhost/api")
                            .port(8081)
                            .build();
    
    ResourceConfig rc = new PackagesResourceConfig("se.aioobe.resources");
    
    // Add AuthFilter ////////////
    rc.getProperties().put("com.sun.jersey.spi.container.ContainerRequestFilters",
                           "<YOUR PACKAGE FOR AuthFilter>.AuthFilter");
    //////////////////////////////
    
    HttpServer httpServer = GrizzlyServerFactory.createHttpServer(baseUri, rc);
    

    这篇关于使用Jersey/Grizzly的基本HTTP身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！