如何使用RestEasy在Java服务器端实现基本身份验证？我已将过滤器附加为Java Code.Sample代码已附加

如何解决如何使用RestEasy在Java服务器端实现基本身份验证？我已将过滤器附加为Java Code.Sample代码已附加

@Provider
@Secured
@Priority(Priorities.AUTHENTICATION)
public class SecurityFilter implements ContainerRequestFilter {
    private static final String LOGGER_NAME  ="SecurityFilter";
    private static final String CLASS_NAME  ="SecurityFilter.java";

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        Logger.log(" requestContext: " + requestContext,LOGGER_NAME,CLASS_NAME,null,Logger.INFO,GroupId.ID);
        String authHeader = requestContext.getHeaderString("Authorization");
        if (authHeader == null || !authHeader.startsWith("Basic")) {
            requestContext.abortWith(Response.status(401).header("WWW-Authenticate","Basic").build());
            return;
        }

        String[] tokens = (new String(Base64.getDecoder().decode(authHeader.split(" ")[1]),"UTF-8")).split(":");
        final String username = tokens[0];
        final String password = tokens[1];

        if (username.equals("admin") && password.equals("123")) {
            // all good
        }
        else {
            requestContext.abortWith(Response.status(401).entity("Incorrect username or pass").build());
            return;
        }
    }

}

我正在将RestEasy jar和Java 1.8一起使用。有人可以指导我吗？我已经实现了基本身份验证，但是它无法正常工作，因此请仔细阅读。

我的Web.xml在下面给出

        <servlet-name>AvApp</servlet-name>
        <url-pattern>/servicesyes/*</url-pattern>
    </servlet-mapping>
    
    <!-- this should be the same URL pattern as the servlet-mapping property -->
     <context-param>
        <param-name>resteasy.servlet.mapping.prefix</param-name>
        <param-value>/servicesyes</param-value>
    </context-param>
    
    <context-param>
        <param-name>resteasy.scan</param-name>
        <param-value>true</param-value>
    </context-param>
    <context-param>
        <param-name>resteasy.providers</param-name>
        <param-value>in.avenues.exh.test.SecurityInterceptor</param-value>
    </context-param>
    
    <context-param>
        <param-name>resteasy.resources</param-name>
        <param-value>in.avenues.exh.controllers.RESTApi</param-value>
    </context-param>
    <context-param>
      <param-name>resteasy.role.based.security</param-name>
      <param-value>true</param-value>
   </context-param>
   
   <listener>
      <listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
   </listener>
    
    <servlet>
        <servlet-name>AvApp</servlet-name>
        <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
        <init-param>
            <param-name>javax.ws.rs.Application</param-name>
            <param-value>in.avenues.exh.controllers.RESTApi</param-value>
        </init-param>
    </servlet>
    
    <error-page>
        <error-code>401</error-code>
        <location>/error401.jsp</location>
    </error-page>
    <error-page>
        <error-code>500</error-code>
        <location>/exhouse/secure/exceptionHandler.jsp</location>
    </error-page>

    <error-page>
        <error-code>403</error-code>
        <location>/error403.html</location>
    </error-page>

    <error-page>
        <exception-type>
            javax.servlet.ServletException
        </exception-type >
        <location>/exhouse/secure/exceptionHandler.jsp</location>
    </error-page>
    
    <filter>
         <filter-name>SecurityFilter</filter-name>
        <filter-class>in.avenues.exh.controllers.SecurityFilter</filter-class>
        <init-param>
            <param-name>SecuritFilterAuth</param-name>
            <param-value>in.avenues.exh.controllers.RESTApi</param-value>
        </init-param>
    </filter>
    <filter-mapping>
            <filter-name>SecurityFilter</filter-name>
            <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
         <filter-name>SecurityFilter</filter-name>
        <servlet-name>AvApp</servlet-name>
    </filter-mapping>
    
    <!-- Add Security for RESTful Web Services Using Basic Authentication  -->
<security-constraint>
      <web-resource-collection>
         <web-resource-name>AvApp</web-resource-name>
         <url-pattern>/*</url-pattern>
      </web-resource-collection>
      
       <auth-constraint>
         <role-name>admin</role-name>
         <role-name>admin</role-name>
      </auth-constraint>
  </security-constraint>

   <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>admin</realm-name>
   </login-config>

   <security-role>
      <role-name>admin</role-name>
   </security-role>
   <security-role>
      <role-name>user</role-name>
   </security-role>

这是web.xml文件数据。除此之外，我还有我的终点我需要在终端实现基本身份验证以提供安全性。我尽力没有找到任何解决方案。 ContainerRequestFilter看起来像这样

解决方法

如果您只想处理基本身份验证，则无需自己实施过滤器。您可以按照以下说明使用服务器的内置机制： https://docs.jboss.org/resteasy/docs/4.5.6.Final/userguide/html/Securing_JAX-RS_and_RESTeasy.html。在这种情况下，您可以按照以下说明配置安全领域（例如，通过简单的realm.properties文件）：https://wiki.eclipse.org/Jetty/Tutorial/Realms

我猜想该过滤器未正确在RESTeasy中注册。您还可以使用@Context（javax.ws.rs.core.Context）来检查实际服务。这会将安全性上下文作为参数注入：

public void foo(@Context SecurityContext sc) {
  if (sc.isUserInRole(role))
    ...
  Principal p = sc.getUserPrincipal();
}

就像@Context一样，您可以用来注入Request对象，从而使您可以访问基本的auth标头。

如何使用RestEasy在Java服务器端实现基本身份验证？我已将过滤器附加为Java Code.Sample代码已附加

如何解决如何使用RestEasy在Java服务器端实现基本身份验证？我已将过滤器附加为Java Code.Sample代码已附加

解决方法

相关推荐