Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

java在RestEasy和Tomcat中处理基本/base64安全401异常

1 年,3 月 Questions & Answers

有很多方法可以为REST(easy)服务提供良好的安全性。我已经试过了。在这种情况下,只需要基本身份验证。所以,不是基于登录、请求过滤器等。请关注这个例子

在为一个RestEasy“post”方法添加安全性的同时,我不断收到401个异常。我怎样才能安全地访问“帖子”?我使用了Adam Bien/Atjem König的认证码

没有网络上的安全设置。xml我可以正常访问,所以部分代码工作正常。 我不需要/不想要中间有任何登录屏幕

Tomcat用户:conf/Tomcat用户。xml:

 <user username="wineuser" password="winepass" roles="winer"/>

网络。xml文件:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>wine secret</web-resource-name>
        <url-pattern>/rest/wines/secret</url-pattern>
        <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>winer</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
</login-config>
<security-role>
    <role-name>winer</role-name>
</security-role>

应用程序类别:

@ApplicationPath("/rest")
public class RestEasyWineServices extends Application {
}

验证器UTIL:

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientRequestFilter;
import javax.ws.rs.core.MultivaluedMap;
import javax.xml.bind.DatatypeConverter;

public class Authenticator implements ClientRequestFilter {
    private final String user;
    private final String password;
    public Authenticator(String user, String password) {
        this.user = user;
        this.password = password;
    }
    public void filter(ClientRequestContext requestContext) throws IOException {
        MultivaluedMap<String, Object> headers = requestContext.getHeaders();
        final String basicAuthentication = getBasicAuthentication();
        headers.add("Authorization", basicAuthentication);
    }
    private String getBasicAuthentication() {
        String token = this.user + ":" + this.password;
        try {
            return "Basic " +
                 DatatypeConverter.printBase64Binary(token.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException ex) {
            throw new IllegalStateException("Cannot encode with UTF-8", ex);
        }
    }
}

资源类和方法:

@Path("/wines")
public class WineResource {
    ...
    @POST @Path("secret")
    @Produces({ MediaType.APPLICATION_JSON })
    @Consumes({ MediaType.APPLICATION_JSON})
    public Wine echoPostWineSecret( Wine inputWine2) {
        System.out.println( "Server: **SECRET** post (" + inputWine2 + ")");
        inputWine2 = dao.create(inputWine2);
        return inputWine2;
    }
}

客户端类:

Client clientSecret = ClientBuilder.newClient().register(new Authenticator( "wineuser", "winepass"));
WebTarget targetSecret = clientSecret.target("http://localhost:8080").path("/RestRestEasyJquerySqlite2Hibernate/rest/wines");

wine.setId( 1231);
wine.setName( "secret wine name_" + dateKey);
wine.setCountry( "secret wine country_" + dateKey);
wine.setGrapes( "secret wine grapes_" + dateKey);
wine.setRegion( "secret wine region_" + dateKey);
try { 
    wine = targetSecret.path( "secret").request( MediaType.APPLICATION_JSON_TYPE).post( Entity.entity( wine, MediaType.APPLICATION_JSON_TYPE), Wine.class);
    System.out.println( "SECRET created wine: " + wine);
} catch( Exception e) {
    System.out.println( "ERROR: Back on the client: exception");
    e.printStackTrace();
}

共 (1) 个答案

  1. # 1 楼答案

    引用的软件是正确的。部署是错误的

    获取401异常的问题是,该软件部署在与Eclipse链接的私有Tomcat服务器上。在该服务器上,没有对用户进行任何配置

    问题的解决方案是将WAR文件导出到单独的Tomcat服务器。在这个Tomcat服务器上,我通过Tomcat用户配置文件配置了用户