英文:
How to implementation Basic Auth at Server side in Java using RestEasy? I have attached my filter as Java Code.Sample code has been attached
问题
@Provider
@Secured
@Priority(Priorities.AUTHENTICATION)
public class SecurityFilter implements ContainerRequestFilter {
private static final String LOGGER_NAME = "SecurityFilter";
private static final String CLASS_NAME = "SecurityFilter.java";
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Logger.log(" requestContext: " + requestContext, LOGGER_NAME, CLASS_NAME, null, Logger.INFO, GroupId.ID);
String authHeader = requestContext.getHeaderString("Authorization");
if (authHeader == null || !authHeader.startsWith("Basic")) {
requestContext.abortWith(Response.status(401).header("WWW-Authenticate", "Basic").build());
return;
}
String[] tokens = (new String(Base64.getDecoder().decode(authHeader.split(" ")[1]), "UTF-8")).split(":");
final String username = tokens[0];
final String password = tokens[1];
if (username.equals("admin") && password.equals("123")) {
// all good
} else {
requestContext.abortWith(Response.status(401).entity("Incorrect username or pass").build());
return;
}
}
}
<servlet-mapping>
<servlet-name>AvApp</servlet-name>
<url-pattern>/servicesyes/*</url-pattern>
</servlet-mapping>
<!-- this should be the same URL pattern as the servlet-mapping property -->
<context-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
<param-value>/servicesyes</param-value>
</context-param>
<context-param>
<param-name>resteasy.scan</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>resteasy.providers</param-name>
<param-value>in.avenues.exh.test.SecurityInterceptor</param-value>
</context-param>
<context-param>
<param-name>resteasy.resources</param-name>
<param-value>in.avenues.exh.controllers.RESTApi</param-value>
</context-param>
<context-param>
<param-name>resteasy.role.based.security</param-name>
<param-value>true</param-value>
</context-param>
<listener>
<listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
</listener>
<servlet>
<servlet-name>AvApp</servlet-name>
<servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>in.avenues.exh.controllers.RESTApi</param-value>
</init-param>
</servlet>
<error-page>
<error-code>401</error-code>
<location>/error401.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/exhouse/secure/exceptionHandler.jsp</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/error403.html</location>
</error-page>
<error-page>
<exception-type>javax.servlet.ServletException</exception-type>
<location>/exhouse/secure/exceptionHandler.jsp</location>
</error-page>
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>in.avenues.exh.controllers.SecurityFilter</filter-class>
<init-param>
<param-name>SecuritFilterAuth</param-name>
<param-value>in.avenues.exh.controllers.RESTApi</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<servlet-name>AvApp</servlet-name>
</filter-mapping>
<!-- Add Security for RESTful Web Services Using Basic Authentication -->
<security-constraint>
<web-resource-collection>
<web-resource-name>AvApp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>admin</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
Note: The above content includes only the translated and formatted code parts from your input.
英文:
@Provider
@Secured
@Priority(Priorities.AUTHENTICATION)
public class SecurityFilter implements ContainerRequestFilter {
private static final String LOGGER_NAME ="SecurityFilter";
private static final String CLASS_NAME ="SecurityFilter.java";
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Logger.log(" requestContext: " + requestContext, LOGGER_NAME, CLASS_NAME, null, Logger.INFO, GroupId.ID);
String authHeader = requestContext.getHeaderString("Authorization");
if (authHeader == null || !authHeader.startsWith("Basic")) {
requestContext.abortWith(Response.status(401).header("WWW-Authenticate", "Basic").build());
return;
}
String[] tokens = (new String(Base64.getDecoder().decode(authHeader.split(" ")[1]), "UTF-8")).split(":");
final String username = tokens[0];
final String password = tokens[1];
if (username.equals("admin") && password.equals("123")) {
// all good
}
else {
requestContext.abortWith(Response.status(401).entity("Incorrect username or pass").build());
return;
}
}
}
I am using RestEasy jar along with Java 1.8.
can anybody guide me ?
I have implemented the basic auth but its not working so look into this.
my Web.xml is given below
<servlet-name>AvApp</servlet-name>
<url-pattern>/servicesyes/*</url-pattern>
</servlet-mapping>
<!-- this should be the same URL pattern as the servlet-mapping property -->
<context-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
<param-value>/servicesyes</param-value>
</context-param>
<context-param>
<param-name>resteasy.scan</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>resteasy.providers</param-name>
<param-value>in.avenues.exh.test.SecurityInterceptor</param-value>
</context-param>
<context-param>
<param-name>resteasy.resources</param-name>
<param-value>in.avenues.exh.controllers.RESTApi</param-value>
</context-param>
<context-param>
<param-name>resteasy.role.based.security</param-name>
<param-value>true</param-value>
</context-param>
<listener>
<listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
</listener>
<servlet>
<servlet-name>AvApp</servlet-name>
<servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>in.avenues.exh.controllers.RESTApi</param-value>
</init-param>
</servlet>
<error-page>
<error-code>401</error-code>
<location>/error401.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/exhouse/secure/exceptionHandler.jsp</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/error403.html</location>
</error-page>
<error-page>
<exception-type>
javax.servlet.ServletException
</exception-type >
<location>/exhouse/secure/exceptionHandler.jsp</location>
</error-page>
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>in.avenues.exh.controllers.SecurityFilter</filter-class>
<init-param>
<param-name>SecuritFilterAuth</param-name>
<param-value>in.avenues.exh.controllers.RESTApi</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<servlet-name>AvApp</servlet-name>
</filter-mapping>
<!-- Add Security for RESTful Web Services Using Basic Authentication -->
<security-constraint>
<web-resource-collection>
<web-resource-name>AvApp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>admin</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
This is the web.xml file data.
beside this I have my end point
I need to implement basic auth to my end point to provide security.
I tried hard have not found any solution.
The ContainerRequestFilter looks like this
答案1
得分: 1
如果您只想处理基本认证,那么没有必要自己实现过滤器。您可以使用服务器的内置机制,如此处所述:https://docs.jboss.org/resteasy/docs/4.5.6.Final/userguide/html/Securing_JAX-RS_and_RESTeasy.html。
在这种情况下,您可以配置一个安全域(例如,通过一个简单的 realm.properties 文件),如此处所述:https://wiki.eclipse.org/Jetty/Tutorial/Realms
我猜想问题可能是过滤器没有正确地在 RESTeasy 中注册。您还可以在实际的服务中使用 @Context(javax.ws.rs.core.Context)进行检查。这将安全上下文作为参数注入:
public void foo(@Context SecurityContext sc) {
if (sc.isUserInRole(role))
...
Principal p = sc.getUserPrincipal();
}
同样,@Context 可用于注入 Request 对象,使您可以访问基本认证头信息。
英文:
If you'd just like to handle basic auth, there's no reason to implement the filter yourself. You could just use the built-in mechanism of the server as described here:
https://docs.jboss.org/resteasy/docs/4.5.6.Final/userguide/html/Securing_JAX-RS_and_RESTeasy.html.
In this case, you configure a security realm (e.g. via a simple realm.properties file) as described here: https://wiki.eclipse.org/Jetty/Tutorial/Realms
I guess is that the filter is not registered with RESTeasy correctly. What you could also do is to do a check in the actual service using the @Context (javax.ws.rs.core.Context). This injects the security context as a parameter:
public void foo(@Context SecurityContext sc) {
if (sc.isUserInRole(role))
...
Principal p = sc.getUserPrincipal();
}
Likewise @Context can you be used to inject the Request object giving you access to the basic auth header.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论