How to implementation Basic Auth at Server side in Java using RestEasy? I have attached my filter as Java Code.Sample code has been attached

huangapple go评论77阅读模式
英文:

How to implementation Basic Auth at Server side in Java using RestEasy? I have attached my filter as Java Code.Sample code has been attached

问题

@Provider
@Secured
@Priority(Priorities.AUTHENTICATION)
public class SecurityFilter implements ContainerRequestFilter {
    private static final String LOGGER_NAME = "SecurityFilter";
    private static final String CLASS_NAME = "SecurityFilter.java";

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        Logger.log(" requestContext: " + requestContext, LOGGER_NAME, CLASS_NAME, null, Logger.INFO, GroupId.ID);
        String authHeader = requestContext.getHeaderString("Authorization");
        if (authHeader == null || !authHeader.startsWith("Basic")) {
            requestContext.abortWith(Response.status(401).header("WWW-Authenticate", "Basic").build());
            return;
        }

        String[] tokens = (new String(Base64.getDecoder().decode(authHeader.split(" ")[1]), "UTF-8")).split(":");
        final String username = tokens[0];
        final String password = tokens[1];

        if (username.equals("admin") && password.equals("123")) {
            // all good
        } else {
            requestContext.abortWith(Response.status(401).entity("Incorrect username or pass").build());
            return;
        }
    }
}
<servlet-mapping>
    <servlet-name>AvApp</servlet-name>
    <url-pattern>/servicesyes/*</url-pattern>
</servlet-mapping>

<!-- this should be the same URL pattern as the servlet-mapping property -->
<context-param>
    <param-name>resteasy.servlet.mapping.prefix</param-name>
    <param-value>/servicesyes</param-value>
</context-param>

<context-param>
    <param-name>resteasy.scan</param-name>
    <param-value>true</param-value>
</context-param>
<context-param>
    <param-name>resteasy.providers</param-name>
    <param-value>in.avenues.exh.test.SecurityInterceptor</param-value>
</context-param>

<context-param>
    <param-name>resteasy.resources</param-name>
    <param-value>in.avenues.exh.controllers.RESTApi</param-value>
</context-param>
<context-param>
    <param-name>resteasy.role.based.security</param-name>
    <param-value>true</param-value>
</context-param>

<listener>
    <listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
</listener>

<servlet>
    <servlet-name>AvApp</servlet-name>
    <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
    <init-param>
        <param-name>javax.ws.rs.Application</param-name>
        <param-value>in.avenues.exh.controllers.RESTApi</param-value>
    </init-param>
</servlet>

<error-page>
    <error-code>401</error-code>
    <location>/error401.jsp</location>
</error-page>
<error-page>
    <error-code>500</error-code>
    <location>/exhouse/secure/exceptionHandler.jsp</location>
</error-page>

<error-page>
    <error-code>403</error-code>
    <location>/error403.html</location>
</error-page>

<error-page>
    <exception-type>javax.servlet.ServletException</exception-type>
    <location>/exhouse/secure/exceptionHandler.jsp</location>
</error-page>

<filter>
    <filter-name>SecurityFilter</filter-name>
    <filter-class>in.avenues.exh.controllers.SecurityFilter</filter-class>
    <init-param>
        <param-name>SecuritFilterAuth</param-name>
        <param-value>in.avenues.exh.controllers.RESTApi</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>SecurityFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>SecurityFilter</filter-name>
    <servlet-name>AvApp</servlet-name>
</filter-mapping>

<!-- Add Security for RESTful Web Services Using Basic Authentication  -->
<security-constraint>
    <web-resource-collection>
        <web-resource-name>AvApp</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
      
    <auth-constraint>
        <role-name>admin</role-name>
        <role-name>user</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>admin</realm-name>
</login-config>

<security-role>
    <role-name>admin</role-name>
</security-role>
<security-role>
    <role-name>user</role-name>
</security-role>

Note: The above content includes only the translated and formatted code parts from your input.

英文:
@Provider
@Secured
@Priority(Priorities.AUTHENTICATION)
public class SecurityFilter implements ContainerRequestFilter {
private static final String LOGGER_NAME  =&quot;SecurityFilter&quot;;
private static final String CLASS_NAME  =&quot;SecurityFilter.java&quot;;
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Logger.log(&quot; requestContext: &quot; + requestContext, LOGGER_NAME, CLASS_NAME, null, Logger.INFO, GroupId.ID);
String authHeader = requestContext.getHeaderString(&quot;Authorization&quot;);
if (authHeader == null || !authHeader.startsWith(&quot;Basic&quot;)) {
requestContext.abortWith(Response.status(401).header(&quot;WWW-Authenticate&quot;, &quot;Basic&quot;).build());
return;
}
String[] tokens = (new String(Base64.getDecoder().decode(authHeader.split(&quot; &quot;)[1]), &quot;UTF-8&quot;)).split(&quot;:&quot;);
final String username = tokens[0];
final String password = tokens[1];
if (username.equals(&quot;admin&quot;) &amp;&amp; password.equals(&quot;123&quot;)) {
// all good
}
else {
requestContext.abortWith(Response.status(401).entity(&quot;Incorrect username or pass&quot;).build());
return;
}
}
}

I am using RestEasy jar along with Java 1.8.
can anybody guide me ?
I have implemented the basic auth but its not working so look into this.

my Web.xml is given below

		&lt;servlet-name&gt;AvApp&lt;/servlet-name&gt;
&lt;url-pattern&gt;/servicesyes/*&lt;/url-pattern&gt;
&lt;/servlet-mapping&gt;
&lt;!-- this should be the same URL pattern as the servlet-mapping property --&gt;
&lt;context-param&gt;
&lt;param-name&gt;resteasy.servlet.mapping.prefix&lt;/param-name&gt;
&lt;param-value&gt;/servicesyes&lt;/param-value&gt;
&lt;/context-param&gt;
&lt;context-param&gt;
&lt;param-name&gt;resteasy.scan&lt;/param-name&gt;
&lt;param-value&gt;true&lt;/param-value&gt;
&lt;/context-param&gt;
&lt;context-param&gt;
&lt;param-name&gt;resteasy.providers&lt;/param-name&gt;
&lt;param-value&gt;in.avenues.exh.test.SecurityInterceptor&lt;/param-value&gt;
&lt;/context-param&gt;
&lt;context-param&gt;
&lt;param-name&gt;resteasy.resources&lt;/param-name&gt;
&lt;param-value&gt;in.avenues.exh.controllers.RESTApi&lt;/param-value&gt;
&lt;/context-param&gt;
&lt;context-param&gt;
&lt;param-name&gt;resteasy.role.based.security&lt;/param-name&gt;
&lt;param-value&gt;true&lt;/param-value&gt;
&lt;/context-param&gt;
&lt;listener&gt;
&lt;listener-class&gt;org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap&lt;/listener-class&gt;
&lt;/listener&gt;
&lt;servlet&gt;
&lt;servlet-name&gt;AvApp&lt;/servlet-name&gt;
&lt;servlet-class&gt;org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher&lt;/servlet-class&gt;
&lt;init-param&gt;
&lt;param-name&gt;javax.ws.rs.Application&lt;/param-name&gt;
&lt;param-value&gt;in.avenues.exh.controllers.RESTApi&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;/servlet&gt;
&lt;error-page&gt;
&lt;error-code&gt;401&lt;/error-code&gt;
&lt;location&gt;/error401.jsp&lt;/location&gt;
&lt;/error-page&gt;
&lt;error-page&gt;
&lt;error-code&gt;500&lt;/error-code&gt;
&lt;location&gt;/exhouse/secure/exceptionHandler.jsp&lt;/location&gt;
&lt;/error-page&gt;
&lt;error-page&gt;
&lt;error-code&gt;403&lt;/error-code&gt;
&lt;location&gt;/error403.html&lt;/location&gt;
&lt;/error-page&gt;
&lt;error-page&gt;
&lt;exception-type&gt;
javax.servlet.ServletException
&lt;/exception-type &gt;
&lt;location&gt;/exhouse/secure/exceptionHandler.jsp&lt;/location&gt;
&lt;/error-page&gt;
&lt;filter&gt;
&lt;filter-name&gt;SecurityFilter&lt;/filter-name&gt;
&lt;filter-class&gt;in.avenues.exh.controllers.SecurityFilter&lt;/filter-class&gt;
&lt;init-param&gt;
&lt;param-name&gt;SecuritFilterAuth&lt;/param-name&gt;
&lt;param-value&gt;in.avenues.exh.controllers.RESTApi&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;/filter&gt;
&lt;filter-mapping&gt;
&lt;filter-name&gt;SecurityFilter&lt;/filter-name&gt;
&lt;url-pattern&gt;/*&lt;/url-pattern&gt;
&lt;/filter-mapping&gt;
&lt;filter-mapping&gt;
&lt;filter-name&gt;SecurityFilter&lt;/filter-name&gt;
&lt;servlet-name&gt;AvApp&lt;/servlet-name&gt;
&lt;/filter-mapping&gt;
&lt;!-- Add Security for RESTful Web Services Using Basic Authentication  --&gt;
&lt;security-constraint&gt;
&lt;web-resource-collection&gt;
&lt;web-resource-name&gt;AvApp&lt;/web-resource-name&gt;
&lt;url-pattern&gt;/*&lt;/url-pattern&gt;
&lt;/web-resource-collection&gt;
&lt;auth-constraint&gt;
&lt;role-name&gt;admin&lt;/role-name&gt;
&lt;role-name&gt;admin&lt;/role-name&gt;
&lt;/auth-constraint&gt;
&lt;/security-constraint&gt;
&lt;login-config&gt;
&lt;auth-method&gt;BASIC&lt;/auth-method&gt;
&lt;realm-name&gt;admin&lt;/realm-name&gt;
&lt;/login-config&gt;
&lt;security-role&gt;
&lt;role-name&gt;admin&lt;/role-name&gt;
&lt;/security-role&gt;
&lt;security-role&gt;
&lt;role-name&gt;user&lt;/role-name&gt;
&lt;/security-role&gt;

This is the web.xml file data.
beside this I have my end point
I need to implement basic auth to my end point to provide security.
I tried hard have not found any solution.
The ContainerRequestFilter looks like this

答案1

得分: 1

如果您只想处理基本认证,那么没有必要自己实现过滤器。您可以使用服务器的内置机制,如此处所述:https://docs.jboss.org/resteasy/docs/4.5.6.Final/userguide/html/Securing_JAX-RS_and_RESTeasy.html。
在这种情况下,您可以配置一个安全域(例如,通过一个简单的 realm.properties 文件),如此处所述:https://wiki.eclipse.org/Jetty/Tutorial/Realms

我猜想问题可能是过滤器没有正确地在 RESTeasy 中注册。您还可以在实际的服务中使用 @Context(javax.ws.rs.core.Context)进行检查。这将安全上下文作为参数注入:

public void foo(@Context SecurityContext sc) {
  if (sc.isUserInRole(role))
    ...
  Principal p = sc.getUserPrincipal();
}

同样,@Context 可用于注入 Request 对象,使您可以访问基本认证头信息。

英文:

If you'd just like to handle basic auth, there's no reason to implement the filter yourself. You could just use the built-in mechanism of the server as described here:
https://docs.jboss.org/resteasy/docs/4.5.6.Final/userguide/html/Securing_JAX-RS_and_RESTeasy.html.
In this case, you configure a security realm (e.g. via a simple realm.properties file) as described here: https://wiki.eclipse.org/Jetty/Tutorial/Realms

I guess is that the filter is not registered with RESTeasy correctly. What you could also do is to do a check in the actual service using the @Context (javax.ws.rs.core.Context). This injects the security context as a parameter:

public void foo(@Context SecurityContext sc) {
if (sc.isUserInRole(role))
...
Principal p = sc.getUserPrincipal();
}

Likewise @Context can you be used to inject the Request object giving you access to the basic auth header.

huangapple
  • 本文由 发表于 2020年8月14日 21:34:15
  • 转载请务必保留本文链接:https://go.coder-hub.com/63413818.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定