如何使用Jetty提示用户进行基本身份验证

huangapple go评论72阅读模式
英文:

How to prompt User for Basic Auth using Jetty

问题

以下是翻译好的部分:

我的目标是通过编程方式配置Jetty服务器以进行基本身份验证。当使用类似Postman的REST客户端并始终发送身份验证标头时,我已成功使身份验证工作,但我希望用户在打开页面时使用浏览器的原生登录提示进行输入。

以下是我的当前状态的代码。响应(401)和标头确实包括“WWW-Authenticate: basic realm =“thwCopRealm””,所以我不明白为什么用户没有被提示输入。

您能帮助我配置服务器,以便用户将被提示使用浏览器的原生登录提示登录吗?

Server server = new Server(8080);

HashLoginService loginService = new HashLoginService();
loginService.setName(REALM);
loginService.setConfig(Main.class.getResource("/users.txt").toString());

Constraint constraint = new Constraint(Constraint.__BASIC_AUTH, Roles.USER);
constraint.setAuthenticate(true);

ConstraintMapping constraintMapping = new ConstraintMapping();
constraintMapping.setConstraint(constraint);
constraintMapping.setPathSpec("/*");

ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
securityHandler.setAuthenticator(new BasicAuthenticator());
securityHandler.setRealmName(REALM);
securityHandler.setLoginService(loginService);
securityHandler.addRole(Roles.ADMIN);
securityHandler.addRole(Roles.USER);
securityHandler.addConstraintMapping(constraintMapping);

ExampleServlet copServlet = new ExampleServlet();
ServletHolder copServletHolder = new ServletHolder(copServlet);
        
ServletContextHandler handler = new ServletContextHandler();
handler.addServlet(copServletHolder, "/cop");        
handler.setSecurityHandler(securityHandler);

server.addBean(loginService);
server.setHandler(handler);

请注意,这只是代码的翻译部分,不包括其他问题的解释或回答。

英文:

My aim is to programatically configure a Jetty Server with BASIC authentication. I have managed to get the authentication working when using a REST client like Postman and always sending the authentication header, but I would like the user to be prompted for input using the browaswers native login prompt if they open the page.

The code below is my current status. The response (401) and headers do include "WWW-Authenticate: basic realm="thwCopRealm"", so I do not understand why the user is not being prompted for input.

Can you please help me to configure the server such that the user will be prompted to login using the browsers native login prompt?

Server server = new Server(8080);

HashLoginService loginService = new HashLoginService();
loginService.setName(REALM);
loginService.setConfig(Main.class.getResource("/users.txt").toString());

Constraint constraint = new Constraint(Constraint.__BASIC_AUTH, Roles.USER);
constraint.setAuthenticate(true);

ConstraintMapping constraintMapping = new ConstraintMapping();
constraintMapping.setConstraint(constraint);
constraintMapping.setPathSpec("/*");

ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
securityHandler.setAuthenticator(new BasicAuthenticator());
securityHandler.setRealmName(REALM);
securityHandler.setLoginService(loginService);
securityHandler.addRole(Roles.ADMIN);
securityHandler.addRole(Roles.USER);
securityHandler.addConstraintMapping(constraintMapping);

ExampleServlet copServlet = new ExampleServlet();
ServletHolder copServletHolder = new ServletHolder(copServlet);
    
ServletContextHandler handler = new ServletContextHandler();
handler.addServlet(copServletHolder, "/cop");        
handler.setSecurityHandler(securityHandler);

server.addBean(loginService);
server.setHandler(handler);

答案1

得分: 0

以下是要翻译的内容:

在发布这个问题后不久,我发现我们的域管理员已经出于安全考虑禁用了我们PC上的基本身份验证提示(这是有道理的)。

通过修改两行代码,我实现了我的目标:将其更改为摘要而不是基本。

Constraint constraint = new Constraint(Constraint.__DIGEST_AUTH, Roles.USER);
securityHandler.setAuthenticator(new DigestAuthenticator());

背景是基本身份验证在许多情况下都非常不安全。很容易丢失登录数据,任何值得信赖的服务器都应该使用更安全的方式。

英文:

And minutes after posting this question I found out that my Domain Admins have disabled Basic authentication prompts on our PCs for security (which makes sense).

I achieved my goals by modifying two lines: to be Digest instead of Basic.

Constraint constraint = new Constraint(Constraint.__DIGEST_AUTH, Roles.USER);
securityHandler.setAuthenticator(new DigestAuthenticator());

The background is that Basic is very insecure in many situations. Its far too easy to lose login data, and any reputable server should be using something more secure.

huangapple
  • 本文由 发表于 2023年4月17日 16:02:01
  • 转载请务必保留本文链接:https://go.coder-hub.com/76032897.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定