Question

我正在将Restlet从1.2迁移到2.2.3，并发现Guard现已弃用。我开始使用ChallengeAuthenticator（HTTP_BASIC方案）。问题出在这里，我曾经扩展Guard类并覆盖checkSecret方法来授权应用程序特定的凭据。

public class AgentAuthenticationGuard extends Guard {

public AgentAuthenticationGuard(Context context, ChallengeScheme scheme,
        String realm) throws IllegalArgumentException {
    super(context, scheme, realm);
}

 public boolean checkSecret(Request request, String identifier, char[] secret) {
     return SecurityHelper.authorizeAgent( identifier, new String(secret) );
 }

}

如果我想用ChallengeRequester替换Guard，我应该覆盖哪种方法？认证？我如何获得标识符和秘密？

Answer 1

为跳得太快而道歉。我想我已整理好了。我创建了ChallengeAuthenticator，如下所示

 private ChallengeAuthenticator createAuthenticator() {
    Context context = getContext();
    ChallengeScheme challengeScheme = ChallengeScheme.HTTP_BASIC;
    String realm = "my-web";

    MapVerifier verifier = new MapVerifier();
    verifier.getLocalSecrets().put("user", "password".toCharArray());

    ChallengeAuthenticator authWithChallenge= new ChallengeAuthenticator(context, challengeScheme, realm) {
        @Override
        protected int beforeHandle(Request request, Response response) {
            ChallengeResponse challengeResponse =  request.getChallengeResponse();
            boolean authorized = SecurityHelper.authorizeAgent( challengeResponse.getIdentifier(), new String(challengeResponse.getSecret()) );
            if(authorized)
            {
                response.setStatus(Status.SUCCESS_OK);
                return CONTINUE;
            }

            logger.info("Invalid Credentials!!!");
            return STOP;

        }
    };

    return authWithChallenge;
}

谢谢 https://www.programcreek.com/java-api-examples/index.php?api=org.restlet.security.ChallengeAuthenticator

从Restlet 1.x迁移到2.x.

1 个答案: