Websphere Application Server安全REST API

时间:2015-05-06 05:55:54

标签: java security rest websphere

我想从Webpshere Application Server 8公开REST API。我能够在没有安全性的情况下成功公开REST端点。但是在添加安全性时,我得到404错误代码如下:

[5/6/15 7:44:20:369 CAT] 00000063 RequestProces I org.apache.wink.server.internal.RequestProcessor logException The following error occurred during the invocation of the handlers chain: WebApplicationException (404 - Not Found) with message 'null' while processing GET request sent to http://localhost:9080/StudentWeb/student/service/students/100

请找到使用的web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
  <servlet>
    <servlet-name>StudentWebServelet</servlet-name>
    <servlet-class>com.ibm.websphere.jaxrs.server.IBMRestServlet</servlet-class>
    <init-param>
        <param-name>javax.ws.rs.Application</param-name>
        <param-value>com.student.rest.StudentApplication</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>StudentWebServelet</servlet-name>
    <url-pattern>/student/*</url-pattern>       
  </servlet-mapping>
  <security-role>
    <description>Registered Users</description>
    <role-name>RegisteredUsers</role-name>
  </security-role>  
  <security-constraint>
    <display-name>StudentSecurity</display-name>
    <web-resource-collection>
        <web-resource-name>Student resource</web-resource-name>
        <url-pattern>/student/service/*</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>RegisteredUsers</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
</web-app>

2 个答案:

答案 0 :(得分:1)

我确实找到了解决方案。 我所有的安全资源路径都是&#34; / services / {resource name}&#34;。

@Path(值=&#34; /安全/学生&#34) public class StudentResource扩展AbstractResource {

@Inject
StudentBeanLocal studentBeanLocal;

}

不安全的资源将类似@path(value =&#34; / address&#34;)。

答案 1 :(得分:0)

您可以有两个servlet映射。一种用于安全API,另一种用于公共API。 使用对受保护的API进行身份验证,在该URL映射中提供API路径。

如果您有登录表单,请同时使用基于表单的身份验证。

相关问题
最新问题