我有一个使用CXF的REST服务,我还放置了一个拦截器来检查基本身份验证。当我尝试从浏览器访问REST服务URL时,我确实收到了拦截器抛出的消息。但我期待正常的登录弹出窗口。
REST服务URL
http://localhost:8080/SpringRestBasicAuth/api/bookservice/books/1234
访问REST服务URL时出现错误消息:
<ns1:XMLFault xmlns:ns1="http://cxf.apache.org/bindings/xformat">
<ns1:faultstring xmlns:ns1="http://cxf.apache.org/bindings/xformat">java.lang.RuntimeException: 401 UNAUTHORIZED</ns1:faultstring>
</ns1:XMLFault>
CXF Servlet.XML
<jaxrs:server id="bookService" address="/bookservice">
<jaxrs:serviceBeans>
<ref bean="bs"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean='jsonProvider' />
</jaxrs:providers>
<jaxrs:inInterceptors>
<ref bean="logininterceptor" />
</jaxrs:inInterceptors>
</jaxrs:server>
<bean id="logininterceptor" class="org.gsdev.ws.bookservice.interceptor.AuthenticatorInterceptor"/>
AuthenticatorInterceptor类
public class AuthenticatorInterceptor extends AbstractPhaseInterceptor<Message> {
private Map<String,String> users;
public void setUsers(Map<String, String> users) {
this.users = users;
}
public AuthenticatorInterceptor() {
super(Phase.RECEIVE);
this.users = new HashMap<String, String>();
this.users.put("test", "test");
}
@Override
public void handleMessage(Message message) throws Fault {
AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
if (policy == null) {
System.out.println("User attempted to log in with no credentials");
throw new RuntimeException(HttpURLConnection.HTTP_UNAUTHORIZED+" UNAUTHORIZED");
}
System.out.println("Logging in use: " + policy.getUserName());
// Verify the password
String realPassword = users.get(policy.getUserName());
if (realPassword == null || !realPassword.equals(policy.getPassword())) {
System.out.println("Invalid username or password for user: " + policy.getUserName());
throw new RuntimeException(HttpURLConnection.HTTP_FORBIDDEN+" FORBIDDEN");
}
}
}
有人可以指导我,以便当有人试图访问服务URL时,应该获得正常的登录弹出而不是直接的异常消息吗?
答案 0 :(得分:-1)
我认为,您无法从浏览器本身发送标头登录信息,您可能需要像Postman这样的工具来发送凭据。或者使用Apache HTTPClient之类的任何其他客户端。