Jetty:使用安全域进行身份验证 - HTTP ERROR 401未经授权

时间:2016-04-07 19:27:48

标签: java jersey embedded-jetty security-context

我正在尝试使用jersey,jetty嵌入式和带有BASIC身份验证的SecurityContext创建一个简单的Web应用程序,reaml从/tmp/realm.properties上的属性文件中获取用户的数据。似乎没有因任何原因读取属性文件,我在Linux内核上使用了审计规则,并发现任何进程都没有加入属性文件。我已经阅读了很多教程和官方文档(https://wiki.eclipse.org/Jetty/Tutorial/Realms),但似乎有些东西无效。

/ test / free>没有安全上下文(我可以通过休息电话联系)

/ test / test>安全上下文(我得到HTTP ERROR 401 Unauthorized)

curl http://127.0.0.1:8080/test/test -u foo:bar

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>Error 401 Unauthorized</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /test/test. Reason:
<pre>    Unauthorized</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>

</body>
</html>

这是我的代码:

package org.java.jettyServer;

import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.webapp.WebAppContext;
import org.mortbay.jetty.UserRealm;
import org.mortbay.jetty.security.HashUserRealm;

public class JettyEmbedded {

    public static void main(String[] args) throws Exception {

        Server server = new Server(8080);

        // Handler for multiple web apps
        HandlerCollection handlers = new HandlerCollection();

        // Creating the first web application context
        WebAppContext webapp1 = new WebAppContext();
        webapp1.setResourceBase("src/main/webapp");
        webapp1.setContextPath("/");
            handlers.addHandler(webapp1);

        // Adding the handlers to the server
        server.setHandler(handlers);

        // Starting the Server
        server.start();
        System.out.println("Started!");
        server.join();

    }
}

资源:

package org.java.resources;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;

@Path("test")   
public class EntryPoint {

    @GET
    @Path("test")
    @Produces(MediaType.TEXT_PLAIN)
    public String deleteRating(@Context SecurityContext context ) {
      String username = context.getUserPrincipal().getName();
      System.out.println(username);

        return "hello\n";
    }

    @GET
    @Path("free")
    @Produces(MediaType.TEXT_PLAIN)
    public String freeResource(){

        return "free access, no pass\n";
    }

}

web.xml

<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
          http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">

    <display-name>Service</display-name>

  <servlet>
        <servlet-name>Jersey Web Application</servlet-name>
        <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
        <init-param>
            <param-name>jersey.config.server.provider.packages</param-name>
            <param-value>org.java.resources</param-value>
        </init-param>
    </servlet>
    <servlet-mapping>
        <servlet-name>Jersey Web Application</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>  

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Secure</web-resource-name>

      <url-pattern>/test/test</url-pattern>
      <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
      <description>has to be a USER</description>
      <role-name>*</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>UserRealms</realm-name>
  </login-config>
 <security-role>
    <role-name>user</role-name>
  </security-role> 
</web-app>

jetty-web.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">

    <Configure class="org.eclipse.jetty.webapp.WebAppContext">
     <Get name="securityHandler">
       <Set name="loginService">
         <New class="org.eclipse.jetty.security.HashLoginService">
               <Set name="name">UserRealms</Set>
               <Set name="config"><SystemProperty name="jetty.home" default="."/> /tmp/realm.properties</Set>
               <Set name="refreshInterval">0</Set>
         </New>
       </Set>

     </Get>
    </Configure>

realm.properties

user: 123456,USERS
foo: bar,user

提前致谢

0 个答案:

没有答案