我正在尝试使用jersey,jetty嵌入式和带有BASIC身份验证的SecurityContext创建一个简单的Web应用程序,reaml从/tmp/realm.properties上的属性文件中获取用户的数据。似乎没有因任何原因读取属性文件,我在Linux内核上使用了审计规则,并发现任何进程都没有加入属性文件。我已经阅读了很多教程和官方文档(https://wiki.eclipse.org/Jetty/Tutorial/Realms),但似乎有些东西无效。
/ test / free>没有安全上下文(我可以通过休息电话联系)
/ test / test>安全上下文(我得到HTTP ERROR 401 Unauthorized)
curl http://127.0.0.1:8080/test/test -u foo:bar
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>Error 401 Unauthorized</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /test/test. Reason:
<pre> Unauthorized</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
</body>
</html>
这是我的代码:
package org.java.jettyServer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.webapp.WebAppContext;
import org.mortbay.jetty.UserRealm;
import org.mortbay.jetty.security.HashUserRealm;
public class JettyEmbedded {
public static void main(String[] args) throws Exception {
Server server = new Server(8080);
// Handler for multiple web apps
HandlerCollection handlers = new HandlerCollection();
// Creating the first web application context
WebAppContext webapp1 = new WebAppContext();
webapp1.setResourceBase("src/main/webapp");
webapp1.setContextPath("/");
handlers.addHandler(webapp1);
// Adding the handlers to the server
server.setHandler(handlers);
// Starting the Server
server.start();
System.out.println("Started!");
server.join();
}
}
资源:
package org.java.resources;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
@Path("test")
public class EntryPoint {
@GET
@Path("test")
@Produces(MediaType.TEXT_PLAIN)
public String deleteRating(@Context SecurityContext context ) {
String username = context.getUserPrincipal().getName();
System.out.println(username);
return "hello\n";
}
@GET
@Path("free")
@Produces(MediaType.TEXT_PLAIN)
public String freeResource(){
return "free access, no pass\n";
}
}
web.xml
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>Service</display-name>
<servlet>
<servlet-name>Jersey Web Application</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>org.java.resources</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>Jersey Web Application</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure</web-resource-name>
<url-pattern>/test/test</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>has to be a USER</description>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>UserRealms</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>
jetty-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="securityHandler">
<Set name="loginService">
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">UserRealms</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/> /tmp/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Set>
</Get>
</Configure>
realm.properties
user: 123456,USERS
foo: bar,user
提前致谢