我正在尝试为不同的服务使用不同的http-Handler创建客户端/服务器工具。因为不是每个知道URL的人都应该能够触发服务,所以我想使用Basic Auth保护Handler。
我能够实施有效的基本身份验证(已通过邮递员测试),但是由于CORS的原因,我想通过我的网站访问它时,它会失败。我也能够处理CORS的Preflight,但仅当我停用基本身份验证时才可以。激活它后,似乎什至没有进入可以设置标头的处理程序。
这是我的示例代码:
服务器
package com.company;
import java.io.*;
import java.net.InetSocketAddress;
import java.lang.*;
import java.net.URL;
import com.sun.net.httpserver.HttpsServer;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import com.sun.net.httpserver.*;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import java.io.InputStreamReader;
import java.io.Reader;
import java.net.URLConnection;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.X509Certificate;
import java.net.InetAddress;
import java.util.Arrays;
import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsExchange;
public class Main {
public static class MyHandler implements HttpHandler {
@Override
public void handle(HttpExchange t) throws IOException {
String response = "This is the response";
HttpsExchange httpsExchange = (HttpsExchange) t;
httpsExchange.getResponseHeaders().add("Access-Control-Allow-Origin", "null");
if (httpsExchange.getRequestMethod().equalsIgnoreCase("OPTIONS")) {
System.out.println("in Option");
httpsExchange.getResponseHeaders().add("Access-Control-Allow-Methods", "GET, OPTIONS");
httpsExchange.getResponseHeaders().add("Access-Control-Allow-Headers", "Content-Type,Authorization");
httpsExchange.sendResponseHeaders(204, -1);
return;
}
httpsExchange.sendResponseHeaders(200, response.length());
OutputStream os = httpsExchange.getResponseBody();
os.write(response.getBytes());
os.close();
}
}
/**
* @param args
*/
public static void main(String[] args) throws Exception {
try {
// setup the socket address
InetSocketAddress address = new InetSocketAddress(8000);
// initialise the HTTPS server
HttpsServer httpsServer = HttpsServer.create(address, 0);
SSLContext sslContext = SSLContext.getInstance("TLS");
// initialise the keystore
char[] password = "aaaaaa".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream("D:\\src\\keys\\server.jks");
ks.load(fis, password);
// setup the key manager factory
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, password);
// setup the trust manager factory
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
// setup the HTTPS context and parameters
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext) {
public void configure(HttpsParameters params) {
try {
// initialise the SSL context
SSLContext c = SSLContext.getDefault();
SSLEngine engine = c.createSSLEngine();
params.setNeedClientAuth(false);
params.setCipherSuites(engine.getEnabledCipherSuites());
params.setProtocols(engine.getEnabledProtocols());
// get the default parameters
SSLParameters defaultSSLParameters = c.getDefaultSSLParameters();
params.setSSLParameters(defaultSSLParameters);
} catch (Exception ex) {
System.out.println("Failed to create HTTPS port");
}
}
});
HttpContext hc = httpsServer.createContext("/test", new MyHandler());
/*BasicAuthenticator basicAuthenticator = new BasicAuthenticator("get") {
@Override
public boolean checkCredentials(String username, String password) {
return username.equals("user") && password.equals("password");
}
};
hc.setAuthenticator(basicAuthenticator);*/
httpsServer.setExecutor(null); // creates a default executor
httpsServer.start();
} catch (Exception exception) {
System.out.println("Failed to create HTTPS server on port " + 8000 + " of localhost");
exception.printStackTrace();
}
}
}
JQuery /客户端:
$( "#button" ).click(function() {
function make_base_auth(user, password) {
var tok = user + ':' + password;
var hash = btoa(tok);
return "Basic " + hash;
}
$.ajax
({
type: "GET",
url: "https://localhost:8000/test",
beforeSend: function (xhr){
xhr.setRequestHeader('Authorization', make_base_auth("user", "password"));
},
success: function (data){
console.log(data)
}
});
});
上面的代码对我有用,它进入测试处理程序并回答预检,然后才是真正的请求。但是它不会验证jQuery中的凭证(甚至不需要发送一些凭证)。这是合乎逻辑的,因为我称赞了基本身份验证的激活。我在基本身份验证部分中发表评论后,它就没有进入测试处理程序,也没有达到预检处理。
我的问题是,当不在处理程序中时,我不知道该将预检处理放在哪里。那么有没有办法使用sun HttpServer来做到这一点?