Restlet中的HTTP身份验证,验证子URL

时间:2012-02-11 09:39:24

标签: restlet

我在服务器端使用HTTP Digest身份验证机制,客户端是firefox。

这是服务器端代码

Application application = new Vehicle();

component.getDefaultHost().attachDefault(application);
component.getDefaultHost().attach("/home",new Home());

DigestAuthenticator guard = new DigestAuthenticator(null, "TestRealm","mySecretServerKey");
Instantiates a Verifier of identifier/secret couples based on a  simple Map.
MapVerifier mapVerifier = new MapVerifier();

加载一个静态登录/密钥对。

mapVerifier.getLocalSecrets().put("login", "secret".toCharArray());
guard.setWrappedVerifier(mapVerifier);

保护restlet

guard.setNext(application);
component.getDefaultHost().attachDefault(guard);  
component.start();

在家庭课堂

Router router = new Router(getContext());
router.attach("/People", People.class);
router.attach("/categories/",Categories.class);

return router;

如果我请求http://localhost:8182/ Http身份验证正在运行,但http://localhost:8182/home/categories/并未要求任何http authentication,如果我们首先尝试/home/categories/而不是http://localhost:8182/,那么在没有任何认证机制的情况下给出结果。怎么解决这个?

1 个答案:

答案 0 :(得分:0)

您只将保护附加到默认路由,因此路由与任何其他路由不匹配。请参阅attachDefault的javadoc:

 * Attaches a Resource class to this router as the default target to invoke
 * when no route matches. It actually sets a default route that scores all
 * calls to 1.0.

您的其他路线不是默认路线,因此不受保护

router.attach("/People", People.class);
router.attach("/categories/",Categories.class);

您必须在要保护的每条路线之间连接防护装置,如下所示:

DigestAuthenticator peopleGuard = new DigestAuthenticator(null, "TestRealm","mySecretServerKey");
peopleGuard.setNext(People.class);
router.attach("/People", peopleGuard);