我在服务器端使用HTTP Digest身份验证机制,客户端是firefox。
这是服务器端代码
Application application = new Vehicle();
component.getDefaultHost().attachDefault(application);
component.getDefaultHost().attach("/home",new Home());
DigestAuthenticator guard = new DigestAuthenticator(null, "TestRealm","mySecretServerKey");
Instantiates a Verifier of identifier/secret couples based on a simple Map.
MapVerifier mapVerifier = new MapVerifier();
加载一个静态登录/密钥对。
mapVerifier.getLocalSecrets().put("login", "secret".toCharArray());
guard.setWrappedVerifier(mapVerifier);
保护restlet
guard.setNext(application);
component.getDefaultHost().attachDefault(guard);
component.start();
在家庭课堂
Router router = new Router(getContext());
router.attach("/People", People.class);
router.attach("/categories/",Categories.class);
return router;
如果我请求http://localhost:8182/
Http身份验证正在运行,但http://localhost:8182/home/categories/
并未要求任何http authentication
,如果我们首先尝试/home/categories/
而不是http://localhost:8182/
,那么在没有任何认证机制的情况下给出结果。怎么解决这个?
答案 0 :(得分:0)
您只将保护附加到默认路由,因此路由与任何其他路由不匹配。请参阅attachDefault的javadoc:
* Attaches a Resource class to this router as the default target to invoke
* when no route matches. It actually sets a default route that scores all
* calls to 1.0.
您的其他路线不是默认路线,因此不受保护
router.attach("/People", People.class);
router.attach("/categories/",Categories.class);
您必须在要保护的每条路线之间连接防护装置,如下所示:
DigestAuthenticator peopleGuard = new DigestAuthenticator(null, "TestRealm","mySecretServerKey");
peopleGuard.setNext(People.class);
router.attach("/People", peopleGuard);