Jersey中的基本权限认证及访问程序

版本:jersey v2.10


import java.io.IOException;
import java.nio.charset.Charset;
import java.security.Principal;

import javax.annotation.Priority;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Priorities;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.ext.Provider;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.glassfish.jersey.internal.util.Base64;

/**
 * 
 * @author zhangdapeng
 * @version 1.0,2014年7月7日
 * @since   1.0
 */
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthRequestFilter implements ContainerRequestFilter {
	private Log logger = LogFactory.getLog(getClass());
    @Context
    HttpServletRequest webRequest;
    

    @Context
    ServletConfig servletConfig;

    @Context
    ServletContext servletContext;

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
    	  final Charset CHARACTER_SET = Charset.forName("utf-8");

              String authHeader = requestContext.getHeaders().getFirst(HttpHeaders.AUTHORIZATION);
              if (authHeader != null && authHeader.startsWith("Basic")) {
                  String decoded = new String(Base64.decode(authHeader.substring(6).getBytes()), CHARACTER_SET);
//                  String decoded = Base64.decodeAsString(authHeader.substring(6));
                  final String[] split = decoded.split(":");
                  final String username = split[0];
                  final String pwd = split[1];
                  if (pwd.equals(pwd)) {//这里做了最大简化
                      requestContext.setSecurityContext(new SecurityContext() {
                          @Override
                          public Principal getUserPrincipal() {
                              return new Principal() {
                                  @Override
                                  public String getName() {
                                      return username;
                                  }
                              };
                          }

                          @Override
                          public boolean isUserInRole(String role) {
                              return true;
                          }

                          @Override
                          public boolean isSecure() {
                              return false;
                          }

                          @Override
                          public String getAuthenticationScheme() {
                              return "BASIC";
                          }
                      });
                      return;
                  }
          }
              requestContext.abortWith(Response.status(401).header(HttpHeaders.WWW_AUTHENTICATE, "Basic").build());
 
        //TODO : HERE YOU SHOULD ADD PARAMETER TO REQUEST, TO REMEMBER USER ON YOUR REST SERVICE...
 
        
//        logger.info(requestContext.getSecurityContext().getUserPrincipal().getName());
    }
  
}

客户端访问:

    @Test
    public void testBasicPreemptive() {
    	Client client = ClientBuilder.newClient();
		WebTarget target = client
				.target("http://localhost:8080/boa/rest/customer/retrieve/1");
        Response response = target.register(HttpAuthenticationFeature.basicBuilder().credentials("homer", "country").build())
                .request().get();
		assertEquals(200, response.getStatus());
		Customer c=	response.readEntity(Customer.class);
        System.out.println("--"+c.getFirstName());
    }

参考:http://blog.csdn.net/philosophyatmath/article/details/37879451




你可能感兴趣的:(Java)