java 如何在 JAX-RS 服务中读取授权标头
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/26212844/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to read authorization header in JAX-RS service
提问by Pavanraotk
I am new to Authorization header, trying to create authorization(and authentication) using a JAX-RS service
我是 Authorization 标头的新手,尝试使用 JAX-RS 服务创建授权(和身份验证)
My snippet at the javascript looks like this:
我在 javascript 中的代码片段如下所示:
sUrl = getURL() + "/com.cabRoutePlanner.Login/Login";
var oHeaders = {};
oHeaders['Authorization'] = "Basic " + btoa(getUserName() + ":" + getPassword());
var request = {
headers : oHeaders,
requestUri : sUrl,
data: connectionData,
method : "POST"
};
OData.request(request, onSuccessForRegister, onRegError);
Now, I want to read this authorization header at the JAX-RS service, i.e username and password back in my Java Rest service and check with my db. What I am confused with is, I don't know how to consume this authorization header. If somebody could just show me the declaration of the function in the REST service and just to access my username and passwrd, it'd be great.
现在,我想在 JAX-RS 服务中读取此授权标头,即在我的 Java Rest 服务中读取用户名和密码并检查我的数据库。我感到困惑的是,我不知道如何使用此授权标头。如果有人可以向我展示 REST 服务中的函数声明,并且只是为了访问我的用户名和密码,那就太好了。
I wrote the code somehow, with a little intuition and great help from Eclipse
我以某种方式编写了代码,凭着一点直觉和 Eclipse 的巨大帮助
@Path("/Log")
@POST
@Produces(MediaType.APPLICATION_JSON)
public Response log(HttpServletRequest req)throws JSONException
{
JSONObject returnObject = new JSONObject();
String authorization = req.getHeader("Authorization");
if (authorization != null && authorization.startsWith("Basic"))
{
//byte[] message = authorization.substring("Basic".length()).trim().getBytes();
String credentials = authorization.substring("Basic".length()).trim();
byte[] decoded = DatatypeConverter.parseBase64Binary(credentials);
String decodedString = new String(decoded);
String[] actualCredentials = decodedString.split(":");
String ID = actualCredentials[0];
String Password = actualCredentials[1];
String Result = actualLog(ID, Password);
if(Result.equals("ID Does not exist"))
{
returnObject.put("Result", "ID Does not exist");
return Response.status(401).entity(returnObject).build();
}
else if(Result.equals("Password incorrect for given User"))
{
returnObject.put("Result", "Password incorrect for given User");
return Response.status(401).entity(returnObject).build();
}
else
{
returnObject.put("Result", Result);
return Response.status(200).entity(returnObject).build();
}
}
else
{
returnObject.put("Result", "Authorization header wrong");
return Response.status(401).entity(returnObject).build();
}
}
Now, here is the current Exception I am getting and I'm not able to understand it:
现在,这是我得到的当前异常,我无法理解它:
Oct 06, 2014 4:13:59 PM com.sun.jersey.spi.container.ContainerRequest getEntity
SEVERE: A message body reader for Java class javax.servlet.http.HttpServletRequest, and Java type interface javax.servlet.http.HttpServletRequest, and MIME media type application/octet-stream was not found.
The registered message body readers compatible with the MIME media type are:
application/octet-stream ->
com.sun.jersey.core.impl.provider.entity.ByteArrayProvider
com.sun.jersey.core.impl.provider.entity.FileProvider
com.sun.jersey.core.impl.provider.entity.InputStreamProvider
com.sun.jersey.core.impl.provider.entity.DataSourceProvider
com.sun.jersey.core.impl.provider.entity.RenderedImageProvider
*/* ->
com.sun.jersey.core.impl.provider.entity.FormProvider
com.sun.jersey.core.impl.provider.entity.MimeMultipartProvider
com.sun.jersey.core.impl.provider.entity.StringProvider
com.sun.jersey.core.impl.provider.entity.ByteArrayProvider
com.sun.jersey.core.impl.provider.entity.FileProvider
com.sun.jersey.core.impl.provider.entity.InputStreamProvider
com.sun.jersey.core.impl.provider.entity.DataSourceProvider
com.sun.jersey.core.impl.provider.entity.XMLJAXBElementProvider$General
com.sun.jersey.core.impl.provider.entity.ReaderProvider
com.sun.jersey.core.impl.provider.entity.DocumentProvider
com.sun.jersey.core.impl.provider.entity.SourceProvider$StreamSourceReader
com.sun.jersey.core.impl.provider.entity.SourceProvider$SAXSourceReader
com.sun.jersey.core.impl.provider.entity.SourceProvider$DOMSourceReader
com.sun.jersey.json.impl.provider.entity.JSONJAXBElementProvider$General
com.sun.jersey.json.impl.provider.entity.JSONArrayProvider$General
com.sun.jersey.json.impl.provider.entity.JSONObjectProvider$General
com.sun.jersey.core.impl.provider.entity.XMLRootElementProvider$General
com.sun.jersey.core.impl.provider.entity.XMLListElementProvider$General
com.sun.jersey.core.impl.provider.entity.XMLRootObjectProvider$General
com.sun.jersey.core.impl.provider.entity.EntityHolderReader
com.sun.jersey.json.impl.provider.entity.JSONRootElementProvider$General
com.sun.jersey.json.impl.provider.entity.JSONListElementProvider$General
com.sun.jersey.json.impl.provider.entity.HymansonProviderProxy
回答by Gas
You should use @Context HttpServletRequest requestto inject request in your method, like this:
您应该使用@Context HttpServletRequest request在您的方法中注入请求,如下所示:
public Response log(@Context HttpServletRequest req) throws JSONException
Other useful objects that could be injected using @Contextare (see JAX-RS spec for details):
可以使用注入的其他有用对象@Context是(有关详细信息,请参阅 JAX-RS 规范):
ApplicationUriInfo,HttpHeadersSecurityContext,Providers,RequestServletConfig,ServletContext,HttpServletRequestandHttpServletResponse
ApplicationUriInfo,HttpHeadersSecurityContext,Providers,RequestServletConfig,ServletContext,HttpServletRequest和HttpServletResponse
So in your case you could use also @Context HttpHeaders headersand then
所以在你的情况下,你也可以使用@Context HttpHeaders headers然后
List<String> authHeaders = headers.getRequestHeader(HttpHeaders.AUTHORIZATION);
