Jersey 客户端基本身份验证
[英]Jersey-client basic authentication
问题描述
I'm trying to send a REST-request over HTTPS that includes basic authentication in the HTTP header, the problem seem to be that the authentication does not get inserted into the header.
我正在尝试通过 HTTPS 发送 REST 请求,其中包括 HTTP 标头中的基本身份验证,问题似乎是身份验证没有插入到标头中。
HttpAuthenticationFeature feature = HttpAuthenticationFeature
.basicBuilder().build();
Client client = ClientBuilder.newBuilder().sslContext(getSSLContext())
.hostnameVerifier(getHostNameVerifier()).build();
client.register(feature);
client.register(new LoggingFilter());
try
{
String entity = client
.target(url)
.request(MediaType.APPLICATION_XML)
.property(
HttpAuthenticationFeature.HTTP_AUTHENTICATION_BASIC_USERNAME,
"username")
.property(
HttpAuthenticationFeature.HTTP_AUTHENTICATION_BASIC_PASSWORD,
"password").get(String.class);
System.out.println(entity);
} catch (WebApplicationException e)
{
ByteArrayInputStream in = (ByteArrayInputStream) e.getResponse()
.getEntity();
int n = in.available();
byte[] bytes = new byte[n];
in.read(bytes, 0, n);
String entity = new String(bytes, StandardCharsets.UTF_8);
System.out.println(entity);
}
What the log says:日志说的是:
Jun 16, 2015 2:06:53 PM org.glassfish.jersey.filter.LoggingFilter log
INFO: 1 * Sending client request on thread JavaFX Application Thread
1 > GET https://url
1 > Accept: application/xml
Jun 16, 2015 2:06:53 PM org.glassfish.jersey.filter.LoggingFilter log
INFO: 2 * Client response received on thread JavaFX Application Thread
2 < 403
2 < Connection: Keep-Alive
2 < Content-Length: 240
2 < Content-Type: text/html; charset=iso-8859-1
2 < Date: Tue, 16 Jun 2015 12:06:53 GMT
2 < Keep-Alive: timeout=15, max=100
And the result code is just 403 Forbidden.结果代码只是 403 Forbidden。
If I remove the line client.register(feature);如果我删除行client.register(feature); the line 2 < WWW-authenticate: basic realm="/" gets added to the end of the log and the result code is 401 Authorization Requried instead of 403.第2 < WWW-authenticate: basic realm="/"行2 < WWW-authenticate: basic realm="/"被添加到日志的末尾,结果代码是 401 Authorization Requried 而不是 403。
The REST-request works fine when using HTTP Requester in FireFox.在 FireFox 中使用 HTTP 请求程序时,REST 请求工作正常。
I guess I'm just missing something somewhere?我想我只是在某处丢失了一些东西?
1 个解决方案
解决方案1
2 2017-08-01 19:46:24
If you are required to use Pre-Jersey 2.X this is quite difficult, as is apparent.如果您需要使用 Pre-Jersey 2.X,这很困难,这很明显。 If you need to do HTTPS (SSL) Basic Authentication then it gets ridiculously easy with Jersey 2.X onwards.如果您需要进行 HTTPS (SSL) 基本身份验证,那么从 Jersey 2.X 开始,它变得非常容易。
These instructions are using Jersey 2.25.1:这些说明使用 Jersey 2.25.1:
- If you are using a self-signed certificate you must first download the .cer/.crt/.cet file from the HTTPS page from within your browser after authenticating with valid login.如果您使用的是自签名证书,则必须在使用有效登录进行身份验证后,首先从浏览器中的 HTTPS 页面下载 .cer/.crt/.cet 文件。 Guide , SO Answer 指南, SO回答
- Then use different Feature (javax.ws.rs.core) implementations in Jersey 2.X to enter all this information in.然后在 Jersey 2.X 中使用不同的 Feature (javax.ws.rs.core) 实现来输入所有这些信息。
Sample code for building WebTarget and Client with SSLContext:使用 SSLContext 构建 WebTarget 和客户端的示例代码:
HttpAuthenticationFeature auth = HttpAuthenticationFeature.basic("admin", password);
SslConfigurator config = SslConfigurator.newInstance()
.keyStoreFile("C:\Program Files\Java\jdk\jre\lib\security\cacerts")
.keyPassword("changeit");
SSLContext sslContext = config.createSSLContext();
Client client = ClientBuilder.newBuilder()
.sslContext(sslContext)
.register(SseFeature.class)
.register(auth)
.build();
WebTarget target = client.target(sourcePath);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.