堆栈内存溢出
  简体   繁体   English

REST-如何在后续请求中使用身份验证令牌

[英]REST - How to use auth token in subsequent requests

 原文  2016-04-25 14:34:28       mongodb/ rest/ restheart

问题描述

I'm using a java application the provide a REST interface for mongodb database called "RESTHeart" 我正在使用一个Java应用程序,该程序为mongodb数据库提供了称为“ RESTHeart”的REST接口。

When I make a normal GET request. 当我发出普通的GET请求时。 

http -a admin:temp http://172.18.18.122:8080/_logic/roles/admin

I get an auth token Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23, how can I use it subsequent requests? 我获得了身份验证令牌Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23,如何在后续请求中使用它?

Here is the full response 这是完整的回应 

HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Origin: *
    Access-Control-Expose-Headers: Location, ETag, Auth-Token, Auth-Token-Valid-Until, Auth-Token-Location, X-Powered-By
    Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23
    Auth-Token-Location: /_authtokens/admin
    Auth-Token-Valid-Until: 2016-04-25T14:37:22.290Z
    Connection: keep-alive
    Content-Encoding: gzip
    Content-Length: 109
    Content-Type: application/hal+json
    Date: Mon, 25 Apr 2016 14:22:22 GMT
    X-Powered-By: restheart.org

    {
        "_links": {
            "self": {
                "href": "/_logic/roles/admin"
            }
        },
        "authenticated": true,
        "roles": [
            "ADMIN"
        ]
    }

I have tried the following: 我尝试了以下方法: 

http http://172.18.18.122:8080/_logic/roles/admin Auth-Token:'10dc2eeb-9624-47f2-a542-c97e0af82b23'

Response: 响应: 

HTTP/1.1 403 Forbidden
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location, ETag, Auth-Token, Auth-Token-Valid-Until, Auth-Token-Location, X-Powered-By
Connection: keep-alive
Content-Length: 0
Date: Mon, 25 Apr 2016 14:30:27 GMT
X-Powered-By: restheart.org

I'm not sure what I'm doing wrong here, any ideas? 我不确定我在做什么错,有什么想法吗?

3 个解决方案

解决方案1
 1 已采纳  2016-04-26 07:42:28

使用httpie,您可以简单地执行以下操作:

http -a <username>:<Auth-Token> GET http://172.18.18.122:8080/auth/users

解决方案2
 1  2016-04-26 07:48:22

Clients authenticate passing credentials via the standard basic authentication, a standard method for an HTTP user agent to provide a username and password when making a request. 客户端通过标准的基本身份验证来验证传递的凭据,这是HTTP用户代理在发出请求时提供用户名和密码的标准方法。 RESTHeart is stateless: there isn't any authentication session and credentials must be sent on every request. RESTHeart是无状态的:没有任何身份验证会话,并且必须在每个请求上发送凭据。

Of course, it means you must secure your communications with HTTPS. 当然,这意味着您必须使用HTTPS保护通信。

There's documentation on how the authentication process works in restheart at https://softinstigate.atlassian.net/wiki/x/JgDM https://softinstigate.atlassian.net/wiki/x/JgDM上有关于restheart中身份验证过程如何工作的文档。

解决方案3
 0  2016-04-25 17:30:35

我找到了这个问题的解决方案,我所需要的只是传递授权标头以及以base64格式编码的“ username:password” 

  http GET http://172.18.18.122:8080/auth/users authorization:'Basic YWRtaW46dGVtcA=='

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用Django MongoEngine REST使用API​​ Auth? - How to use API Auth using Django MongoEngine REST? 如何使用 Firebase Auth 注册/登录/铸造令牌,但 Mongodb 用于其他一切? - How to use Firebase Auth to register/login/mint token but Mongodb for everything else? 使用 Firebase Auth,想使用 JWT 来验证客户端(iOS 应用程序)发送 MongoDB 请求 - Using Firebase Auth, want to use JWT to Auth clients (iOS App) sending MongoDB requests 哪里保存身份验证令牌 - Where to Save Auth Token 保存身份验证令牌并使用它 - Saving the auth token and using it 如何缩放auth_token的非常短的到期时间? - How to scale a very short expiry of auth_token? Auth0 - 如何在authost上使用本地主机上的mongoDB - Auth0 - How to use mongoDB on localhost with Auth0 如何在使用mongodb的cakephp中使用Auth - How to use Auth in cakephp using mongodb Go Lang和Labix mgo - 在后续请求之后获得EOF - Go Lang and Labix mgo - getting EOF after subsequent requests 如何在mongo中对后续元素进行分组? - How to group subsequent elements in mongo?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM