[英]REST - How to use auth token in subsequent requests
I'm using a java application the provide a REST interface for mongodb database called "RESTHeart" 我正在使用一个Java应用程序,该程序为mongodb数据库提供了称为“ RESTHeart”的REST接口。
When I make a normal GET request. 当我发出普通的GET请求时。
http -a admin:temp http://172.18.18.122:8080/_logic/roles/admin
I get an auth token Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23, how can I use it subsequent requests? 我获得了身份验证令牌Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23,如何在后续请求中使用它?
Here is the full response 这是完整的回应
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location, ETag, Auth-Token, Auth-Token-Valid-Until, Auth-Token-Location, X-Powered-By
Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23
Auth-Token-Location: /_authtokens/admin
Auth-Token-Valid-Until: 2016-04-25T14:37:22.290Z
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 109
Content-Type: application/hal+json
Date: Mon, 25 Apr 2016 14:22:22 GMT
X-Powered-By: restheart.org
{
"_links": {
"self": {
"href": "/_logic/roles/admin"
}
},
"authenticated": true,
"roles": [
"ADMIN"
]
}
I have tried the following: 我尝试了以下方法:
http http://172.18.18.122:8080/_logic/roles/admin Auth-Token:'10dc2eeb-9624-47f2-a542-c97e0af82b23'
Response: 响应:
HTTP/1.1 403 Forbidden
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location, ETag, Auth-Token, Auth-Token-Valid-Until, Auth-Token-Location, X-Powered-By
Connection: keep-alive
Content-Length: 0
Date: Mon, 25 Apr 2016 14:30:27 GMT
X-Powered-By: restheart.org
I'm not sure what I'm doing wrong here, any ideas? 我不确定我在做什么错,有什么想法吗?
使用httpie,您可以简单地执行以下操作:
http -a <username>:<Auth-Token> GET http://172.18.18.122:8080/auth/users
Clients authenticate passing credentials via the standard basic authentication, a standard method for an HTTP user agent to provide a username and password when making a request. 客户端通过标准的基本身份验证来验证传递的凭据,这是HTTP用户代理在发出请求时提供用户名和密码的标准方法。 RESTHeart is stateless: there isn't any authentication session and credentials must be sent on every request. RESTHeart是无状态的:没有任何身份验证会话,并且必须在每个请求上发送凭据。
Of course, it means you must secure your communications with HTTPS. 当然,这意味着您必须使用HTTPS保护通信。
There's documentation on how the authentication process works in restheart at https://softinstigate.atlassian.net/wiki/x/JgDM 在https://softinstigate.atlassian.net/wiki/x/JgDM上有关于restheart中身份验证过程如何工作的文档。
我找到了这个问题的解决方案,我所需要的只是传递授权标头以及以base64格式编码的“ username:password”
http GET http://172.18.18.122:8080/auth/users authorization:'Basic YWRtaW46dGVtcA=='
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.