Websphere上的安全REST调用
[英]Secured REST call on Websphere
问题描述
I am trying to create a secured REST service on WebSphere 8.5.0.2. 
我正在尝试在WebSphere 8.5.0.2上创建安全的REST服务。 I want to secure using basic authentication. 我想使用基本身份验证来确保安全。 I modified my web.xml and tryed to read auto injected SecurityContext. 我修改了web.xml并尝试读取自动注入的SecurityContext。 I get an auto injected object but various operations are failing for eg securityContext.getAuthenticationScheme(); 我得到一个自动注入的对象,但是各种操作都失败了,例如securityContext.getAuthenticationScheme();。 I have also mapped my role to all authentiacted realm's users. 我还已将角色映射到所有已认证领域的用户。
I could not find anything in Wink's documentation too. 我在Wink的文档中也找不到任何内容。 Am i doing anything wrong ? 我做错什么了吗?
My web.xml 我的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>RESTModulation</display-name>
<!-- Wink SDK servlet configuration.
This servlet handles HTTP requests
of SDK web service on application server.-->
<servlet>
<description>
JAX-RS Tools Generated - Do not modify</description>
<servlet-name>EntryRestServlet</servlet-name>
<servlet-class>com.ibm.websphere.jaxrs.server.IBMRestServlet</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.demo.DemoResourceApplication</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>EntryRestServlet</servlet-name>
<url-pattern>
/resources/*</url-pattern>
</servlet-mapping>
<security-constraint id="SecurityConstraint_1">
<web-resource-collection id="WebResourceCollection_1">
<web-resource-name>EntryRestServlet</web-resource-name>
<description>Protection area for Rest Servlet</description>
<url-pattern>/resources/</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint id="AuthConstraint_1">
<description>Role1 for this rest servlet</description>
<role-name>Role1</role-name>
</auth-constraint>
</security-constraint>
<security-role id="SecurityRole_1">
<description>This is Role1</description>
<role-name>Role1</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>defaultWIMFileBasedRealm</realm-name>
</login-config>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
</web-app>
==========================================================================
Service implementation
@Path("/MyTestService")
public class MyTestService{
@Context
SecurityContext securityContext;
@GET
@Path("/getUser1")
@Produces(MediaType.TEXT_PLAIN)
public Response doInquiry()throws Exception {
String jsonData= "{'user':'I am here '}";
String authnScheme = securityContext.getAuthenticationScheme();
System.out.println("authnScheme : " + authnScheme);
// retrieve the name of the Principal that invoked the resource
String username = securityContext.getUserPrincipal().getName();
System.out.println("username : " + username);
// check if the current user is in Role1
Boolean isUserInRole = securityContext.isUserInRole("Role1");
System.out.println("isUserInRole : " + isUserInRole);
return Response.status(Response.Status.OK).entity(jsonData).build();
}
}
1 个解决方案
解决方案1
0 2016-11-10 17:00:36
I did not pass correct password from REST client. 我没有从REST客户端传递正确的密码。 After providing correct credentials, it has started working. 提供正确的凭据后,它开始工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.