[英]authentication flow in dropwizard
I have gone through many forum to understand the flow but still confuse with the correct flow. 我参加了很多论坛来了解流程,但仍然对正确的流程感到困惑。
I am using Dropwizard and First I wanted to get token from REST API (Username & password will be provided in Basic auth) then next time this token will be pass in every request. 我正在使用Dropwizard,首先我想从REST API获取令牌(用户名和密码将在基本身份验证中提供),然后下次将此令牌传递到每个请求中。
Main Class 主班
environment.jersey()
.register(
new AuthDynamicFeature(
new JwtAuthFilter.Builder<User>()
.setAuthenticator(new MarginCalcAuthenticator())
.setAuthorizer(
new CalcAuthorizer())
.setRealm("BASIC-AUTH-REALM")
.buildAuthFilter()));
environment.jersey().register(RolesAllowedDynamicFeature.class);
environment.jersey().register(new AuthValueFactoryProvider.Binder<User>(User.class));
AuthFilter AuthFilter
@Priority(Priorities.AUTHENTICATION)
public class JwtAuthFilter<P extends Principal> extends AuthFilter<JWTCredentials, P> {
private static final Logger LOGGER = LoggerFactory.getLogger(JwtAuthFilter.class);
public static final String AUTHENTICATION_HEADER = "Authorization";
@Override
public void filter(final ContainerRequestContext requestContext) throws IOException {
String authCredentials = requestContext.getHeaderString(AUTHENTICATION_HEADER);
Authenticator 认证者
public class CalcAuthenticator implements Authenticator<JWTCredentials, User> {
public Optional<User> authenticate(JWTCredentials credentials)
throws AuthenticationException {
AdminAuthenticationService authService = new AdminAuthenticationService();
User userObj = authService.authenticate(credentials.getJwtToken());
if (userObj == null) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
return Optional.of(userObj);
}
}
REST API Resource class REST API资源类
@GET
@Path("token")
@Produces(MediaType.TEXT_PLAIN)
public Response genToken(@Context SecurityContext sc){
return Response
.ok()
.header("Authorization", "Bearer "+AdminAuthenticationService.issueToken((br.dc.auth.User) sc
.getUserPrincipal())).build();
}
I am debugging from Postman and it is hitting my API genToken but it never came to JwtAuthFilter or CalcAuthenticator. 我正在从Postman调试,它正在击中我的API genToken,但它从未出现在JwtAuthFilter或CalcAuthenticator中。 Can anyone help me to understand the flow ?
谁能帮助我了解流程? I want to understand the flow.
我想了解流程。
As Paul mention class or method annotated with @RolesAllowed (or any other authz anno) is required for authentication. 正如Paul所提到的,使用@RolesAllowed(或其他任何authz anno)注释的类或方法是身份验证所必需的。 The auth is only done on methods (or classes) you tell it to.
auth仅在您告诉它的方法(或类)上完成。
Flow Register your filter, Authenticator etc with the Environment -> start your server -> request the token from UI or postman -> It will hit your AuthFilter -> You can call your authenticator for token validation -> Authenticate your request and send the response accordingly. 流程在环境中注册过滤器,身份验证器等->启动服务器->从UI或邮递员请求令牌->它将命中AuthFilter->您可以调用身份验证器进行令牌验证->身份验证请求并发送响应相应地。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.