stackoom
  简体   繁体   中英

authentication flow in dropwizard

 原文  2018-06-22 12:04:57       java/ rest/ authentication/ dropwizard

Question

I have gone through many forum to understand the flow but still confuse with the correct flow.

I am using Dropwizard and First I wanted to get token from REST API (Username & password will be provided in Basic auth) then next time this token will be pass in every request.

Main Class 

    environment.jersey()
                .register(
                        new AuthDynamicFeature(
                                new JwtAuthFilter.Builder<User>()
                                        .setAuthenticator(new MarginCalcAuthenticator())
                                        .setAuthorizer(
                                                new CalcAuthorizer())
                                        .setRealm("BASIC-AUTH-REALM")
                                        .buildAuthFilter()));
environment.jersey().register(RolesAllowedDynamicFeature.class);
        environment.jersey().register(new AuthValueFactoryProvider.Binder<User>(User.class));

AuthFilter 

@Priority(Priorities.AUTHENTICATION)
public class JwtAuthFilter<P extends Principal> extends AuthFilter<JWTCredentials, P> {

    private static final Logger LOGGER = LoggerFactory.getLogger(JwtAuthFilter.class);
    public static final String AUTHENTICATION_HEADER = "Authorization";

    @Override
    public void filter(final ContainerRequestContext requestContext) throws IOException {
        String authCredentials = requestContext.getHeaderString(AUTHENTICATION_HEADER);

Authenticator 

public class CalcAuthenticator implements Authenticator<JWTCredentials, User> {

    public Optional<User> authenticate(JWTCredentials credentials)
            throws AuthenticationException {
        AdminAuthenticationService authService = new AdminAuthenticationService();

        User userObj = authService.authenticate(credentials.getJwtToken());
        if (userObj == null) {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
        return Optional.of(userObj);
    }

}

REST API Resource class 

@GET
    @Path("token")
    @Produces(MediaType.TEXT_PLAIN)
    public Response genToken(@Context SecurityContext sc){
        return Response
                .ok()
                .header("Authorization", "Bearer "+AdminAuthenticationService.issueToken((br.dc.auth.User) sc
                        .getUserPrincipal())).build();
    }

I am debugging from Postman and it is hitting my API genToken but it never came to JwtAuthFilter or CalcAuthenticator. Can anyone help me to understand the flow ? I want to understand the flow.

1 answers

solution1
 0 ACCPTED  2018-06-25 11:32:19

As Paul mention class or method annotated with @RolesAllowed (or any other authz anno) is required for authentication. The auth is only done on methods (or classes) you tell it to.

Flow Register your filter, Authenticator etc with the Environment -> start your server -> request the token from UI or postman -> It will hit your AuthFilter -> You can call your authenticator for token validation -> Authenticate your request and send the response accordingly.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Dropwizard View authentication by example OAuth authentication with DropWizard How to do authentication in dropwizard How to do Basic Authentication of a resource in Dropwizard Creating JSON Web Tokens through Basic Authentication endpoint? Dropwizard How to create a GET request inside the dropwizard authentication method? Central Authentication Server architecture and authentication flow Designing the flow of OAuth2 authentication Desktop Flickrj Java Authentication Flow google play payment flow authentication error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM