澤西休息服務,HTTP基本安全性不占用用戶
[英]Jersey Rest Service with HTTP basic security not taking user
問題描述
我花了將近4天時間研究如何使用在Weblogic 12c中運行的Jersey實現http基本身份驗證。
我發現這些教程與我想要的非常接近:
https://github.com/JohnathanMarkSmith/springmvc-rest-secured-test
我使用的是Weblogic 12c,這些是我的Spring xml安全性:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<global-method-security pre-post-annotations="enabled"/>
<!-- Stateless RESTful services use BASIC authentication -->
<http create-session="stateless"
pattern="/rest/**"
authentication-manager-ref="myAuthenticationManager">
<intercept-url pattern="/rest/**" access="ROLE_REST"/>
<http-basic/>
</http>
<authentication-manager alias="myAuthenticationManager">
<authentication-provider ref="myAuthenticationProvider">
</authentication-provider>
</authentication-manager>
<beans:bean id="myAuthenticationProvider"
class="com.siman.store.mobile.service.security.AuthLdapSiman" />
</beans:beans>
web.xml中
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>
com.sun.jersey.spi.container.servlet.ServletContainer
</servlet-class>
<!-- Paquete en el que estan servicios -->
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.siman.rms.ipow.web.service.rest</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
</web-app>
的pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.siman.rms.ipow</groupId>
<artifactId>rms-ipow-service</artifactId>
<version>1.0.0</version>
<packaging>war</packaging>
<name>rms-ipow-service</name>
<properties>
<endorsed.dir>${project.build.directory}/endorsed</endorsed.dir>
</properties>
<dependencies>
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-web-api</artifactId>
<version>6.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.16</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-server</artifactId>
<version>1.19</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-json</artifactId>
<version>1.8</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.3.2</version>
<configuration>
<source>1.6</source>
<target>1.6</target>
<compilerArguments>
<endorseddirs>${endorsed.dir}</endorseddirs>
</compilerArguments>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-ejb-plugin</artifactId>
<version>2.3</version>
<configuration>
<ejbVersion>3.1</ejbVersion>
<clientIncludes>
<archive>log4j.properties</archive>
</clientIncludes>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>2.1</version>
<executions>
<execution>
<phase>validate</phase>
<goals>
<goal>copy</goal>
</goals>
<configuration>
<outputDirectory>${endorsed.dir}</outputDirectory>
<silent>true</silent>
<artifactItems>
<artifactItem>
<groupId>javax</groupId>
<artifactId>javaee-endorsed-api</artifactId>
<version>6.0</version>
<type>jar</type>
</artifactItem>
</artifactItems>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
配置至少它工作,但我不知道為什么不工作'身份驗證提供程序'我測試了我在github項目中提到的示例,但它是在tomcat中運行。
當我在瀏覽器中測試網址時:
HTTP://本地主機:7003 /存儲的移動服務/ REST /一些
它會提示http身份驗證對話框,但它沒有將我提供給表單的用戶,日志顯示:
2016-06-28 11:18:14 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/rest/some'; against '/rest/**'
2016-06-28 11:18:14 DEBUG FilterChainProxy:337 - /rest/some at position 1 of 7 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-06-28 11:18:14 DEBUG FilterChainProxy:337 - /rest/some at position 2 of 7 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-06-28 11:18:14 DEBUG FilterChainProxy:337 - /rest/some at position 3 of 7 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2016-06-28 11:18:14 DEBUG FilterChainProxy:337 - /rest/some at position 4 of 7 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-06-28 11:18:14 DEBUG FilterChainProxy:337 - /rest/some at position 5 of 7 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-06-28 11:18:14 DEBUG AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 192.168.24.79; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2016-06-28 11:18:14 DEBUG FilterChainProxy:337 - /rest/some at position 6 of 7 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-06-28 11:18:14 DEBUG FilterChainProxy:337 - /rest/some at position 7 of 7 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-06-28 11:18:14 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/rest/some'; against '/rest/**'
2016-06-28 11:18:14 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /rest/some; Attributes: [ROLE_REST]
2016-06-28 11:18:14 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6faa3d44: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 192.168.24.79; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2016-06-28 11:18:14 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.access.vote.RoleVoter@52d222cf, returned: -1
2016-06-28 11:18:14 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@a0cdfde, returned: 0
2016-06-28 11:18:14 DEBUG ExceptionTranslationFilter:165 - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3367)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3333)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2220)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2146)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2124)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1564)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:254)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:295)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:254)
2016-06-28 11:18:14 DEBUG ExceptionTranslationFilter:185 - Calling Authentication entry point.
2016-06-28 11:18:14 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
1 個解決方案
解決方案1
0 2016-06-30 17:34:17
我也有同樣的問題。 我能夠讓我的客戶端工作,具體取決於我如何配置我的客戶端。
非工作版本:
Client client = ClientBuilder.newClient(cc);
Response response = client.target(baseurl)
.path(targetUrl)
.request()
.property(org.glassfish.jersey.client.authentication.HttpAuthenticationFeature.HTTP_AUTHENTICATION_BASIC_USERNAME, USER)
.property(org.glassfish.jersey.client.authentication.HttpAuthenticationFeature.HTTP_AUTHENTICATION_BASIC_PASSWORD, PASS)
.accept(MediaType.APPLICATION_JSON)
.get();
工作版
HttpAuthenticationFeature f = HttpAuthenticationFeature
.basicBuilder()
.nonPreemptive()
.credentials(USER, PASS)
.build();
ClientConfig cc = new ClientConfig();
cc.register(f);
client = ClientBuilder.newClient(cc);
Response response = client.target(baseurl).path(targetUrl).request().accept(MediaType.APPLICATION_JSON)
.get();
對於其他人回答。 我有一些問題。
- 為什么匿名身份驗證鏈會被解雇?
- 如何禁用匿名過濾器鏈?
禁用Spring Security Basic登錄 - Spring REST Web服務
[英]Disable Spring Security Basic Login - Spring REST web service
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.