Ste*_*ras 1 java restful-authentication restlet restlet-2.0
我正在使用restlet,我想创建一个登录机制,密码和用户名存储在MysqlDatabase中.
public class zeus extends Application {
@Override
public Restlet createInboundRoot() {
// ?????????? ??? router.
Router router = new Router(getContext());
router.attach("/customers", CustomersResource.class);
ChallengeAuthenticator guard = new ChallengeAuthenticator(getContext(), ChallengeScheme.HTTP_BASIC, "login required");
UserVerifier verifier = new UserVerifier();
verifier.verify(identifier, secret); // where do i get the identifier ?
guard.setVerifier(verifier);
guard.setNext(router);
return guard;
}
}
和我的用户验证器类
public class UserVerifier extends SecretVerifier {
@Override
public boolean verify(String identifier, char[] secret) {
System.out.println(identifier);
System.out.println(secret);
//TODO compare with the Database
return true;
}
}
我找不到如何获取标识符.
如果我正确理解您的问题,您的问题是如何从Restlet验证程序与数据库交互以及如何在Restlet应用程序中协同工作.
最好的方法是定义实现数据库交互逻辑的DAO.像这样的东西:
public class SecurityDao {
private DataSource dataSource;
public SecurityDao() {
// Intialize your datasource using DBCP or C3P0
dataSource = new com.mchange.v2.c3p0.ComboPooledDataSource();
dataSource.setDriverClass(MyDriverClass.class);
dataSource.setJdbcUrl("jdbc:mysql://locahost/mydb");
dataSource.setUser("username");
dataSource.setPassword("pwd");
// Don't forget to clean the pool when Restlet application stop
// with ComboPooledDataSource#close method
}
public boolean hasUserPassword(String user, String password) {
Connection conn = null;
PreparedStatement ps = null;
ResultSet rs = null;
try {
// Some SQL request like that
ps = conn.prepareStatement("select * from <MYTABLE> where USER = ? and PASSWORD = ?");
ps.setString(1, user);
ps.setString(2, password);
rs = ps.executeQuery();
return rs.next();
} catch(Exception ex) {
(...)
} finally {
// close rs
// close ps
// close conn
}
}
}
现在我们实现了DAO,我们将从Restlet应用程序类中实例化它并在验证器中设置它:
public class zeus extends Application {
private SecurityDao securityDao;
public zeus() {
securityDao = new SecurityDao();
}
@Override
public Restlet createInboundRoot() {
(...)
UserVerifier verifier = new UserVerifier();
verifier.setSecurityDao(securityDao);
(...)
return guard;
}
}
您现在需要调整您的验证程序,如下所述:
public class UserVerifier extends SecretVerifier {
private SecurityDao securityDao;
public void setSecurityDao(SecurityDao securityDao) {
this.securityDao = securityDao;
}
public boolean verify(String identifier, char[] secret) {
System.out.println(identifier);
System.out.println(secret);
return securityDao.hasUserPassword(identifier, new String(secret));
return true;
}
}
实际上,Restlet应用程序的createInboundRoot方法初始化路由.当应用程序启动时,即第一个请求完成时,这将完成一次.然后,当收到HTTP请求时,Restlet会自动调用具有此请求中存在的安全提示的验证程序.你没有显式调用验证器的验证方法,Restlet框架会这样做......
希望它对你有帮助,蒂埃里