使用Resteasy客户端进行基本身份验证

Question

我正在尝试使用REST对我的jboss上运行的登录模块执行基本身份验证.我已经找到了StackOverflow主题,该主题解释了如何使用凭据进行身份验证.

RESTEasy客户端框架身份验证凭据

这不起作用.分析与Wireshark建立的连接我无法看到带有Authorization:Basic的HTTP包.经过更多的研究,我发现了这篇文章http://docs.jboss.org/resteasy/docs/2.3.3.Final/userguide/html/RESTEasy_Client_Framework.html,它描述了如何ApacheHttpClient4Executor从resteasy中添加基本​​身份验证.

// Configure HttpClient to authenticate preemptively
// by prepopulating the authentication data cache.

// 1. Create AuthCache instance
AuthCache authCache = new BasicAuthCache();

// 2. Generate BASIC scheme object and add it to the local auth cache
BasicScheme basicAuth = new BasicScheme();
authCache.put("com.bluemonkeydiamond.sippycups", basicAuth);

// 3. Add AuthCache to the execution context
BasicHttpContext localContext = new BasicHttpContext();
localContext.setAttribute(ClientContext.AUTH_CACHE, authCache);

// 4. Create client executor and proxy
httpClient = new DefaultHttpClient();
ApacheHttpClient4Executor executor = new ApacheHttpClient4Executor(httpClient, localContext);
client = ProxyFactory.create(BookStoreService.class, url, executor);

但这也不起作用.没有描述如何将基本身份验证的用户名和密码附加到构造中.为什么这些信息与任何类没有关联httpcomponent？

Answer 1

可以使用与resteasy-client 3.x一起打包的org.jboss.resteasy.client.jaxrs.BasicAuthentication,它专门用于基本身份验证.

Client client = ClientBuilder.newClient();    
ResteasyWebTarget resteasyWebTarget = (ResteasyWebTarget)client.target("http://mywebservice/rest/api");
resteasyWebTarget.register(new BasicAuthentication("username", "passwd"));

Answer 2

考虑一下Adam Bien 的解决方案:

您可以附加ClientRequestFilter到RESTEasy Client,它会将Authorization标头添加到请求中:

public class Authenticator implements ClientRequestFilter {

    private final String user;
    private final String password;

    public Authenticator(String user, String password) {
        this.user = user;
        this.password = password;
    }

    public void filter(ClientRequestContext requestContext) throws IOException {
        MultivaluedMap<String, Object> headers = requestContext.getHeaders();
        final String basicAuthentication = getBasicAuthentication();
        headers.add("Authorization", basicAuthentication);

    }

    private String getBasicAuthentication() {
        String token = this.user + ":" + this.password;
        try {
            return "Basic " +
                 DatatypeConverter.printBase64Binary(token.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException ex) {
            throw new IllegalStateException("Cannot encode with UTF-8", ex);
        }
    }
}

Client client = ClientBuilder.newClient()
                     .register(new Authenticator(user, password));

Answer 3

您可以通过调用.header(HttpHeaders.AUTHORIZATION, authHeader)客户端配置将原始授权标头添加到REST客户端。凭据必须以“ user：pass”格式打包在授权标头中，编码为base64字节数组，然后附加到标识基本身份验证的字符串“ Basic”中。

这是整个代码段（受baeldung上的该帖子的启发）

    String auth = userName + ":" + password;
    byte[] encodedAuth = Base64.encodeBase64(auth.getBytes(Charset.forName("ISO-8859-1")));
    String authHeader = "Basic " + new String(encodedAuth);

    authToken = restClient.target(restApiUrl + loginPath)
            .request()
            .accept(MediaType.TEXT_PLAIN)
            .header(HttpHeaders.AUTHORIZATION, authHeader)
            .get(String.class);

这在Resteasy客户中为我工作。有关信息，在使用wget测试时，必须使用该--auth-no-challenge标志。