Jersey REST客户端身份验证示例

了解如何使用HttpAuthenticationFeature来构建Jersey rest客户端,该客户端可用于访问身份验证/授权安全背后的REST API。例如,我们将为在Jersey安全的REST API教程中保护的服务创建jersey客户端。并且我将扩展为Jersey RESTful客户端示例创建的源代码。

目录

1. HttpAuthenticationFeature 
2.如何保护REST API 
3. Jersey REST客户端代码

1. Jersey客户端– HttpAuthenticationFeature

HttpAuthenticationFeature类提供HttpBasic和Digest客户端身份验证功能。该功能以4种模式之一工作,即BASIC,BASIC NON-PREEMPTIVE,DIGEST和UNIVERSAL。让我们快速了解它们。

  1. BASIC –这是一种抢占式身份验证方式,即始终随每个HTTP请求发送信息。此模式必须与SSL / TLS结合使用,因为密码仅以BASE64编码发送。
  2. 基本非优先–这是一种非优先的身份验证方式,即仅当服务器拒绝带有401状态码的请求时才添加身份验证信息,然后使用身份验证信息重复该请求。
  3. DIGEST – Http摘要认证。不需要使用SSL / TLS。
  4. 通用 –非抢占模式下基本身份验证和摘要身份验证的组合,即在401响应的情况下,将根据WWW-Authenticate HTTP标头中定义的请求身份验证使用适当的身份验证。

要使用HttpAuthenticationFeature,请构建一个实例并向客户端注册。

1.1。基本认证方式

HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic("username", "password");
final Client client = ClientBuilder.newClient();
client.register(feature);

1.2。基本身份验证-非强制模式

HttpAuthenticationFeature feature = HttpAuthenticationFeature.basicBuilder()
                                    .nonPreemptive()
                                    .credentials("username", "password")
                                    .build();
final Client client = ClientBuilder.newClient();
client.register(feature);

1.3。通用模式

//HttpAuthenticationFeature feature = HttpAuthenticationFeature.universal("username", "password");
//Universal builder having different credentials for different schemes
HttpAuthenticationFeature feature = HttpAuthenticationFeature.universalBuilder()
                .credentialsForBasic("username1", "password1")
                .credentials("username2", "password2").build();
final Client client = ClientBuilder.newClient();
client.register(feature);

2.如何保护REST API

对于启用身份验证的其余api,请使用与角色相关的注解,例如@RolesAllowed。例如,这是安全的REST API的代码。

@Path("/employees")
public class JerseyService
{
    @RolesAllowed("ADMIN")
    @GET
    @Produces(MediaType.APPLICATION_JSON)
    @Consumes(MediaType.APPLICATION_JSON)
    public Employees getAllEmployees()
    {
        Employees list = new Employees();
        list.setEmployeeList(new ArrayList<Employee>());
        
        list.getEmployeeList().add(new Employee(1, "Saigon"));
        list.getEmployeeList().add(new Employee(2, "Alex Kolenchiskey"));
        list.getEmployeeList().add(new Employee(3, "David Kameron"));
        
        return list;
    }
}

阅读更多:Jersey安全的REST API教程

3. Jersey REST客户端代码

以下是 Jersey 休息客户的基本身份验证示例,该示例接受用户名和密码详细信息以进行身份​​验证。

public static void main(String[] args) throws IOException
{
    httpGETCollectionExample();
}
private static void httpGETCollectionExample()
{
    ClientConfig clientConfig = new ClientConfig();
    HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic("howtodoinjava", "password");
    clientConfig.register( feature) ;
    clientConfig.register(JacksonFeature.class);
    Client client = ClientBuilder.newClient( clientConfig );
    WebTarget webTarget = client.target("http://localhost:8080/JerseyDemos/rest").path("employees");
    
    Invocation.Builder invocationBuilder =  webTarget.request(MediaType.APPLICATION_JSON);
    Response response = invocationBuilder.get();
    
    System.out.println(response.getStatus());
    System.out.println(response.getStatusInfo());
    
    if(response.getStatus() == 200)
    {
        Employees employees = response.readEntity(Employees.class);
        List<Employee> listOfEmployees = employees.getEmployeeList();
        System.out.println(Arrays.toString( listOfEmployees.toArray(new Employee[listOfEmployees.size()]) ));
    }
}

3.1。使用正确的用户名/密码输出

200
OK
[Employee [id=1, name=Saigon], Employee [id=2, name=Alex Kolenchiskey], Employee [id=3, name=David Kameron]]

3.2。使用不正确的用户名/密码输出

401
Unauthorized

将您的查询放在评论部分。

saigon has written 1440 articles

Leave a Reply