分享程序员开发的那些事...
更新时间:2023-09-13 23:34:46
所以您需要做三件事
在Tomcat中设置安全领域(我假设Server →Apache-Coyote/1.1是服务器).您可以在领域配置操作指南中了解有关创建领域的更多信息.
Set up the security realm in Tomcat (I'm assuming that's the server by Server →Apache-Coyote/1.1). You can read more about creating realms at Realm Configuration HOW-TO.
最容易配置的领域是 UserDatabaseRealm ,但绝不建议将其用于生产.只是为了让您起步并在开发中运行.您需要做的只是转到${TOMCAT_HOME}/conf中的tomcat-users.xml文件.然后只需编辑文件,它应该看起来像
The easiest realm to configure is the UserDatabaseRealm, but this is in no way recommended for production. It's just to get you up and running in development. All you need to do is go to the tomcat-users.xml file in ${TOMCAT_HOME}/conf. Then just edit the file it should look something like
<tomcat-users>
<user username="Murugesan" password="secret" roles="admin" />
<user username="peeskillet" password="superSecret" roles="user" />
</tomcat-users>
您仍然需要对web.xml进行一些配置.您需要做几件事
You still need to configure the web.xml a bit. You need to do a few things
声明允许使用该应用程序的角色.您可以将其放在</security-contraint>
<security-role>
<role-name>user</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>
声明允许访问<security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/api/protected/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
这里我们说的是,通过Servlet容器安全性控制一直到Jersey应用程序,任何具有声明角色的身份验证的用户(*)都被允许.或者,您可以定义角色而不是*.这将导致Servlet容器处理访问控制.但是,如果您想要更细粒度的控制,只需让所有经过身份验证的用户进入,并像现在一样使用批注来处理Jersey内的访问控制即可.
Here we are saying that any authenticated user (*) with one of the declared roles is allowed through the servlet container security control on through to the Jersey application. Alternatively you can define the roles instead of *. This will cause the servlet container to handle the access control. But if you want more fine grained control, just let all authenticated users in, and handle the access control inside Jersey with the annotations like you are currently doing.
您需要定义<login-config>来声明哪种身份验证.只有三个. FORM,DIGEST,BASIC.在这里,我们将使用BASIC,并声明用户所在的领域.
You need to define the <login-config> to declare what type of authentication. There are only three. FORM, DIGEST, BASIC. Here we will use BASIC, and also declare the realm in which the user are located.
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>UserDatabaseRealm</realm-name>
</login-config>
您可以将其放在</security-role>
You just need to configure Jersey to handle the security annotations by registering the RolesAllowedDynamicFeature. You can do that in the web.xml
<servlet>
<servlet-name>Application</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>org.student.resource</param-value>
</init-param>
<init-param>
<param-name>jersey.config.server.provider.classnames</param-name>
<param-value>
org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>