Jersey——基本認證 & 摘要認證 & 表單認證

一、準備工作

Spring5.1.7 + Jersey2.27 + Tomcat環境搭建

1. 創建spring+jersey的maven項目依賴如下：

<dependencies>
    <dependency>
      <groupId>org.glassfish.jersey.core</groupId>
      <artifactId>jersey-server</artifactId>
      <version>2.27</version>
    </dependency>
    <dependency>
      <groupId>org.glassfish.jersey.containers</groupId>
      <artifactId>jersey-container-servlet-core</artifactId>
      <version>2.27</version>
    </dependency>
    <dependency>
      <groupId>org.glassfish.jersey.containers</groupId>
      <artifactId>jersey-container-servlet</artifactId>
      <version>2.27</version>
    </dependency>
    <dependency>
      <groupId>org.glassfish.jersey.inject</groupId>
      <artifactId>jersey-hk2</artifactId>
      <version>2.27</version>
    </dependency>
    <dependency>
      <groupId>org.glassfish.jersey.ext</groupId>
      <artifactId>jersey-spring4</artifactId>
      <version>2.27</version>
    </dependency>
    <dependency>
      <groupId>org.glassfish.jersey.media</groupId>
      <artifactId>jersey-media-json-jackson</artifactId>
      <version>2.27</version>
    </dependency>
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-context</artifactId>
      <version>5.1.7.RELEASE</version>
    </dependency>
 </dependencies>

2. 配置applicationContext.xml文件

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

    <context:component-scan base-package="com.jersey"></context:component-scan>
</beans>

3. 編寫一個Rest示例類

@Component
@Path("hello")
public class HelloResource {

    @Path("index")
    @GET
    public Response index() {
        return Response.ok("hello world!").build();
    }

    @Path("pH")
    @POST
    public Response postH() {
        return Response.ok("hello world!").build();
    }
}

4. 準備並創建Realm所需的數據庫表及數據

SET FOREIGN_KEY_CHECKS=0;
-- ----------------------------
-- Table structure for users
-- ----------------------------
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
  `user_name` varchar(255) DEFAULT NULL,
  `user_password` varchar(255) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

-- ----------------------------
-- Records of users
-- ----------------------------
INSERT INTO `users` VALUES ('caroline', 'zhang');
INSERT INTO `users` VALUES ('eric', 'han');
DROP TABLE IF EXISTS `user_roles`;
CREATE TABLE `user_roles` (
  `user_name` varchar(255) DEFAULT NULL,
  `role_name` varchar(255) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

-- ----------------------------
-- Records of user_roles
-- ----------------------------
INSERT INTO `user_roles` VALUES ('caroline', 'user');
INSERT INTO `user_roles` VALUES ('eric', 'admin');

5. 配置JDBCRealm
   修改服務器配置文件$CATALINA_BASE/conf/server.xml，配置內容如下：

<Realm className="org.apache.catalina.realm.JDBCRealm"
		driverName="com.mysql.jdbc.Driver"
		connectionURL="jdbc:mysql://localhost:3306/test"
		connectionName="root"
		connectionPassword="seeyon123456"
		userTable="users"
		userNameCol="user_name"
		userCredCol="user_password"
		userRoleTable="user_roles"
		roleNameCol="role_name" />

代碼修改位置層級結構圖

二、基本認證

HTTP基本認證是指通過WEB瀏覽器或者其他客戶端在發送請求的時，提供用戶名和密碼作爲身份憑證的一種登錄驗證方式。在請求發送之前，用戶名和密碼字符串通過一個冒號合併，形式如：Username:Password，合併後的字符串經過BASE64算法進行編碼。

	<security-constraint>
        <web-resource-collection>
            <web-resource-name>BASIC Auth</web-resource-name>
            <url-pattern>/wapi/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
            <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>BASIC Auth</web-resource-name>
            <url-pattern>/wapi/*</url-pattern>
            <http-method>GET</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
    </login-config>

1. 使用Postman驗證
   
   
2. 查看Header信息
   
   

三、摘要認證

HTTP - 摘要認證

	<security-constraint>
        <web-resource-collection>
            <web-resource-name>BASIC Auth</web-resource-name>
            <url-pattern>/wapi/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
            <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>BASIC Auth</web-resource-name>
            <url-pattern>/wapi/*</url-pattern>
            <http-method>GET</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>DIGEST</auth-method>
    </login-config>

2. Postman驗證

與BASIC驗證一樣，不再截圖；

3. 查看Header信息
   
   

四、表單認證

表單認證是基於HTTP，使用HTML的Form標籤提交表單的認證形式。用戶登錄頁面定義在web.xml文件的form-login-page字段中，在沒有被認證前，訪問者對資源地址的訪問會被引導到該頁面。訪問者提交身份信息後，服務器接收並處理請求，如果認證通過，將重定向到welcom-file字段定義的頁面，如果失敗，將重定向到form-error-page字段定義的頁面。

	<security-constraint>
        <web-resource-collection>
            <web-resource-name>BASIC Auth</web-resource-name>
            <url-pattern>/wapi/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
            <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>BASIC Auth</web-resource-name>
            <url-pattern>/wapi/*</url-pattern>
            <http-method>GET</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.html</form-login-page>
            <form-error-page>/error.html</form-error-page>
        </form-login-config>
    </login-config>

login.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>登錄頁面</title>
</head>
<body>
    <form action="j_security_check">
        <div>
            <span>user name</span>
            <input id="j_username" name="j_username" type="text">
        </div>
        <div>
            <span>password</span>
            <input id="j_password" name="j_password" type="password">
        </div>
        <input type="submit" value="login in">
    </form>
</body>
</html>

2. 使用chrome瀏覽器驗證
   
   碼雲地址

五、參考鏈接

1. 在tomcat中使用Realm
2. Spring集成Jersey開發(附demo)
3. 用idea創建一個maven web項目
   創建maven項目的時候注意加archetypeCatalog=internal屬性，否則創建不出來
4. 在Tomcat中採用基於表單的安全驗證