RESTlet的细粒度身份验证

要在RESTlet 2.0中进行基本身份验证（自从您提到以来，我假设您正在使用2.0

ServerResource

），则需要使用

ChallengeAuthenticator

。如果配置了，

optional =true

则只有在您调用时才需要身份验证

ChallengeAuthenticator.challenge()

。

您可以使用

authenticate()

方法创建应用程序，并在需要访问要保护的资源时调用此方法：

应用：

package example;import org.restlet.*;import org.restlet.data.ChallengeScheme;import org.restlet.routing.Router;import org.restlet.security.*;public class ExampleApp extends Application {    private ChallengeAuthenticator authenticatior;    private ChallengeAuthenticator createAuthenticator() {        Context context = getContext();        boolean optional = true;        ChallengeScheme challengeScheme = ChallengeScheme.HTTP_BASIC;        String realm = "Example site";        // MapVerifier isn't very secure; see docs for alternatives        MapVerifier verifier = new MapVerifier();        verifier.getLocalSecrets().put("user", "password".toCharArray());        ChallengeAuthenticator auth = new ChallengeAuthenticator(context, optional, challengeScheme, realm, verifier) { @Override protected boolean authenticate(Request request, Response response) {     if (request.getChallengeResponse() == null) {         return false;     } else {         return super.authenticate(request, response);     } }        };        return auth;    }    @Override    public Restlet createInboundRoot() {        this.authenticatior = createAuthenticator();        Router router = new Router();        router.attach("/user", UserResource.class);        authenticatior.setNext(router);        return authenticatior;    }    public boolean authenticate(Request request, Response response) {        if (!request.getClientInfo().isAuthenticated()) { authenticatior.challenge(response, false); return false;        }        return true;    }}

资源：

package example;import org.restlet.data.MediaType;import org.restlet.representation.EmptyRepresentation;import org.restlet.representation.Representation;import org.restlet.representation.StringRepresentation;import org.restlet.resource.ServerResource;public class UserResource extends ServerResource {    @Override    public Representation get() {        ExampleApp app = (ExampleApp) getApplication();        if (!app.authenticate(getRequest(), getResponse())) { // Not authenticated return new EmptyRepresentation();        }        // Generate list of users        // ...    }    @Override    public Representation post(Representation entity) {        // Handle post        // ...    }}

RESTlet的细粒度身份验证

面试问答相关栏目本月热门文章