Websphere Application Server 安全 REST API

Websphere Application Server Secure REST API

我想公开来自 Webpshere Application Server 8 的 REST API。我可以在没有安全保护的情况下成功公开 REST 端点。但是在添加安全性时,我收到如下 404 错误代码:

[5/6/15 7:44:20:369 CAT] 00000063 RequestProces I org.apache.wink.server.internal.RequestProcessor logException The following error occurred during the invocation of the handlers chain: WebApplicationException (404 - Not Found) with message 'null' while processing GET request sent to http://localhost:9080/StudentWeb/student/service/students/100

请查找使用的web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
  <servlet>
    <servlet-name>StudentWebServelet</servlet-name>
    <servlet-class>com.ibm.websphere.jaxrs.server.IBMRestServlet</servlet-class>
    <init-param>
        <param-name>javax.ws.rs.Application</param-name>
        <param-value>com.student.rest.StudentApplication</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>StudentWebServelet</servlet-name>
    <url-pattern>/student/*</url-pattern>       
  </servlet-mapping>
  <security-role>
    <description>Registered Users</description>
    <role-name>RegisteredUsers</role-name>
  </security-role>  
  <security-constraint>
    <display-name>StudentSecurity</display-name>
    <web-resource-collection>
        <web-resource-name>Student resource</web-resource-name>
        <url-pattern>/student/service/*</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>RegisteredUsers</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
</web-app>

我确实找到了解决方案。 我所有的安全资源路径都是“/services/{resource name}”。

@Path(值=“/secured/students”) public class StudentResource 扩展了 AbstractResource {

@Inject
StudentBeanLocal studentBeanLocal;

}

不安全的资源类似于@path(value="/address")。

您可以有两个 servlet 映射。一个用于安全 API,另一个用于 public API。 使用验证受保护的 API,在 url 映射中提供 API 路径。

如果您有登录表单,也请使用基于表单的身份验证。