Dropwizard Auth - 如果未提供 header,如何 return 默认用户?
Dropwizard Auth - How to return default user if header is not given?
如果未指定 BacicAuth 的 header,我希望我的授权机制为 return 默认用户。我试过这样做:
@Override
public Optional<User> authenticate(final BasicCredentials basicCredentials) throws AuthenticationException {
String email = basicCredentials.getUsername();
String plaintextPassword = basicCredentials.getPassword();
final Optional<User> user = Optional.of(userDao.getUserByEmail(email));
if (user.isPresent()) {
return user;
}
else {
return Optional.of(defaultUser);
}
}
但是,不知何故,当我在没有正确 header 的情况下发出请求时,我仍然得到 401。
我怎样才能让它工作?
因此,如果没有 Basic Auth header,则会将 null BasicCredentials 传递给 pre-authentication 进程,这会导致自动未授权错误响应。所以我们需要确保有一个header。为此,您可以注册一个在 Dropwizard 身份验证过滤器之前执行的 Jersey 过滤器。在那里我们可以添加一个 header 和默认的用户名和密码。
import java.io.IOException;
import javax.annotation.Priority;
import javax.ws.rs.Priorities;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.HttpHeaders;
import org.glassfish.jersey.internal.util.Base64;
@Priority(Priorities.AUTHENTICATION - 100)
public class PreAuthenticationFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext request) throws IOException {
boolean hasValidHeader = false;
if (request.getHeaders().containsKey(HttpHeaders.AUTHORIZATION)) {
final String header = request.getHeaderString(HttpHeaders.AUTHORIZATION);
if (header.toLowerCase().startsWith("basic")) {
hasValidHeader = true;
}
}
if (!hasValidHeader) {
final String defaultUser = "defaultUser";
final String defaultPassword = "defaultPassword";
final String base64 = Base64.encodeAsString(defaultUser + ":" + defaultPassword);
request.getHeaders().putSingle(HttpHeaders.AUTHORIZATION, "Basic " + base64);
}
}
}
然后用DW注册就可以了 env.jersey().register(PreAuthenticationFilter.class);
如果未指定 BacicAuth 的 header,我希望我的授权机制为 return 默认用户。我试过这样做:
@Override
public Optional<User> authenticate(final BasicCredentials basicCredentials) throws AuthenticationException {
String email = basicCredentials.getUsername();
String plaintextPassword = basicCredentials.getPassword();
final Optional<User> user = Optional.of(userDao.getUserByEmail(email));
if (user.isPresent()) {
return user;
}
else {
return Optional.of(defaultUser);
}
}
但是,不知何故,当我在没有正确 header 的情况下发出请求时,我仍然得到 401。
我怎样才能让它工作?
因此,如果没有 Basic Auth header,则会将 null BasicCredentials 传递给 pre-authentication 进程,这会导致自动未授权错误响应。所以我们需要确保有一个header。为此,您可以注册一个在 Dropwizard 身份验证过滤器之前执行的 Jersey 过滤器。在那里我们可以添加一个 header 和默认的用户名和密码。
import java.io.IOException;
import javax.annotation.Priority;
import javax.ws.rs.Priorities;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.HttpHeaders;
import org.glassfish.jersey.internal.util.Base64;
@Priority(Priorities.AUTHENTICATION - 100)
public class PreAuthenticationFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext request) throws IOException {
boolean hasValidHeader = false;
if (request.getHeaders().containsKey(HttpHeaders.AUTHORIZATION)) {
final String header = request.getHeaderString(HttpHeaders.AUTHORIZATION);
if (header.toLowerCase().startsWith("basic")) {
hasValidHeader = true;
}
}
if (!hasValidHeader) {
final String defaultUser = "defaultUser";
final String defaultPassword = "defaultPassword";
final String base64 = Base64.encodeAsString(defaultUser + ":" + defaultPassword);
request.getHeaders().putSingle(HttpHeaders.AUTHORIZATION, "Basic " + base64);
}
}
}
然后用DW注册就可以了 env.jersey().register(PreAuthenticationFilter.class);