REST - 如何在后续请求中使用身份验证令牌
REST - How to use auth token in subsequent requests
我正在使用 java 应用程序,它为名为 "RESTHeart"
的 mongodb 数据库提供了一个 REST 接口
当我发出正常的 GET 请求时。
http -a admin:temp http://172.18.18.122:8080/_logic/roles/admin
我得到一个授权令牌 Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23,我如何在后续请求中使用它?
这是完整的回复
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location, ETag, Auth-Token, Auth-Token-Valid-Until, Auth-Token-Location, X-Powered-By
Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23
Auth-Token-Location: /_authtokens/admin
Auth-Token-Valid-Until: 2016-04-25T14:37:22.290Z
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 109
Content-Type: application/hal+json
Date: Mon, 25 Apr 2016 14:22:22 GMT
X-Powered-By: restheart.org
{
"_links": {
"self": {
"href": "/_logic/roles/admin"
}
},
"authenticated": true,
"roles": [
"ADMIN"
]
}
我尝试了以下方法:
http http://172.18.18.122:8080/_logic/roles/admin Auth-Token:'10dc2eeb-9624-47f2-a542-c97e0af82b23'
响应:
HTTP/1.1 403 Forbidden
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location, ETag, Auth-Token, Auth-Token-Valid-Until, Auth-Token-Location, X-Powered-By
Connection: keep-alive
Content-Length: 0
Date: Mon, 25 Apr 2016 14:30:27 GMT
X-Powered-By: restheart.org
我不确定我做错了什么,有什么想法吗?
我找到了这个问题的解决方案,我只需要通过授权 header 以及以 base64 格式
编码的 'username:password'
http GET http://172.18.18.122:8080/auth/users authorization:'Basic YWRtaW46dGVtcA=='
使用 httpie 你可以简单地做到:
http -a <username>:<Auth-Token> GET http://172.18.18.122:8080/auth/users
Clients authenticate passing credentials via the standard basic authentication, a standard method for an HTTP user agent to provide a username and password when making a request.
RESTHeart is stateless: there isn't any authentication session and credentials must be sent on every request.
当然,这意味着您必须使用 HTTPS 保护您的通信。
上有关于身份验证过程如何在 restheart 中工作的文档
我正在使用 java 应用程序,它为名为 "RESTHeart"
的 mongodb 数据库提供了一个 REST 接口当我发出正常的 GET 请求时。
http -a admin:temp http://172.18.18.122:8080/_logic/roles/admin
我得到一个授权令牌 Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23,我如何在后续请求中使用它?
这是完整的回复
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location, ETag, Auth-Token, Auth-Token-Valid-Until, Auth-Token-Location, X-Powered-By
Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23
Auth-Token-Location: /_authtokens/admin
Auth-Token-Valid-Until: 2016-04-25T14:37:22.290Z
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 109
Content-Type: application/hal+json
Date: Mon, 25 Apr 2016 14:22:22 GMT
X-Powered-By: restheart.org
{
"_links": {
"self": {
"href": "/_logic/roles/admin"
}
},
"authenticated": true,
"roles": [
"ADMIN"
]
}
我尝试了以下方法:
http http://172.18.18.122:8080/_logic/roles/admin Auth-Token:'10dc2eeb-9624-47f2-a542-c97e0af82b23'
响应:
HTTP/1.1 403 Forbidden
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location, ETag, Auth-Token, Auth-Token-Valid-Until, Auth-Token-Location, X-Powered-By
Connection: keep-alive
Content-Length: 0
Date: Mon, 25 Apr 2016 14:30:27 GMT
X-Powered-By: restheart.org
我不确定我做错了什么,有什么想法吗?
我找到了这个问题的解决方案,我只需要通过授权 header 以及以 base64 格式
编码的 'username:password' http GET http://172.18.18.122:8080/auth/users authorization:'Basic YWRtaW46dGVtcA=='
使用 httpie 你可以简单地做到:
http -a <username>:<Auth-Token> GET http://172.18.18.122:8080/auth/users
Clients authenticate passing credentials via the standard basic authentication, a standard method for an HTTP user agent to provide a username and password when making a request. RESTHeart is stateless: there isn't any authentication session and credentials must be sent on every request.
当然,这意味着您必须使用 HTTPS 保护您的通信。
上有关于身份验证过程如何在 restheart 中工作的文档