将 Http 基本身份验证添加到 servletRequest
Add Http Basic Authentication to servletRequest
我有一个 ProxyServlet 来处理从我的应用程序发送到另一台服务器(使用 HTTP 基本身份验证)的请求,我想在 Servlet 触发实际请求之前手动添加 header因此用户无需输入任何凭据。
我已经使用 HttpServletRequestWrapper
尝试过类似下面的代码
public class DataServlet extends ProxyServlet {
@Override
protected void service(HttpServletRequest servletRequest, HttpServletResponse servletResponse)
throws ServletException, IOException {
final SystemCredentials credentials = new SystemCredentials("username", "password");
HttpServletRequestWrapper wrap = new HttpServletRequestWrapper(servletRequest){
@Override
public String getHeader(String name) {
if (name.equals("Authorization")){
String encoding = Base64.getEncoder().encodeToString((credentials.getUser().concat(":").concat(credentials.getPassword()).getBytes()));
return "Basic " + encoding;
} else
return super.getHeader(name);
}
};
super.service(wrap, servletResponse);
}
}
它似乎不起作用,当我尝试访问它时,显示 pop-up 并要求提供远程服务器的凭据。
我的web.xml包含
<servlet>
<servlet-name>data</servlet-name>
<servlet-class>foo.package.servlet.DataServlet</servlet-class>
<init-param>
<param-name>targetUri</param-name>
<param-value>http://fooServer/DataServer</param-value>
</init-param>
<async-supported>true</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>data</servlet-name>
<url-pattern>/DataServer/*</url-pattern>
</servlet-mapping>
还有其他方法可以实现吗?
谢谢!
解决方案是覆盖方法 getHeader(String name) 、 getHeaders(String name) 和 getHeaderNames() ,如下所示。这还取决于实现如何寻找 headers。在这种情况下 ProxyServlet 正在通过 Enumeration<String> getHeaders(String name).
查找
HttpServletRequestWrapper wrap = new HttpServletRequestWrapper(servletRequest){
@Override
public String getHeader(String name) {
if (name.equals(HttpHeaders.AUTHORIZATION)){
String encoding = Base64.getEncoder().encodeToString((credentials.getUser().concat(":").concat(credentials.getPassword()).getBytes()));
return "Basic " + encoding;
}
return super.getHeader(name);
}
@Override
public Enumeration<String> getHeaders(String name) {
if (name.equals(HttpHeaders.AUTHORIZATION)){
List<String> temp = new ArrayList<>();
String encoding = Base64.getEncoder().encodeToString((credentials.getUser().concat(":").concat(credentials.getPassword()).getBytes()));
temp.add("Basic " + encoding);
return Collections.enumeration(temp);
}
return super.getHeaders(name);
}
@Override
public Enumeration<String> getHeaderNames() {
// TODO Auto-generated method stub
List<String> temp = Collections.list(super.getHeaderNames());
temp.add(HttpHeaders.AUTHORIZATION);
return Collections.enumeration(temp);
}
};
我有一个 ProxyServlet 来处理从我的应用程序发送到另一台服务器(使用 HTTP 基本身份验证)的请求,我想在 Servlet 触发实际请求之前手动添加 header因此用户无需输入任何凭据。
我已经使用 HttpServletRequestWrapper
public class DataServlet extends ProxyServlet {
@Override
protected void service(HttpServletRequest servletRequest, HttpServletResponse servletResponse)
throws ServletException, IOException {
final SystemCredentials credentials = new SystemCredentials("username", "password");
HttpServletRequestWrapper wrap = new HttpServletRequestWrapper(servletRequest){
@Override
public String getHeader(String name) {
if (name.equals("Authorization")){
String encoding = Base64.getEncoder().encodeToString((credentials.getUser().concat(":").concat(credentials.getPassword()).getBytes()));
return "Basic " + encoding;
} else
return super.getHeader(name);
}
};
super.service(wrap, servletResponse);
}
}
它似乎不起作用,当我尝试访问它时,显示 pop-up 并要求提供远程服务器的凭据。
我的web.xml包含
<servlet>
<servlet-name>data</servlet-name>
<servlet-class>foo.package.servlet.DataServlet</servlet-class>
<init-param>
<param-name>targetUri</param-name>
<param-value>http://fooServer/DataServer</param-value>
</init-param>
<async-supported>true</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>data</servlet-name>
<url-pattern>/DataServer/*</url-pattern>
</servlet-mapping>
还有其他方法可以实现吗?
谢谢!
解决方案是覆盖方法 getHeader(String name) 、 getHeaders(String name) 和 getHeaderNames() ,如下所示。这还取决于实现如何寻找 headers。在这种情况下 ProxyServlet 正在通过 Enumeration<String> getHeaders(String name).
HttpServletRequestWrapper wrap = new HttpServletRequestWrapper(servletRequest){
@Override
public String getHeader(String name) {
if (name.equals(HttpHeaders.AUTHORIZATION)){
String encoding = Base64.getEncoder().encodeToString((credentials.getUser().concat(":").concat(credentials.getPassword()).getBytes()));
return "Basic " + encoding;
}
return super.getHeader(name);
}
@Override
public Enumeration<String> getHeaders(String name) {
if (name.equals(HttpHeaders.AUTHORIZATION)){
List<String> temp = new ArrayList<>();
String encoding = Base64.getEncoder().encodeToString((credentials.getUser().concat(":").concat(credentials.getPassword()).getBytes()));
temp.add("Basic " + encoding);
return Collections.enumeration(temp);
}
return super.getHeaders(name);
}
@Override
public Enumeration<String> getHeaderNames() {
// TODO Auto-generated method stub
List<String> temp = Collections.list(super.getHeaderNames());
temp.add(HttpHeaders.AUTHORIZATION);
return Collections.enumeration(temp);
}
};