Ktor 中的表单认证
Form Authentication in Ktor
我是 Kotlin 的新手,Ktor 试图查看身份验证部分,所以我得到了以下代码。
路由“/”和“/bye”工作正常,但路由 "login" 出现空白页!
package blog
import kotlinx.html.*
import kotlinx.html.stream.* // for createHTML
import org.jetbrains.ktor.application.*
import org.jetbrains.ktor.auth.*
import org.jetbrains.ktor.features.*
import org.jetbrains.ktor.http.*
import org.jetbrains.ktor.response.*
import org.jetbrains.ktor.routing.*
import org.jetbrains.ktor.request.* // for request.uri
import org.jetbrains.ktor.html.*
import org.jetbrains.ktor.pipeline.*
import org.jetbrains.ktor.host.* // for embededServer
import org.jetbrains.ktor.netty.* // for Netty
fun main(args: Array<String>) {
embeddedServer(Netty, 8080, watchPaths = listOf("BlogAppKt"), module = Application::module).start()
}
fun Application.module() {
install(DefaultHeaders)
install(CallLogging)
intercept(ApplicationCallPipeline.Call) {
if (call.request.uri == "/hi")
call.respondText("Test String")
}
install(Routing) {
get("/") {
call.respondText("""Hello, world!<br><a href="/bye">Say bye?</a>""", ContentType.Text.Html)
}
get("/bye") {
call.respondText("""Good bye! <br><a href="/login">Login?</a> """, ContentType.Text.Html)
}
route("/login") {
authentication {
formAuthentication { up: UserPasswordCredential ->
when {
up.password == "ppp" -> UserIdPrincipal(up.name)
else -> null
}
}
}
handle {
val principal = call.authentication.principal<UserIdPrincipal>()
if (principal != null) {
call.respondText("Hello, ${principal.name}")
} else {
val html = createHTML().html {
body {
form(action = "/login", encType = FormEncType.applicationXWwwFormUrlEncoded, method = FormMethod.post) {
p {
+"user:"
textInput(name = "user") {
value = principal?.name ?: ""
}
}
p {
+"password:"
passwordInput(name = "pass")
}
p {
submitInput() { value = "Login" }
}
}
}
}
call.respondText(html, ContentType.Text.Html)
}
}
}
}
}
当我禁用下面的认证部分时,路由'/login'显示了所需的形式,这意味着错误很可能在这部分或在调用它的方式上?我猜。
authentication {
formAuthentication { up: UserPasswordCredential ->
when {
up.password == "ppp" -> UserIdPrincipal(up.name)
else -> null
}
}
}
你得到的不仅仅是一个空白页面,你得到的是 401 (UNAUTHORIZED) 的 HTTP 状态代码。那是因为 formAuthentication 有四个参数,其中三个有默认值。您只实现了最后一个(validate,没有默认):
userParamName: String = "user",
passwordParamName: String = "password",
challenge: FormAuthChallenge = FormAuthChallenge.Unauthorized,
validate: (UserPasswordCredential) -> Principal?
每当您到达 /login 路由而没有正确的凭据时,您将获得 challenge 的默认值,即 FormAuthChallenge.Unauthorized,即 401响应。
您可以使用 FormAuthChallenge.Redirect,而不是使用 challenge 的默认值。一个需要两条路线的简短示例:
get("/login") {
val html = """
<form action="/authenticate" enctype="..."
REST OF YOUR LOGIN FORM
</form>
"""
call.respondText(html, ContentType.Text.Html)
}
route("/authenticate") {
authentication {
formAuthentication(challenge = FormAuthChallenge.Redirect({ _, _ -> "/login" })) {
credential: UserPasswordCredential ->
when {
credential.password == "secret" -> UserIdPrincipal(credential.name)
else -> null
}
}
}
handle {
val principal = call.authentication.principal<UserIdPrincipal>()
val html = "Hello, ${principal?.name}"
call.respondText(html, ContentType.Text.Html)
}
}
更新
如果上面的方法效果不佳,请清楚地定义 userid-parameter 和 password-parameter,因为它们出现在执行 POST 的 form 中,如下所示:
authentication {
formAuthentication("user", "pass",
challenge = FormAuthChallenge.Redirect({ _, _ -> "/login" })){
credential: UserPasswordCredential ->
when {
credential.password == "secret" -> UserIdPrincipal(credential.name)
else -> null
}
}
}
我是 Kotlin 的新手,Ktor 试图查看身份验证部分,所以我得到了以下代码。
路由“/”和“/bye”工作正常,但路由 "login" 出现空白页!
package blog
import kotlinx.html.*
import kotlinx.html.stream.* // for createHTML
import org.jetbrains.ktor.application.*
import org.jetbrains.ktor.auth.*
import org.jetbrains.ktor.features.*
import org.jetbrains.ktor.http.*
import org.jetbrains.ktor.response.*
import org.jetbrains.ktor.routing.*
import org.jetbrains.ktor.request.* // for request.uri
import org.jetbrains.ktor.html.*
import org.jetbrains.ktor.pipeline.*
import org.jetbrains.ktor.host.* // for embededServer
import org.jetbrains.ktor.netty.* // for Netty
fun main(args: Array<String>) {
embeddedServer(Netty, 8080, watchPaths = listOf("BlogAppKt"), module = Application::module).start()
}
fun Application.module() {
install(DefaultHeaders)
install(CallLogging)
intercept(ApplicationCallPipeline.Call) {
if (call.request.uri == "/hi")
call.respondText("Test String")
}
install(Routing) {
get("/") {
call.respondText("""Hello, world!<br><a href="/bye">Say bye?</a>""", ContentType.Text.Html)
}
get("/bye") {
call.respondText("""Good bye! <br><a href="/login">Login?</a> """, ContentType.Text.Html)
}
route("/login") {
authentication {
formAuthentication { up: UserPasswordCredential ->
when {
up.password == "ppp" -> UserIdPrincipal(up.name)
else -> null
}
}
}
handle {
val principal = call.authentication.principal<UserIdPrincipal>()
if (principal != null) {
call.respondText("Hello, ${principal.name}")
} else {
val html = createHTML().html {
body {
form(action = "/login", encType = FormEncType.applicationXWwwFormUrlEncoded, method = FormMethod.post) {
p {
+"user:"
textInput(name = "user") {
value = principal?.name ?: ""
}
}
p {
+"password:"
passwordInput(name = "pass")
}
p {
submitInput() { value = "Login" }
}
}
}
}
call.respondText(html, ContentType.Text.Html)
}
}
}
}
}
当我禁用下面的认证部分时,路由'/login'显示了所需的形式,这意味着错误很可能在这部分或在调用它的方式上?我猜。
authentication {
formAuthentication { up: UserPasswordCredential ->
when {
up.password == "ppp" -> UserIdPrincipal(up.name)
else -> null
}
}
}
你得到的不仅仅是一个空白页面,你得到的是 401 (UNAUTHORIZED) 的 HTTP 状态代码。那是因为 formAuthentication 有四个参数,其中三个有默认值。您只实现了最后一个(validate,没有默认):
userParamName: String = "user",
passwordParamName: String = "password",
challenge: FormAuthChallenge = FormAuthChallenge.Unauthorized,
validate: (UserPasswordCredential) -> Principal?
每当您到达 /login 路由而没有正确的凭据时,您将获得 challenge 的默认值,即 FormAuthChallenge.Unauthorized,即 401响应。
您可以使用 FormAuthChallenge.Redirect,而不是使用 challenge 的默认值。一个需要两条路线的简短示例:
get("/login") {
val html = """
<form action="/authenticate" enctype="..."
REST OF YOUR LOGIN FORM
</form>
"""
call.respondText(html, ContentType.Text.Html)
}
route("/authenticate") {
authentication {
formAuthentication(challenge = FormAuthChallenge.Redirect({ _, _ -> "/login" })) {
credential: UserPasswordCredential ->
when {
credential.password == "secret" -> UserIdPrincipal(credential.name)
else -> null
}
}
}
handle {
val principal = call.authentication.principal<UserIdPrincipal>()
val html = "Hello, ${principal?.name}"
call.respondText(html, ContentType.Text.Html)
}
}
更新
如果上面的方法效果不佳,请清楚地定义 userid-parameter 和 password-parameter,因为它们出现在执行 POST 的 form 中,如下所示:
authentication {
formAuthentication("user", "pass",
challenge = FormAuthChallenge.Redirect({ _, _ -> "/login" })){
credential: UserPasswordCredential ->
when {
credential.password == "secret" -> UserIdPrincipal(credential.name)
else -> null
}
}
}