浏览器不使用基本身份验证提示输入凭据
Browser not prompting for credentials using basic authentication
我的目标是为服务器上的单个资源提供身份验证,为此我使用自定义过滤器。我没有使用 @NameBinding 因为使用 JAVA 的限制 1.6.Using Response.header(HttpHeaders.WWW_AUTHENTICATE,"Basic") 没有提示输入凭据。
使用 ContainerRequestFilter 对我的事业没有帮助,因为它会在服务器的每个资源上放置过滤器。
过滤器
@Provider
public class AuthenticationFilter implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
System.out.println("Entered authentication filter");
throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED)
.header(HttpHeaders.AUTHORIZATION,"Basic")
.entity("Credentials are required to access this resource.")
.build());
// chain.doFilter(req, resp);
}
@Override
public void init(FilterConfig arg0) throws ServletException {}
@Override
public void destroy() {}
}
web.xml映射
<filter>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>Utils.LDAPAuthentication.AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/download</url-pattern>
</filter-mapping>
我在访问网络服务时得到的响应是
所以按照 Paul 的建议,我使用了 HttpServletResponse。
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
if(request.getHeader("Authorization")==null){
response.setHeader(HttpHeaders.WWW_AUTHENTICATE,"Basic");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
else{
String credentials = request.getHeader("Authorization");
}
我的目标是为服务器上的单个资源提供身份验证,为此我使用自定义过滤器。我没有使用 @NameBinding 因为使用 JAVA 的限制 1.6.Using Response.header(HttpHeaders.WWW_AUTHENTICATE,"Basic") 没有提示输入凭据。
使用 ContainerRequestFilter 对我的事业没有帮助,因为它会在服务器的每个资源上放置过滤器。
过滤器
@Provider
public class AuthenticationFilter implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
System.out.println("Entered authentication filter");
throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED)
.header(HttpHeaders.AUTHORIZATION,"Basic")
.entity("Credentials are required to access this resource.")
.build());
// chain.doFilter(req, resp);
}
@Override
public void init(FilterConfig arg0) throws ServletException {}
@Override
public void destroy() {}
}
web.xml映射
<filter>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>Utils.LDAPAuthentication.AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/download</url-pattern>
</filter-mapping>
我在访问网络服务时得到的响应是
所以按照 Paul 的建议,我使用了 HttpServletResponse。
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
if(request.getHeader("Authorization")==null){
response.setHeader(HttpHeaders.WWW_AUTHENTICATE,"Basic");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
else{
String credentials = request.getHeader("Authorization");
}