1. 首页
  2. 问答
  3. 使用Jersey客户端进行摘要式身份验证

使用Jersey客户端进行摘要式身份验证

2010-06-02 92 views
9

我已经使用Jersey服务器编写了一个REST Web服务(它完全可以!)。 我现在正在用Jersey客户端开发它的客户端部分。使用Jersey客户端进行摘要式身份验证

在服务器端,我选择了一个DIGEST认证,因为我个人认为BASIC认证是在我们的头脑为“DEPRECATED”应该标志着一个异端。

不幸的是,我在客户端看不到任何对摘要式身份验证的支持。 对于BASIC认证,一个不一样的东西:

client.addFilter(
    new HTTPBasicAuthFilter(
     user, 
     password));

但我看不出有什么 “HTTPDigestAuthFilter” 对口。 我错过了什么吗?

感谢您的帮助,

拉斐尔

来源

2010-06-02 Raphael Jolivet

+0

好吧,我在泽西岛的邮件列表上询问过,它目前不存在。 所以我正在实施它。 我会尽快将它发布到那里。 – 2010-06-09 09:20:37

+0

请按照Nabble上Jersey邮件列表的相应线索进行操作: http://jersey.576304.n2.nabble.com/DIGEST-Authentication-with-Jersey-client-td5132921.html – 2010-06-14 10:00:58

+0

为什么要将* HTTP基本访问验证*将被弃用? – user359996 2010-11-04 20:28:35

回答

23

我刚才已经实现了它。 我已经创造了泽西问题跟踪功能请求,并张贴我的实现还有,作为附件: https://jersey.dev.java.net/issues/show_bug.cgi?id=542

它正常工作与Tomcat服务器的摘要式身份验证通信。 我还没有测试过其他网络服务器。

来源

2010-06-24 21:53:30

+11

+1自己实现缺失功能并释放它。 – user359996 2010-12-17 17:09:01

+0

链接不再有效,它移动了吗? – 2014-12-16 02:07:15

0

这里我写了一些随机的uri。请填写您想要的URI

对于样本测试,您可以借助互联网上可用的Google服务进行打开。

import javax.ws.rs.core.*; 
    import org.apache.commons.codec.digest.*; 
    import org.codehaus.jettison.json.*; 
    import com.sun.jersey.api.*; 


    public class DigestClient { 

    //Dividing into two parts because we need to send the last part of uri in our second request to service. 
    static String baseUri = "https://www.something.com"; 
    static String subUri = "/later-part"; 

    public static void main(String[] args) throws JSONException{ 

     ClientConfig cc = new DefaultClientConfig(); 
     Client client = Client.create(cc); 

     WebResource webResource = client.resource(baseUri+subUri); 
     ClientResponse response = webResource.get(ClientResponse.class); 
     // Basically in Digest-Authentication mechanism, we hit the rest service two times. 
     // First time with No Authentication, which returns some values (qop, nonce, realm) which are used as inputs in second call to rest service. 


     /*--------------- First call-----------------*/ 
     // We get 401, Unauthorized 
     System.out.println(response.getStatus()+" "+response.getStatusInfo()); 
     // Here is the complete header information 
     System.out.println(response.getHeaders()); 
     // We need "WWW-Authenticate" part information for our second call to rest 
     System.out.println("WWW-Authenticate: \t" + response.getHeaders().get("www-Authenticate")); 


     String noAuthResp = response.getHeaders().get("www-Authenticate").toString(); 
     noAuthResp = noAuthResp.replace("Digest ", ""); 
     noAuthResp = noAuthResp.replace('[', '{'); 
     noAuthResp = noAuthResp.replace(']', '}'); 

     // Creating a JSONObject for easy information retrieval 
     JSONObject resp = new JSONObject(noAuthResp); 


     /*--------------- Second call-----------------*/ 
     // Here client has to set the fields which was returned from the first call 
     String user = "postman";   // username 
     String password = "password";   // password 
     String realm = resp.getString("realm");   // realm value from the first rest-call response 
     String qop = resp.getString("qop");   //qop value from the first rest-call response 
     String nonce = resp.getString("nonce");   // nonce value from the first rest-call response 
     String opaque = resp.getString("opaque");   // Some times if we don't get this value, set it with "" 
     String algorithm = "MD5";   // The algorithm set by the client 
     int nonceCount = 678;   // Some numerical input from the client 
     String clientNonce = "afdjas0";   // Some random text from the client for encryption 

     String method = "GET";   // HTTP method 

     String ha1 = new DigestClient().formHA1(user, realm, password); 
     String ha2 = new DigestClient().formHA2(method, subUri); 
     String responseCode = new DigestClient().generateResponse(ha1, nonce, nonceCount, clientNonce, qop, ha2); 

     // Header to be sent to the service 
     String value = "Digest username=\""+user+"\", realm=\""+realm+"\", nonce=\""+nonce+"\", uri=\""+subUri+"\", qop="+qop+", nc="+nonceCount+", cnonce=\""+clientNonce+"\", response=\""+responseCode+"\", opaque=\""+opaque+"\"";   

     // Hitting the service 
     response = webResource.header("authorization", value).type(MediaType.TEXT_PLAIN).accept("*").get(ClientResponse.class); 
     System.out.println("\nComplete Response:\n"+response+"\n"); 
     String output = response.getEntity(String.class); 
     System.out.println("Response Text: "+output); 
    } 

    // For generating HA1 value 
    public String formHA1(String userName,String realm,String password){ 
     String ha1 = DigestUtils.md5Hex(userName + ":" + realm + ":" + password); 
     return ha1; 
    } 
    // For generating HA2 value 
    public String formHA2(String method,String uri){ 
     String ha2=DigestUtils.md5Hex(method + ":" + uri); 
     return ha2; 
    } 

    // For generating response at client side 
    public String generateResponse(String ha1,String nonce,int nonceCount,String clientNonce,String qop,String ha2){ 
     String response=DigestUtils.md5Hex(ha1 + ":" + nonce + ":" + nonceCount + ":" +clientNonce +":" + qop + ":" +ha2); 
     return response; 

    } 
    }

来源

2017-01-05 07:12:28

相关问题

 相关问题