简单的restlet登录

Question

我正在玩restlet，我想创建一个登录机制，密码和用户名存储在MysqlDatabase中。

public class zeus extends Application { 

    @Override 
    public Restlet createInboundRoot() { 
     // Δημιουργία του router. 
     Router router = new Router(getContext()); 
     router.attach("/customers", CustomersResource.class); 

     ChallengeAuthenticator guard = new ChallengeAuthenticator(getContext(), ChallengeScheme.HTTP_BASIC, "login required"); 

     UserVerifier verifier = new UserVerifier(); 
     verifier.verify(identifier, secret); // where do i get the identifier ? 
     guard.setVerifier(verifier); 

     guard.setNext(router); 
     return guard; 
    } 
} 

而且我的用户验证类

public class UserVerifier extends SecretVerifier { 

    @Override 
    public boolean verify(String identifier, char[] secret) { 
    System.out.println(identifier); 
    System.out.println(secret); 
    //TODO compare with the Database 
    return true; 
    } 


} 

我无法找到如何获取标识符。

Answer 1

如果我正确理解你的问题，你的问题是如何从你的Restlet验证器与数据库进行交互以及如何在Restlet应用程序中一起工作。

最好的方法是定义一个实现您的数据库交互逻辑的DAO。类似的东西：

public class SecurityDao { 
    private DataSource dataSource; 

    public SecurityDao() { 
     // Intialize your datasource using DBCP or C3P0 
     dataSource = new com.mchange.v2.c3p0.ComboPooledDataSource(); 
     dataSource.setDriverClass(MyDriverClass.class); 
     dataSource.setJdbcUrl("jdbc:mysql://locahost/mydb"); 
     dataSource.setUser("username"); 
     dataSource.setPassword("pwd"); 

     // Don't forget to clean the pool when Restlet application stop 
     // with ComboPooledDataSource#close method 
    } 

    public boolean hasUserPassword(String user, String password) { 
     Connection conn = null; 
     PreparedStatement ps = null; 
     ResultSet rs = null; 
     try { 
      // Some SQL request like that 
      ps = conn.prepareStatement("select * from <MYTABLE> where USER = ? and PASSWORD = ?"); 
      ps.setString(1, user); 
      ps.setString(2, password); 
      rs = ps.executeQuery(); 
      return rs.next(); 
     } catch(Exception ex) { 
      (...) 
     } finally { 
      // close rs 
      // close ps 
      // close conn 
     } 
    } 
} 

现在我们的DAO实现，我们会从的Restlet应用程序类实例化它和你的验证范围内设置：

public class zeus extends Application { 
    private SecurityDao securityDao; 

    public zeus() { 
     securityDao = new SecurityDao(); 
    } 

    @Override 
    public Restlet createInboundRoot() { 
     (...) 

     UserVerifier verifier = new UserVerifier(); 
     verifier.setSecurityDao(securityDao); 

     (...) 
     return guard; 
    } 
} 

现在需要适应了一下您的验证如下所述：

public class UserVerifier extends SecretVerifier { 
    private SecurityDao securityDao; 
    public void setSecurityDao(SecurityDao securityDao) { 
     this.securityDao = securityDao; 
    } 

    public boolean verify(String identifier, char[] secret) { 
     System.out.println(identifier); 
     System.out.println(secret); 
     return securityDao.hasUserPassword(identifier, new String(secret)); 
     return true; 
    } 
} 

事实上，Restlet应用程序的createInboundRoot方法会初始化路由。这在应用程序启动时完成一次，即第一个请求完成时完成。然后，当接收到HTTP请求时，Restlet会自动调用验证器，并提供此请求中的安全提示。你没有显式调用验证程序的验证方法，Restlet框架将这样做......

希望它可以帮助你， 蒂埃里