Restricting dropwizard admin page

匿名 (未验证) 提交于 2019-12-03 01:31:01

问题:

How to authenticate Dropwizard admin portal, so as to restrict normal users from accessing it? Please help

回答1:

In your config, you can set adminUsername and adminPassword under http like so:

http:   adminUsername: user1234   adminPassword: pass5678


回答2:

For DW 0.7 my approach would be:

public class AdminConstraintSecurityHandler extends ConstraintSecurityHandler {      private static final String ADMIN_ROLE = "admin";      public AdminConstraintSecurityHandler(final String userName, final String password) {         final Constraint constraint = new Constraint(Constraint.__BASIC_AUTH, ADMIN_ROLE);         constraint.setAuthenticate(true);         constraint.setRoles(new String[]{ADMIN_ROLE});         final ConstraintMapping cm = new ConstraintMapping();         cm.setConstraint(constraint);         cm.setPathSpec("/*");         setAuthenticator(new BasicAuthenticator());         addConstraintMapping(cm);         setLoginService(new AdminMappedLoginService(userName, password, ADMIN_ROLE));     } }  public class AdminMappedLoginService extends MappedLoginService {      public AdminMappedLoginService(final String userName, final String password, final String role) {         putUser(userName, new Password(password), new String[]{role});     }      @Override     public String getName() {         return "Hello";     }      @Override     protected UserIdentity loadUser(final String username) {         return null;     }      @Override     protected void loadUsers() throws IOException {     } }

and using them in the way:

environment.admin().setSecurityHandler(new AdminConstraintSecurityHandler(...))


回答3:

Newer Jetty versions do not have MappedLoginService, so @Kamil's answer no longer works. I have modified their answer to get it working as of Dropwizard 1.2.2:

public class AdminConstraintSecurityHandler extends ConstraintSecurityHandler {      private static final String ADMIN_ROLE = "admin";      public AdminConstraintSecurityHandler(final String userName, final String password) {         final Constraint constraint = new Constraint(Constraint.__BASIC_AUTH, ADMIN_ROLE);         constraint.setAuthenticate(true);         constraint.setRoles(new String[]{ADMIN_ROLE});         final ConstraintMapping cm = new ConstraintMapping();         cm.setConstraint(constraint);         cm.setPathSpec("/*");         setAuthenticator(new BasicAuthenticator());         addConstraintMapping(cm);         setLoginService(new AdminLoginService(userName, password));     }      public class AdminLoginService extends AbstractLoginService {          private final UserPrincipal adminPrincipal;         private final String adminUserName;          public AdminLoginService(final String userName, final String password)
标签
string
admin
dropwizard
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!