问题
I am trying to do a BASIC Authentication in my service using Tomcat 6.0 and JAX-RS jersey implementation.
Below are the implementation steps I followed:
1) Added the Realm in server.xml like this:
<Realm className="org.apache.catalina.realm.JDBCRealm" connectionName="XXX" connectionPassword="YYY" connectionURL="jdbc:oracle:thin:@localhost:1521/orcl" driverName="oracle.jdbc.OracleDriver" roleNameCol="role_name" userCredCol="user_pass" userNameCol="user_name" userRoleTable="user_roles" userTable="users"/>
The same realm I am using in other JSP application, it is working fine over there.
2) Below is the web.xml
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.infy.security</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.spi.container.ResourceFilters</param-name>
<param-value>com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>BasicDemo</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<!-- <user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint> -->
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<!-- The realm name is typically displayed by the browser in the login dialog box. -->
<realm-name>Login</realm-name>
</login-config>
Below is the service:
@Path("/authenticate")
@RolesAllowed({"Admin","Guest"})
public class BasicAuthenticationSecurity {
@GET
@Path("/wbiPing")
@Produces(MediaType.TEXT_PLAIN)
@RolesAllowed("Admin")
public Response wbiPing(){
System.out.println("Pinged!!!");
return Response.ok("Pinged!!!").build();
}
}
After implementation, whatever is the input in the login authentication popup (even if the user is "Admin") I am getting the unauthentication error page. Below is the URL:
http://localhost:8002/BASICAuthentication/rest/authenticate/wbiping
Please let me know if I am misisng something.
thanks,
回答1:
I had the same problem and I wasn't able to get it running with the realm definition in the server.xml.
It started to work as soon as I moved the
<Realm
className="org.apache.catalina.realm.JDBCRealm"
driverName="oracle.jdbc.driver.OracleDriver"
connectionURL="jdbc:oracle:thin:@//10.21.105.185:1552/CRODODEV.DE.MADM.NET"
connectionName="1234556"
connectionPassword="*****"
userTable="cpim_users"
userNameCol="user_name"
userCredCol="password"
userRoleTable="cpim_user_roles"
roleNameCol="role_name"
digest="sha-256" />
into the context.xml. The logging of the TomCat toled me that the server wasn't using the JDBC realm.
来源:https://stackoverflow.com/questions/15158554/basic-authentication-in-jersey-jax-rs-service-and-tomcat-6-0-getting-failed