0
經過幾天沒有任何進展,我需要你的幫助。RestyGWT和基本認證
對於GWT,我試圖與我的REST服務器通信,服務器位於不同的URL(需要CORS)。
我的配置:
服務器
- 春季啓動1.3.3
客戶
- GWT 1.7
- restygwt 2.0.3
服務器端,我認爲這是好。
當我在Spring中禁用安全性時,我可以在我的GWT客戶端中獲取數據。
但是,當我啓用它,我總是得到401請求。 REST URL請求直接在Web瀏覽器中運行(使用其身份驗證對話框)。
客戶端,我跟了這頁:
https://ronanquillevere.github.io/2014/04/11/restygwt-basic-auth.html
這裏是我的代碼:
這增加憑據頭
public class BasicAuthHeaderDispatcherFilter implements DispatcherFilter {
public static final String AUTHORIZATION_HEADER = "Authorization";
@Override
public boolean filter(Method method, RequestBuilder builder) {
try {
String basicAuthHeaderValue = createBasicAuthHeader(
UserCredentials.INSTANCE.getUserName(),
UserCredentials.INSTANCE.getPassword());
builder.setHeader(AUTHORIZATION_HEADER, basicAuthHeaderValue);
} catch (UnsupportedEncodingException e) {
return false;
}
return true;
}
private String createBasicAuthHeader(String userName, String password)
throws UnsupportedEncodingException {
String credentials = userName + ":" + password;
String encodedCredentials = new String(Base64.encode(credentials
.getBytes()), "UTF-8");
GWT.log("encodedCredentials=["+encodedCredentials+"]");
return " Basic " + encodedCredentials;
}
}
的dispacher過濾器:
public class MyDispatcher extends DefaultFilterawareDispatcher {
public MyDispatcher() {
addFilter(new BasicAuthHeaderDispatcherFilter());
}
}
而我的測試呼叫:
@Override
public void onClick(ClickEvent event) {
Defaults.setDispatcher(new MyDispatcher());
UserCredentials.INSTANCE.setUserName("user");
UserCredentials.INSTANCE.setPassword("psswd");
String url = "http://localhost:8080/race";
Resource resource = new Resource(url);
resource.get().send(new JsonCallback() {
@Override
public void onSuccess(Method method, JSONValue response) {
GWT.log(response.toString());
}
@Override
public void onFailure(Method method, Throwable exception) {
GWT.log("Erreur: ", exception);
}
});
}
而現在在網絡瀏覽器開發工具所產生的報頭。在Web瀏覽器
直接:
請求
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Authorization Basic R3V5OnR5Y29vbg==
Cache-Control max-age=0
Connection keep-alive
Host localhost:8080
User-Agent Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
回答
Cache-Control no-cache, no-store, max-age=0, must-revalidate
Content-Type application/json;charset=UTF-8
Date Thu, 28 Apr 2016 17:35:31 GMT
Expires 0
Pragma no-cache
Server Apache-Coyote/1.1
Set-Cookie JSESSIONID=A496281DBD6E9B797887B9C34B47DA52; Path=/; HttpOnly
Transfer-Encoding chunked
X-Frame-Options DENY
X-XSS-Protection 1; mode=block
x-content-type-options nosniff
GWT客戶
請求
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Access-Control-Request-He... authorization,x-http-method-override
Access-Control-Request-Me... GET
Connection keep-alive
Host localhost:8080
Origin http://127.0.0.1:8888
User-Agent Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
回答
我注意到兩兩件事:
- 在GWT頭請求,我沒有授權值。但是在控制檯日誌中,我有一條確認過濾器被觸發的跟蹤。
- 只有在使用firefox時,當我提出請求時,firebug會捕獲2個網絡窗格,第一個窗口有授權值,但沒有答案,第二個窗口是我在上面提到的結果。
感謝您的幫助。