0
我正在學習使用JAVA的Rest api,並且除認證之外,我已完成了大部分工作。我創建了兩個java web服務buyerservice和sellerservice。裏面有很多具有特定路徑的子服務。其餘服務的單獨服務驗證API
我想爲上述服務創建單獨的身份驗證,以便賣家可以訪問賣家服務,買家可以訪問買家服務。截至目前,我已經爲上述每個服務創建了一個過濾器類和兩個驗證服務類BuyerAuthService和SellerAuthService。在身份驗證後的登錄servlet中,我將編碼的base64值的用戶名和密碼添加到「授權」標籤下的cookie中。所以每次在過濾器類中都會得到cookies並驗證它們。
這是過濾器類:
package com.shopping.client;
import java.io.IOException;
import java.util.Base64;
import java.util.StringTokenizer;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class RestAuthenticationFilter implements javax.servlet.Filter {
public static final String AUTHENTICATION_HEADER = "Authorization";
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filter) throws IOException, ServletException {
if (request instanceof HttpServletRequest) {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
Cookie[] cookies = httpServletRequest.getCookies();
String authCredentials = "";
for (int i = 0; i < cookies.length; i++) {
String name = cookies[i].getName();
String value = cookies[i].getValue();
if(name.equals(AUTHENTICATION_HEADER)){
authCredentials = value;
}
}
//System.out.println(authCredentials);
// better injected
final String encodedUserPassword = authCredentials.replaceFirst("Basic"
+ " ", "");
String usernameAndPassword = null;
try {
byte[] decodedBytes = Base64.getDecoder().decode(
encodedUserPassword);
usernameAndPassword = new String(decodedBytes, "UTF-8");
} catch (IOException e) {
e.printStackTrace();
}
final StringTokenizer tokenizer = new StringTokenizer(
usernameAndPassword, ":");
final String username = tokenizer.nextToken();
final String password = tokenizer.nextToken();
boolean authenticationStatus = false;
if(username.equals("buyerservice")){
BuyerAuthService buyAuth = new BuyerAuthService();
authenticationStatus = buyAuth.authenticate(username, password);
}
else if(username.equals("sellerservice"))
{
SellerAuthService sellAuth = new SellerAuthService();
authenticationStatus = sellAuth.authenticate(username, password);
}
if (authenticationStatus) {
filter.doFilter(request, response);
} else {
if (response instanceof HttpServletResponse) {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse
.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
}
}
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
這是我的買家身份驗證服務類方法:
public class BuyerAuthService {
public boolean authenticate(String username, String password) {
if (null == username)
return false;
boolean authenticationStatus = "buyerservice".equals(username)
&& "buyerservice".equals(password);
return authenticationStatus;
}
}
賣方身份驗證服務是與上面相同,但有一樣的用戶名和密碼更改。
我loginservlet是:
String authStringEnc = Base64.getEncoder().encodeToString(authString.getBytes("utf-8"));
System.out.println("Base64 encoded auth string: " + authStringEnc);
if(username.equals("sellerservice")){
SellerAuthService sellAuth = new SellerAuthService();
if(sellAuth.authenticate(username, password)){
Cookie cookie = new Cookie("Authorization", authStringEnc);
response.addCookie(cookie);
System.out.println("HeaderSet");
response.sendRedirect(URL);
}
else{
response.sendError(404, "Wrong username password combination");
}
}
else if(username.equals("buyerservice")){
BuyerAuthService buyAuth = new BuyerAuthService();
if(buyAuth.authenticate(username, password)){
Cookie cookie = new Cookie("Authorization", authStringEnc);
response.addCookie(cookie);
System.out.println("HeaderSet");
response.sendRedirect(URL);
}
else{
response.sendError(404, "Wrong username password combination");
}
}
else{
response.sendError(404, "Username doesn't exists");
}
我從登錄表單讓我的用戶名和密碼。
即使我登錄sellerservice,並嘗試訪問buyerservice uris,我可以訪問它,上述過濾器類的問題。 但我希望他們被重定向到未經授權的HTML頁面。當我被困在這裏時,請給出建議和幫助。由於我是身份驗證新手,任何適當的指導對我都有幫助。提前致謝。!