文章/答案/技术大牛

发布

社区首页 >问答首页 >Dropwizard: BasicAuth

问Dropwizard: BasicAuth
EN

Stack Overflow用户

提问于 2015-09-19 17:45:57

回答 3查看 2.1K关注 0票数 6

使用Dropwizard身份验证0.9.0-快照

我想对照数据库用户(UserDAO)检查凭据。

我得到以下异常

好了！org.hibernate.HibernateException:当前没有与执行上下文绑定的会话

如何将会话绑定到身份验证器？或者是否有更好的方法与数据库用户进行检查？

身份验证类

package com.example.helloworld.auth;

import com.example.helloworld.core.User;
import com.example.helloworld.db.UserDAO;
import com.google.common.base.Optional;
import io.dropwizard.auth.AuthenticationException;
import io.dropwizard.auth.Authenticator;
import io.dropwizard.auth.basic.BasicCredentials;

public class ExampleAuthenticator implements Authenticator<BasicCredentials, User> {
    UserDAO userDAO;

    public ExampleAuthenticator(UserDAO userDAO) {
        this.userDAO = userDAO;
    }

    @Override
    public Optional<User> authenticate(BasicCredentials credentials) throws AuthenticationException {
        Optional<User> user;

        user = (Optional<User>) this.userDAO.findByEmail(credentials.getUsername());


        if ("secret".equals(credentials.getPassword())) {
            return Optional.of(new User(credentials.getUsername()));
        }
        return Optional.absent();
    }
}

应用类

@Override
public void run(HelloWorldConfiguration configuration, Environment environment) throws Exception {
    final UserDAO userDAO = new UserDAO(hibernate.getSessionFactory());

    environment.jersey().register(new AuthDynamicFeature(
        new BasicCredentialAuthFilter.Builder<User>()
                .setAuthenticator(new ExampleAuthenticator(userDAO))
                .setAuthorizer(new ExampleAuthorizer())
                .setRealm("SUPER SECRET STUFF")
                .buildAuthFilter()));
    environment.jersey().register(RolesAllowedDynamicFeature.class);
    //If you want to use @Auth to inject a custom Principal type into your resource
    environment.jersey().register(new AuthValueFactoryProvider.Binder(User.class));

    environment.jersey().register(new UserResource(userDAO));

basic-authentication

dropwizard

回答 3

Stack Overflow用户

回答已采纳

发布于 2016-01-08 06:14:24

要使用0.9+，您需要以下内容。您可以参考这个特定的变化集作为示例。

包括依赖项。

<dependency>
    <groupId>io.dropwizard</groupId>
    <artifactId>dropwizard-auth</artifactId>
    <version>${dropwizard.version}</version>
</dependency>

注册相关资料。

private void registerAuthRelated(Environment environment) {
    UnauthorizedHandler unauthorizedHandler = new UnAuthorizedResourceHandler();
    AuthFilter basicAuthFilter = new BasicCredentialAuthFilter.Builder<User>()
        .setAuthenticator(new BasicAuthenticator())
        .setAuthorizer(new UserAuthorizer())
        .setRealm("shire")
        .setUnauthorizedHandler(unauthorizedHandler)
        .setPrefix("Basic")
        .buildAuthFilter();

    environment.jersey().register(new AuthDynamicFeature(basicAuthFilter));
    environment.jersey().register(RolesAllowedDynamicFeature.class);
    environment.jersey().register(new AuthValueFactoryProvider.Binder(User.class));

    environment.jersey().register(unauthorizedHandler);

}

基本认证器

public class BasicAuthenticator<C, P> implements Authenticator<BasicCredentials, User> {
    @Override
    public Optional<User> authenticate(BasicCredentials credentials) throws AuthenticationException {
        //do no authentication yet. Let all users through
        return Optional.fromNullable(new User(credentials.getUsername(), credentials.getPassword()));
    }
}

UnAuthorizedHandler

public class UnAuthorizedResourceHandler implements UnauthorizedHandler {

    @Context
    private HttpServletRequest request;

    @Override
    public Response buildResponse(String prefix, String realm) {
        Response.Status unauthorized = Response.Status.UNAUTHORIZED;
        return Response.status(unauthorized).type(MediaType.APPLICATION_JSON_TYPE).entity("Can't touch this...").build();
    }

    @Context
    public void setRequest(HttpServletRequest request) {
        this.request = request;
    }
}

授权人

public class UserAuthorizer<P> implements Authorizer<User>{
    /**
     * Decides if access is granted for the given principal in the given role.
     *
     * @param principal a {@link Principal} object, representing a user
     * @param role      a user role
     * @return {@code true}, if the access is granted, {@code false otherwise}
     */
    @Override
    public boolean authorize(User principal, String role) {
        return true;
    }
}

最后，在资源中使用它。

@GET
public Response hello(@Auth User user){
    return Response.ok().entity("You got permission!").build();
}

票数 5

Stack Overflow用户

发布于 2015-09-19 18:13:42

您需要的Application类中的代码如下所示

environment.jersey().register(AuthFactory.binder(new BasicAuthFactory<>(
       new ExampleAuthenticator(userDAO), "AUTHENTICATION", User.class)));

然后，可以对方法使用@Auth参数上的User标记，任何传入的身份验证凭据都将击中authenticate方法，如果凭据不在数据库中，则允许返回正确的User对象或absent。

编辑: Dropwizard v0.8.4的工作

票数 3

Stack Overflow用户

发布于 2016-08-29 14:30:16

在从0.9开始的最新版本中，您可以在资源类方法中使用"@Context"注释，如下所示：

@RolesAllowed("EMPLOYEE")
    @Path("/emp")
    @GET
    @Produces(MediaType.APPLICATION_JSON)
    public Response getEmployeeResponse(@Context SecurityContext context) {
        SimplePrincipal sp = (SimplePrincipal) context.getUserPrincipal();
        return Response.ok("{\"Hello\": \"Mr. " + sp.getUsername() + "\"( Valuable emp )}").build();

    }

票数 1

页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持

原文链接：

https://stackoverflow.com/questions/32671392

复制

相似问题

问Dropwizard: BasicAuth
EN

回答 3

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问Dropwizard: BasicAuthEN

回答 3

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问Dropwizard: BasicAuth
EN