1. 首页
  2. 问答
  3. RestyGWT和基本认证

RestyGWT和基本认证

2016-04-28 84 views
0

经过几天没有任何进展,我需要你的帮助。RestyGWT和基本认证

对于GWT,我试图与我的REST服务器通信,服务器位于不同的URL(需要CORS)。
我的配置:
服务器
- 春季启动1.3.3

客户
- GWT 1.7
- restygwt 2.0.3

服务器端,我认为这是好。
当我在Spring中禁用安全性时,我可以在我的GWT客户端中获取数据。
但是,当我启用它,我总是得到401请求。 REST URL请求直接在Web浏览器中运行(使用其身份验证对话框)。

客户端,我跟了这页:
https://ronanquillevere.github.io/2014/04/11/restygwt-basic-auth.html

这里是我的代码:

这增加凭据头

public class BasicAuthHeaderDispatcherFilter implements DispatcherFilter { 

    public static final String AUTHORIZATION_HEADER = "Authorization"; 

    @Override 
    public boolean filter(Method method, RequestBuilder builder) { 
     try { 

      String basicAuthHeaderValue = createBasicAuthHeader(
        UserCredentials.INSTANCE.getUserName(), 
        UserCredentials.INSTANCE.getPassword()); 

      builder.setHeader(AUTHORIZATION_HEADER, basicAuthHeaderValue); 

     } catch (UnsupportedEncodingException e) { 
      return false; 
     } 
     return true; 
    } 

    private String createBasicAuthHeader(String userName, String password) 
      throws UnsupportedEncodingException { 
     String credentials = userName + ":" + password; 
     String encodedCredentials = new String(Base64.encode(credentials 
       .getBytes()), "UTF-8"); 

     GWT.log("encodedCredentials=["+encodedCredentials+"]"); 

     return " Basic " + encodedCredentials; 
    } 
}

的dispacher过滤器:

public class MyDispatcher extends DefaultFilterawareDispatcher { 

    public MyDispatcher() { 
     addFilter(new BasicAuthHeaderDispatcherFilter()); 
    } 

}

而我的测试呼叫:

@Override 
      public void onClick(ClickEvent event) { 
       Defaults.setDispatcher(new MyDispatcher()); 

       UserCredentials.INSTANCE.setUserName("user"); 
       UserCredentials.INSTANCE.setPassword("psswd"); 

       String url = "http://localhost:8080/race"; 
       Resource resource = new Resource(url); 

       resource.get().send(new JsonCallback() { 

        @Override 
        public void onSuccess(Method method, JSONValue response) { 
         GWT.log(response.toString()); 
        } 

        @Override 
        public void onFailure(Method method, Throwable exception) { 
         GWT.log("Erreur: ", exception); 
        } 
       }); 

      }

而现在在网络浏览器开发工具所产生的报头。在Web浏览器

直接:
请求

Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
Accept-Encoding gzip, deflate 
Accept-Language fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3 
Authorization Basic R3V5OnR5Y29vbg== 
Cache-Control max-age=0 
Connection keep-alive 
Host localhost:8080 
User-Agent Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0

回答

Cache-Control no-cache, no-store, max-age=0, must-revalidate 
Content-Type application/json;charset=UTF-8 
Date Thu, 28 Apr 2016 17:35:31 GMT 
Expires 0 
Pragma no-cache 
Server Apache-Coyote/1.1 
Set-Cookie JSESSIONID=A496281DBD6E9B797887B9C34B47DA52; Path=/; HttpOnly 
Transfer-Encoding chunked 
X-Frame-Options DENY 
X-XSS-Protection 1; mode=block 
x-content-type-options nosniff

GWT客户
请求

Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
Accept-Encoding gzip, deflate 
Accept-Language fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3 
Access-Control-Request-He... authorization,x-http-method-override 
Access-Control-Request-Me... GET 
Connection keep-alive 
Host localhost:8080 
Origin http://127.0.0.1:8888 
User-Agent Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0

回答

我注意到两两件事:
- 在GWT头请求,我没有授权值。但是在控制台日志中,我有一条确认过滤器被触发的跟踪。
- 只有在使用firefox时,当我提出请求时,firebug会捕获2个网络窗格,第一个窗口有授权值,但没有答案,第二个窗口是我在上面提到的结果。

感谢您的帮助。

来源

2016-04-28 Guymage

回答

0

已解决。

我的服务器拒绝Web浏览器提交的飞行前请求。

我在服务器添加CorsFilter,它忽略OPTIONS请求

@Override 
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 
      throws IOException, ServletException { 

     HttpServletResponse theResponse = (HttpServletResponse) response; 
     HttpServletRequest theRequest = (HttpServletRequest) request; 

     theResponse.setHeader("Access-Control-Allow-Origin", theRequest.getHeader("Origin")); 

     if ("OPTIONS".equalsIgnoreCase(theRequest.getMethod())) { 
      theResponse.setHeader("Access-Control-Allow-Credentials", "true"); 
      theResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, HEAD, OPTIONS, DELETE"); 
      theResponse.setHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, X-HTTP-Method-Override"); 
     }else{ 
      chain.doFilter(request, response); 
     } 
    }

来源

2016-05-06 11:20:25 Guymage

相关问题

 相关问题