Handling 401 basic / base64 security exception in RestEasy and Tomcat

There are many ways to get good protection for REST (easy) services. I have already tried. In this case, basic authentication is only required. Thus, not based on login, RequestFilters, etc. Please focus on this example.

Adding security to one postEasy method, I keep getting 401 exceptions. How can I securely access the "message"? I used the Adam Bien / Atjem KΓΆnig authenticator code.

Without security settings in web.xml, I get normal access, so part of the code works fine. I don't need / need any login screen.

Tomcat users: conf / tomcat-users.xml:

<user username="wineuser" password="winepass" roles="winer"/> 

Web.xml file:

 <security-constraint> <web-resource-collection> <web-resource-name>wine secret</web-resource-name> <url-pattern>/rest/wines/secret</url-pattern> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>winer</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> <security-role> <role-name>winer</role-name> </security-role> 

Application Class:

 @ApplicationPath("/rest") public class RestEasyWineServices extends Application { } 

Authentication Utilities:

 import java.io.IOException; import java.io.UnsupportedEncodingException; import javax.ws.rs.client.ClientRequestContext; import javax.ws.rs.client.ClientRequestFilter; import javax.ws.rs.core.MultivaluedMap; import javax.xml.bind.DatatypeConverter; public class Authenticator implements ClientRequestFilter { private final String user; private final String password; public Authenticator(String user, String password) { this.user = user; this.password = password; } public void filter(ClientRequestContext requestContext) throws IOException { MultivaluedMap<String, Object> headers = requestContext.getHeaders(); final String basicAuthentication = getBasicAuthentication(); headers.add("Authorization", basicAuthentication); } private String getBasicAuthentication() { String token = this.user + ":" + this.password; try { return "Basic " + DatatypeConverter.printBase64Binary(token.getBytes("UTF-8")); } catch (UnsupportedEncodingException ex) { throw new IllegalStateException("Cannot encode with UTF-8", ex); } } } 

Resource class and method:

 @Path("/wines") public class WineResource { ... @POST @Path("secret") @Produces({ MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_JSON}) public Wine echoPostWineSecret( Wine inputWine2) { System.out.println( "Server: **SECRET** post (" + inputWine2 + ")"); inputWine2 = dao.create(inputWine2); return inputWine2; } } 

Customer Class:

 Client clientSecret = ClientBuilder.newClient().register(new Authenticator( "wineuser", "winepass")); WebTarget targetSecret = clientSecret.target("http://localhost:8080").path("/RestRestEasyJquerySqlite2Hibernate/rest/wines"); wine.setId( 1231); wine.setName( "secret wine name_" + dateKey); wine.setCountry( "secret wine country_" + dateKey); wine.setGrapes( "secret wine grapes_" + dateKey); wine.setRegion( "secret wine region_" + dateKey); try { wine = targetSecret.path( "secret").request( MediaType.APPLICATION_JSON_TYPE).post( Entity.entity( wine, MediaType.APPLICATION_JSON_TYPE), Wine.class); System.out.println( "SECRET created wine: " + wine); } catch( Exception e) { System.out.println( "ERROR: Back on the client: exception"); e.printStackTrace(); } 
+6
source share
1 answer

The specified software was correct. Deployment was wrong.

The problem with getting exception 401 was that the software was deployed to an Eclipse-linked private Tomcat server. On this server, no configuration was performed with users.

The solution to the problem was to export the WAR file to a separate Tomcat server. On this Tomcat server, I configured users through the tomcat-users configuration file.

+1
source

Source: https://habr.com/ru/post/1012980/


All Articles