我正在使用 Netbeans 7.2 开发两个项目:
1:一个jee6 web项目(提供):一个RestEasy webservices,它使用JPA(EclipseLink 2.3)从PostgreSQL数据库中获取数据并部署在JBoss 7.1.1.Final上
jboss-web.xml:
<jboss-web>
<!-- URL to access the web module -->
<context-root>/dbo</context-root>
</jboss-web>
网页.xml:
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>Restful Web Application</display-name>
<display-name>Restful Web Application</display-name>
<!-- Auto scan REST service -->
<context-param>
<param-name>resteasy.scan</param-name>
<param-value>true</param-value>
</context-param>
<!-- this need same with resteasy servlet url-pattern -->
<context-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
<param-value>/rest</param-value>
</context-param>
<listener>
<listener-class>
org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap
</listener-class>
</listener>
<servlet>
<servlet-name>resteasy-servlet</servlet-name>
<servlet-class>
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>resteasy-servlet</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
JSONService.java:
package com.ostudio.dbo.rest;
import com.ostudio.dbo.model.Member;
import java.util.List;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
@Path("/members")
@RequestScoped
public class JSONService {
@Inject
private EntityManager em;
@GET
@Produces(javax.ws.rs.core.MediaType.APPLICATION_JSON)
public List<Member> listAllMembers() {
@SuppressWarnings("unchecked")
final List<Member> results = em.createQuery("select m from Member m order by m.name").getResultList();
return results;
}
}
2:第二个项目是客户端(Consumer):一个jee6 web项目:一个RestEasy客户端,它的安全基于jaas连接的ldap服务器,部署在JBoss 7.1.1.Final
网页.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>home-module</display-name>
<!-- Protected Areas -->
<security-constraint>
<display-name>Admin Area</display-name>
<web-resource-collection>
<web-resource-name>Only_admins</web-resource-name>
<url-pattern>/pages/protected/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>For admin role only</description>
<role-name>administrators</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- Validation By Form -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/pages/public/login.xhtml</form-login-page>
<form-error-page>/pages/public/loginError.xhtml</form-error-page>
</form-login-config>
</login-config>
<!-- Allowed Roles -->
<security-role>
<description>Administrators</description>
<role-name>administrators</role-name>
</security-role>
</web-app>
jboss-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<!-- URL to access the web module -->
<context-root>/</context-root>
<!-- Realm that will be used -->
<security-domain>SecurityRealm</security-domain>
</jboss-web>
jboss-部署结构.xml:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="org.primefaces" meta-inf="export">
<imports>
<include path="META-INF" />
</imports>
</module>
<module name="org.jboss.resteasy.resteasy-jaxrs" meta-inf="export">
<imports>
<include path="META-INF" />
</imports>
</module>
</dependencies>
</deployment>
</jboss-deployment-structure>
DBOResteasyClient.java:
package com.ostudio.homemodule.dbo;
import com.ostudio.homemodule.model.Member;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Logger;
import javax.annotation.PostConstruct;
import javax.enterprise.context.RequestScoped;
import javax.faces.bean.ManagedBean;
import javax.inject.Named;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import org.apache.http.client.ClientProtocolException;
import org.jboss.resteasy.client.ClientRequest;
import org.jboss.resteasy.client.ClientResponse;
import org.primefaces.json.JSONArray;
import org.primefaces.json.JSONException;
import org.primefaces.json.JSONObject;
/**
*
* @author josuna
*/
@ManagedBean(name="dboBean")
@RequestScoped
public class DBOResteasyClient {
private static final String BASE_URI = "http://localhost:8080/dbo/rest";
ClientRequest webResource;
ClientResponse response;
private List<Member> members;
private Member member;
private static final Logger log = Logger.getLogger(DBOResteasyClient.class.toString());
public DBOResteasyClient() {
final String Path = "/members";
webResource = new ClientRequest(BASE_URI+Path);
}
// @Named provides access the return value via the EL variable name "members" in the UI (e.g.,
// Facelets or JSP view)
@Produces
@Named
public List<Member> getMembers(){
return this.members;
}
@PostConstruct
public void listAllMembers() {
try{
ClientRequest resource = webResource;
response = resource.accept(javax.ws.rs.core.MediaType.APPLICATION_JSON).get(ClientResponse.class);
if (response.getStatus() != 200) {
throw new RuntimeException("Failed : HTTP error code : "
+ response.getStatus()); }
}catch(Exception e ){
e.printStackTrace();
}
String jsonData = (String) response.getEntity(String.class);
JSONArray jsonArray = null;
try {
jsonArray = new JSONArray(jsonData);
members = new ArrayList<Member>();
for(int i=0;i<jsonArray.length();i++)
{
JSONObject json_data = jsonArray.getJSONObject(i);
member = new Member();
member.setId(json_data.getLong("id"));
member.setName(json_data.getString("name"));
member.setEmail(json_data.getString("email"));
member.setPhoneNumber(json_data.getString("phoneNumber"));
members.add(member);
}
} catch (JSONException e) {
// TODO Auto-generated catch block
log.info("ERROR EN listAllMembers: DBOResteasyClient: home-module");
}
// log.info("listAllMembers: size["+ members.size()+"]");
log.info("Output from Server .... \n");
log.info(jsonData);
}
public void close(){
}
}
我的问题是: 我需要保护网络服务。我使用 jboss 7.1 领域来保护客户端,我需要保护 web 服务 resteasy 但我不想使用其他领域,因为它再次要求身份验证,是否有一种形式来保护 web 服务并使用客户端身份验证来访问没有它的网络服务再次要求身份验证?