0

我正在尝试保护我的 RESTFul 网络服务,但我没有这样做。

即使我创建了 web.xml、Application 子类并放置了注释,我仍然可以在没有身份验证的情况下访问 web 服务。

你们知道我做错了什么吗?

我正在使用以下堆栈: Resteasy 3.0.24 Wildfly 11

这是我的代码:

MDBService.java

@Path("")
@RequestScoped
@Consumes(MediaType.APPLICATION_XML)
@Produces(MediaType.APPLICATION_XML)
public class MDBService {

public MDBService() {
}

@PUT
@Path("callEPFC")
@DenyAll
public Response callEPFC(String prices) {
    return Response.status(200).entity(null).build();
}
}

MDBApplication.java

@ApplicationPath("/EPFC")
public class MDBApplication extends Application {
@Override
public Set<Class<?>> getClasses() {
    Set<Class<?>> resources = new HashSet<>();
    resources.add(MDBService.class);
    return resources;
}
}

web.xml

<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
    <param-name>resteasy.role.based.security</param-name>
    <param-value>true</param-value>
</context-param>

<listener>
    <listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
</listener>

<servlet>
    <servlet-name>Resteasy</servlet-name>
    <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
    <init-param>
        <param-name>javax.ws.rs.Application</param-name>
        <param-value>de.wingas.pfc.input.MDBApplication</param-value>
    </init-param>
</servlet>

<servlet-mapping>
    <servlet-name>Resteasy</servlet-name>
    <url-pattern>/*</url-pattern>

</servlet-mapping>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Resteasy</web-resource-name>
        <url-pattern>/EPFC</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>matlab_epfc</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>ApplicationRealm</realm-name>
</login-config>

<security-role>
    <role-name>matlab_epfc</role-name>
</security-role>
</web-app>

构建.gradle

apply plugin: 'war'
version=''
sourceCompatibility = 1.8
targetCompatibility = 1.8
dependencies {
providedCompile group: 'javax', name: 'javaee-api', version: '7.0'

providedCompile group: 'org.jboss.resteasy', name: 'resteasy-servlet-initializer', version: '3.0.24.Final'
providedCompile group: 'org.jboss.resteasy', name: 'resteasy-multipart-provider', version: '3.0.24.Final'
providedCompile group: 'org.jboss.resteasy', name: 'resteasy-jaxrs', version: '3.0.24.Final'
providedCompile group: 'org.jboss.resteasy', name: 'resteasy-cdi', version: '3.0.24.Final'

}
4

1 回答 1

0

好吧,问题是 gradle 没有将 web.xml 复制到战争中。将其添加到 gradle buildfile 后,一切都开始工作了。

war {
   webXml = file('src/main/webapp/WEB-INF/web.xml')
   webInf { from file('src/main/webapp/WEB-INF/beans.xml')}
}
于 2017-12-01T08:17:52.177 回答