Write proxy/wrapper class for own service in jerse

2019-07-01 16:52发布

I want to access a full rest service with basic http auth running. However there is no way to for the javascript browser client to suppress the authenticate box when a wrong credential is provided.

I thought about different methods to solve this problem

  • someone suggested to remove the WWW-Authenticate Header with a filter (i dont think this is a clean approach)
  • i could rewrite my app to not use Basic Http Auth at all (i think this is too much trouble)
  • i could write a proxy that talks to my regular service

I like the last approach the best. I keep my regular Rest Interface, but also have the option to use this interface with clients that are not that flexible. Furthermore I can later proxy Http Requests unsupported by some browsers.

The idea is to have a /api/proxy/{request} path that proxies to /api/{request} and returns a Facebook-Graph-like JSON query { data: {data}, error: {error}}

This is the stub of the Proxy class

@Path("proxy")
public class ProxyResource {
@GET()
@Path("{url: [a-zA-Z/]*}")
public String get(@Context Request request, @PathParam("url") String url) {
        // remove proxy/ from path
        // resend request
        // verify result
}

} I can access the Request (which seems to be a ContainerRequest). How can I modify the request without building it from scratch to resend it.

Edit: when somebody knows a better approach i am delighted to hear about it.

标签: java rest jersey
1条回答
该账号已被封号
2楼-- · 2019-07-01 17:37

As I started to digg deeper into this, i found out that not the 401 was the problem. The www-authenticate header sent back from the server caused the browser to open the login box.

If somebody is interested I've written a little nodejs proxy to remove a www-authenticate from all server requests.

https://gist.github.com/ebb9a5052575b0a3f41f

As this is not the answer to my original question I will leave it open.

查看更多
登录 后发表回答