users@jersey.java.net

Re: [Jersey] How do I supply my own Authenticator?

From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
Date: Thu, 07 Aug 2008 11:17:21 +0200

Hi Ronald,

I think the problem is because the HttpServerFactory.create is creating
a context as follows:

         final HttpServer server = (scheme.equalsIgnoreCase("http")) ?
             HttpServer.create(new InetSocketAddress(port), 0) :
             HttpsServer.create(new InetSocketAddress(port), 0);

         server.createContext(path, handler);
         return server;

But that context is not accessible. You are then creating a new context:

         HttpContext context = server.createContext("/", handler);

and this is confusing the HTTP server.

Try doing the following:

         server.removeContext("/");
         HttpContext context = server.createContext("/", handler);

Frustratingly there is no way to obtain an existing context from the server.

Perhaps i can add methods to

   HttpServer HttpServerFactory(String uri):
   HttpServer HttpServerFactory(URI uri):

to return a server configured for a URI but with no contexts created.
Then you can create one or more contexts yourself and configure them.

Note that i need to fix the Jersey HttpHandler to support the JAX-RS
SecurityContext with the information from the HttpExchange so that you
can access the Principle instance. Perhaps i should also allow injection
of HttpExchange...

Paul.

Ronald J Mann wrote:
> Hi!
>
> I'm trying to build a simple management interface over http that
> requires basic authentication. As we are trying to make this as
> lightweight as possible, I'm using com.sun.net.httpserver.HttpServer. I
> want to supply my own credential check, so I've created a class to
> extend the BasicAuthenticator and have overriden the checkCredentials()
> method to supply the necessary verification.
>
> I start my server thus:
>
> HttpHandler handler =
> ContainerFactory.createContainer(HttpHandler.class);
> server = HttpServerFactory.create("http://localhost:" + port + "/",
> handler);
> HttpContext context = server.createContext("/", handler);
> context.setAuthenticator(new CWSAuthenticator(agent.getRootName()));
> server.start();
>
> One of my resouces looks like this:
> @Path( "/info")
> public class InfoResource {
> @GET @ProduceMime("application/json")
> public String getInfo() {
> try {
> Info info = new CWSInfo();
> info.setCount(agent.getCount());
> etc...
> return info.toJson();
> } catch (Exception ex) {
> ex.printStackTrace();
> throw new NotFoundException("Could not retrieve the Info
> Document requested. ");
> }
> }
>
> With this code, when I try to retrieve the document, I never get to my
> authenticator code, but my info document is returned correctly. If I
> alter the creation argument for the HttpContext from "/" to "/info" in
> the server creation above, I authenticate properly but I get a 404 error
> as the doc is not found, presumably the resource was never called. I'm
> assuming that somehow the contexts are conflicting (or overriding
> eacthother) whcih would explain this behavior.
>
> Clearly I'm missing something here, does anyone have any suggestions as
> to I could supply my own authentication mechanism?
> Thanks!
>
> =Ron=
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>

-- 
| ? + ? = To question
----------------\
    Paul Sandoz
         x38109
+33-4-76188109