Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to read authorization header in JAX-RS service

I am new to Authorization header, trying to create authorization(and authentication) using a JAX-RS service

My snippet at the javascript looks like this:

            sUrl = getURL() + "/com.cabRoutePlanner.Login/Login";  
            var oHeaders = {};
            oHeaders['Authorization'] = "Basic " + btoa(getUserName() + ":" + getPassword());

            var request = {
                headers : oHeaders,
                requestUri : sUrl,
                data: connectionData,
                method : "POST"
            };
            OData.request(request, onSuccessForRegister, onRegError);

Now, I want to read this authorization header at the JAX-RS service, i.e username and password back in my Java Rest service and check with my db. What I am confused with is, I don't know how to consume this authorization header. If somebody could just show me the declaration of the function in the REST service and just to access my username and passwrd, it'd be great.

I wrote the code somehow, with a little intuition and great help from Eclipse

@Path("/Log")
@POST
@Produces(MediaType.APPLICATION_JSON)
public Response log(HttpServletRequest req)throws JSONException
{
    JSONObject returnObject = new JSONObject();
    String authorization = req.getHeader("Authorization");
    if (authorization != null && authorization.startsWith("Basic")) 
    {
        //byte[] message = authorization.substring("Basic".length()).trim().getBytes();
        String credentials = authorization.substring("Basic".length()).trim();
        byte[] decoded = DatatypeConverter.parseBase64Binary(credentials);
        String decodedString = new String(decoded);
        String[] actualCredentials = decodedString.split(":");
        String ID = actualCredentials[0];
        String Password = actualCredentials[1];
        String Result = actualLog(ID, Password);
        if(Result.equals("ID Does not exist"))
        {
            returnObject.put("Result", "ID Does not exist");
            return Response.status(401).entity(returnObject).build();

        }
        else if(Result.equals("Password incorrect for given User"))
        {
            returnObject.put("Result", "Password incorrect for given User");
            return Response.status(401).entity(returnObject).build();
        }
        else
        {
            returnObject.put("Result", Result);
            return Response.status(200).entity(returnObject).build();
        }
    }
    else
    {
        returnObject.put("Result", "Authorization header wrong");
        return Response.status(401).entity(returnObject).build();
    }
}

Now, here is the current Exception I am getting and I'm not able to understand it:

 Oct 06, 2014 4:13:59 PM com.sun.jersey.spi.container.ContainerRequest getEntity
 SEVERE: A message body reader for Java class javax.servlet.http.HttpServletRequest, and Java type interface javax.servlet.http.HttpServletRequest, and MIME media type application/octet-stream was not found.
 The registered message body readers compatible with the MIME media type are:
 application/octet-stream ->
 com.sun.jersey.core.impl.provider.entity.ByteArrayProvider
 com.sun.jersey.core.impl.provider.entity.FileProvider
 com.sun.jersey.core.impl.provider.entity.InputStreamProvider
 com.sun.jersey.core.impl.provider.entity.DataSourceProvider
 com.sun.jersey.core.impl.provider.entity.RenderedImageProvider
 */* ->
 com.sun.jersey.core.impl.provider.entity.FormProvider
 com.sun.jersey.core.impl.provider.entity.MimeMultipartProvider
 com.sun.jersey.core.impl.provider.entity.StringProvider
 com.sun.jersey.core.impl.provider.entity.ByteArrayProvider
 com.sun.jersey.core.impl.provider.entity.FileProvider
 com.sun.jersey.core.impl.provider.entity.InputStreamProvider
 com.sun.jersey.core.impl.provider.entity.DataSourceProvider
 com.sun.jersey.core.impl.provider.entity.XMLJAXBElementProvider$General
 com.sun.jersey.core.impl.provider.entity.ReaderProvider
 com.sun.jersey.core.impl.provider.entity.DocumentProvider
 com.sun.jersey.core.impl.provider.entity.SourceProvider$StreamSourceReader
 com.sun.jersey.core.impl.provider.entity.SourceProvider$SAXSourceReader
 com.sun.jersey.core.impl.provider.entity.SourceProvider$DOMSourceReader
 com.sun.jersey.json.impl.provider.entity.JSONJAXBElementProvider$General
 com.sun.jersey.json.impl.provider.entity.JSONArrayProvider$General
 com.sun.jersey.json.impl.provider.entity.JSONObjectProvider$General
 com.sun.jersey.core.impl.provider.entity.XMLRootElementProvider$General
 com.sun.jersey.core.impl.provider.entity.XMLListElementProvider$General
 com.sun.jersey.core.impl.provider.entity.XMLRootObjectProvider$General
 com.sun.jersey.core.impl.provider.entity.EntityHolderReader
 com.sun.jersey.json.impl.provider.entity.JSONRootElementProvider$General
 com.sun.jersey.json.impl.provider.entity.JSONListElementProvider$General
 com.sun.jersey.json.impl.provider.entity.JacksonProviderProxy
like image 860
Pavanraotk Avatar asked Oct 06 '14 08:10

Pavanraotk


People also ask

What is the Authorization header?

The HTTP headers Authorization header is a request type header that used to contains the credentials information to authenticate a user through a server. If the server responds with 401 Unauthorized and the WWW-Authenticate header not usually.


1 Answers

You should use @Context HttpServletRequest request to inject request in your method, like this:

public Response log(@Context HttpServletRequest req) throws JSONException

Other useful objects that could be injected using @Context are (see JAX-RS spec for details):

  • Application
  • UriInfo, HttpHeaders
  • SecurityContext,
  • Providers, Request
  • ServletConfig, ServletContext, HttpServletRequest and HttpServletResponse

So in your case you could use also @Context HttpHeaders headers and then

List<String> authHeaders = headers.getRequestHeader(HttpHeaders.AUTHORIZATION);
like image 85
Gas Avatar answered Sep 21 '22 01:09

Gas