ThinkChat🤖让你学习和工作更高效,注册即送10W Token,即刻开启你的AI之旅 广告
# Jersey REST 客户端认证示例 > 原文: [https://howtodoinjava.com/jersey/jersey-rest-client-authentication/](https://howtodoinjava.com/jersey/jersey-rest-client-authentication/) 了解如何使用[`HttpAuthenticationFeature`](https://github.com/jersey/jersey/blob/master/core-client/src/main/java/org/glassfish/jersey/client/authentication/HttpAuthenticationFeature.java)构建**Jersey REST 客户端**,该客户端可用于访问认证/授权安全性后面的 REST API。 例如,我们将为在 [Jersey Secured REST API 教程](//howtodoinjava.com/jersey/jersey-rest-security/)中保护的服务创建 **jersey 客户端**; 并且我将扩展为 [**Jersey RESTful 客户端示例**](//howtodoinjava.com/jersey/jersey-restful-client-examples/)创建的源代码。 ```java Table of Contents 1\. HttpAuthenticationFeature 2\. How to secure REST APIs 3\. Jersey REST Client Code ``` ## 1\. Jersey 客户端 – `HttpAuthenticationFeature` `HttpAuthenticationFeature`类提供 HttpBasic 和 Digest 客户端认证功能。 该功能以 4 种模式之一工作,即`BASIC`,`BASIC NON-PREEMPTIVE`,`DIGEST`和`UNIVERSAL`。 让我们快速了解它们。 1. **`BASIC`** – 一种抢占式认证方式,即信息始终与每个 HTTP 请求一起发送。 此模式必须与 SSL/TLS 结合使用,因为密码仅以 BASE64 编码发送。 2. **`BASIC NON-PREEMPTIVE`** – 一种非优先的认证方式,即仅当服务器拒绝带有 401 状态码的请求后再添加认证信息,才添加认证信息。 3. **`DIGEST`** – HTTP 摘要认证。 不需要使用 SSL/TLS。 4. **`UNIVERSAL`** – 非抢占模式下基本认证和摘要认证的组合,即在 401 响应的情况下,将根据`WWW-Authenticate` HTTP 标头中定义的请求认证使用适当的认证。 要使用`HttpAuthenticationFeature`,请构建一个实例并向客户端注册。 #### 1.1 基本认证方式 ```java HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic("username", "password"); final Client client = ClientBuilder.newClient(); client.register(feature); ``` #### 1.2 基本认证 - 非强制模式 ```java HttpAuthenticationFeature feature = HttpAuthenticationFeature.basicBuilder() .nonPreemptive() .credentials("username", "password") .build(); final Client client = ClientBuilder.newClient(); client.register(feature); ``` #### 1.3 通用模式 ```java //HttpAuthenticationFeature feature = HttpAuthenticationFeature.universal("username", "password"); //Universal builder having different credentials for different schemes HttpAuthenticationFeature feature = HttpAuthenticationFeature.universalBuilder() .credentialsForBasic("username1", "password1") .credentials("username2", "password2").build(); final Client client = ClientBuilder.newClient(); client.register(feature); ``` ## 2\. 如何保护 REST API 对于启用认证的 REST api,请使用与角色相关的注解,例如`@RolesAllowed`。 例如,这是安全的 REST API 的代码。 ```java @Path("/employees") public class JerseyService { @RolesAllowed("ADMIN") @GET @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) public Employees getAllEmployees() { Employees list = new Employees(); list.setEmployeeList(new ArrayList<Employee>()); list.getEmployeeList().add(new Employee(1, "Lokesh Gupta")); list.getEmployeeList().add(new Employee(2, "Alex Kolenchiskey")); list.getEmployeeList().add(new Employee(3, "David Kameron")); return list; } } ``` > 阅读更多:[Jersey 安全 REST API 教程](//howtodoinjava.com/jersey/jersey-rest-security/) ## 3\. Jersey REST 客户端代码 以下是 **Jersey REST 客户端基本认证**示例,该示例接受用于认证的用户名和密码详细信息。 ```java public static void main(String[] args) throws IOException { httpGETCollectionExample(); } private static void httpGETCollectionExample() { ClientConfig clientConfig = new ClientConfig(); HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic("howtodoinjava", "password"); clientConfig.register( feature) ; clientConfig.register(JacksonFeature.class); Client client = ClientBuilder.newClient( clientConfig ); WebTarget webTarget = client.target("http://localhost:8080/JerseyDemos/rest").path("employees"); Invocation.Builder invocationBuilder = webTarget.request(MediaType.APPLICATION_JSON); Response response = invocationBuilder.get(); System.out.println(response.getStatus()); System.out.println(response.getStatusInfo()); if(response.getStatus() == 200) { Employees employees = response.readEntity(Employees.class); List<Employee> listOfEmployees = employees.getEmployeeList(); System.out.println(Arrays.toString( listOfEmployees.toArray(new Employee[listOfEmployees.size()]) )); } } ``` #### 3.1 正确的用户名/密码的输出 ```java 200 OK [Employee [id=1, name=Lokesh Gupta], Employee [id=2, name=Alex Kolenchiskey], Employee [id=3, name=David Kameron]] ``` #### 3.2 不正确的用户名/密码的输出 ```java 401 Unauthorized ``` 将您的问题放在评论部分。 学习愉快!