java - 如何创建 protected ReSTLet资源？

Question

我正在尝试基于此示例创建 protected ReSTLet 资源 http://bipinkunjumon.blogspot.com/2013/05/restlet-application-for-accessing.html :

public class PartApp extends Application {
public  static  final  String  ROOT_URI="localhost:8151/accounts/{accountId}";
public static void main(String[] args) throws Exception
{
    // Create a component
    Component component = new Component();
    component.getServers().add(Protocol.HTTP, 8151);
    component.getClients().add(Protocol.FILE);

    // Create an application
    Application application = new PartApp();

    // Attach the application to the component and start it
    component.getDefaultHost().attachDefault(application);
    component.start();
}

@Override
public Restlet createInboundRoot()
{
    // Create a simple password verifier
    MapVerifier verifier = new MapVerifier();
    verifier.getLocalSecrets().put("scott", "tiger".toCharArray());



    // Create a Guard
    ChallengeAuthenticator authenticator = new ChallengeAuthenticator(
            getContext(), ChallengeScheme.HTTP_BASIC, "Tutorial");
    authenticator.setVerifier(verifier);

    // Create a Directory able to return a deep hierarchy of files
    Directory directory = new Directory(getContext(), ROOT_URI);

    directory.setListingAllowed(true);
    authenticator.setNext(directory);
    return authenticator;
}
}

但它适用于所有服务器资源。例如，如果没有登录名和密码，我无法输入 localhost:8111。但我只需要保护一种资源: localhost:8151/accounts/{accountId} 并为其他资源提供免费访问。我怎样才能做到这一点？

Answer 1

基于我在这里找到的代码:https://stackoverflow.com/a/2220624/444028 , 我使用 Java 7 和 ReSTLet SE 2.3.9 制作了这个小项目:

该项目中有2个包，共6个java文件(均为服务器端代码):

1. 包

   com.blogspot.javarestlet.httpbasicauth.server.app

   1. AdminAppStart.java (Application extension for authorized client)
   2. ClientAppStart.java (Application extension for unauthorized client) [Note: This is not the client side code.]
   3. Main.java (One that runs the server)
2. package

   com.blogspot.javarestlet.httpbasicauth.server.resources

   1. HelloWorldAdminServerResource.java (To be attached with AdminAppStart)
   2. HelloWorldClientServerResource.java (To be attached with ClientAppStart)
   3. HelloWorldDefaultServerResource.java (A somewhat unnecessary class file)

Here is code of each file:

AdminAppStart.java

package com.blogspot.javarestlet.httpbasicauth.server.app;

import org.restlet.Application;
import org.restlet.Context;
import org.restlet.Restlet;
import org.restlet.data.ChallengeScheme;
import org.restlet.routing.Router;
import org.restlet.security.ChallengeAuthenticator;
import org.restlet.security.MapVerifier;

import com.blogspot.javarestlet.httpbasicauth.server.resources.HelloWorldAdminServerResource;
import com.blogspot.javarestlet.httpbasicauth.server.resources.HelloWorldDefaultServerResource;

public class AdminAppStart extends Application {
    private ChallengeAuthenticator authenticator;

    private ChallengeAuthenticator createAuthenticator() {
        Context context = getContext();
        final boolean optional = false;
        ChallengeScheme challengeScheme = ChallengeScheme.HTTP_BASIC;
        String realm = "Example site";

        MapVerifier verifier = new MapVerifier();
        verifier.getLocalSecrets().put("scott", "tiger".toCharArray());

        ChallengeAuthenticator auth = new ChallengeAuthenticator(context, optional, challengeScheme, realm, verifier);
        return auth;
    }

    @Override
    public Restlet createInboundRoot() {
        this.authenticator = createAuthenticator();

        Router router = new Router();
        router.attach("/user", HelloWorldAdminServerResource.class);
        router.attach("", HelloWorldDefaultServerResource.class);

        authenticator.setNext(router);
        return authenticator;
    }

}

ClientAppStart.java

package com.blogspot.javarestlet.httpbasicauth.server.app;

import org.restlet.Application;
import org.restlet.Restlet;
import org.restlet.routing.Router;

import com.blogspot.javarestlet.httpbasicauth.server.resources.HelloWorldClientServerResource;

public class ClientAppStart extends Application {
@Override
public Restlet createInboundRoot() {
    Router router = new Router();
    router.attach("/clientres/hello", HelloWorldClientServerResource.class);
    return router;
}
}

Main.java

package com.blogspot.javarestlet.httpbasicauth.server.app;

import org.restlet.Application;
import org.restlet.Component;
import org.restlet.data.Protocol;

public class Main {
    public static void main(String[] args) throws Exception
    {
        // Create a component
        Component component = new Component();
        component.getServers().add(Protocol.HTTP, 8151);
        component.getClients().add(Protocol.HTTP);

        // Create an application
        Application application = new ClientAppStart();

        // Attach the application to the component and start it
        component.getDefaultHost().attach("/userx",application);
        component.getDefaultHost().attach("/admin/accounts/abc123",new AdminAppStart());
        component.start();
    }
}

HelloWorldAdminServerResource.java

package com.blogspot.javarestlet.httpbasicauth.server.resources;

import org.restlet.resource.Get;
import org.restlet.resource.ServerResource;

public class HelloWorldAdminServerResource  extends ServerResource {
    @Get
    public String $get()
    {
        return "Hello Admin";
    }
}

HelloWorldClientServerResource.java

package com.blogspot.javarestlet.httpbasicauth.server.resources;

import org.restlet.resource.Get;
import org.restlet.resource.ServerResource;

public class HelloWorldClientServerResource extends ServerResource {
@Get
public String $get()
{
    return "Hello Client";
}
}

HelloWorldDefaultServerResource.java

package com.blogspot.javarestlet.httpbasicauth.server.resources;

import org.restlet.resource.Get;
import org.restlet.resource.ServerResource;

public class HelloWorldDefaultServerResource extends ServerResource{
@Get
public String $get()
{
    return "please enter a sub-url after abc123";
}
}

这是 cURL 请求响应日志:

C:\Users\abhishek>curl -i "http://localhost:8151/userx/clientres/hello"
HTTP/1.1 200 OK
Content-type: text/plain; charset=UTF-8
Content-length: 12
Server: Restlet-Framework/2.3.9
Accept-ranges: bytes
Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
Date: Mon, 23 Jan 2017 11:37:01 GMT

Hello Client

======================================================================

C:\Users\abhishek>curl -i -H "Authorization: Basic c2NvdHQ6dGlnZXI=" "http://localhost:8151/admin/accounts/abc123"
HTTP/1.1 200 OK
Content-type: text/plain; charset=UTF-8
Content-length: 35
Server: Restlet-Framework/2.3.9
Accept-ranges: bytes
Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
Date: Mon, 23 Jan 2017 11:35:07 GMT

please enter a sub-url after abc123

======================================================================

C:\Users\abhishek>curl -i -H "Authorization: Basic c2NvdHQ6dGlnZXI=" "http://localhost:8151/admin/accounts/abc123/user"
HTTP/1.1 200 OK
Content-type: text/plain; charset=UTF-8
Content-length: 11
Server: Restlet-Framework/2.3.9
Accept-ranges: bytes
Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
Date: Mon, 23 Jan 2017 11:35:04 GMT

Hello Admin

======================================================================

C:\Users\abhishek>curl -i "http://localhost:8151/admin/accounts/abc123/user"
HTTP/1.1 401 Unauthorized
Content-type: text/html; charset=UTF-8
Content-length: 424
Www-authenticate: Basic realm="Example site"
Server: Restlet-Framework/2.3.9
Accept-ranges: bytes
Date: Mon, 23 Jan 2017 12:48:08 GMT

<html>
<head>
   <title>Status page</title>
</head>
<body style="font-family: sans-serif;">
<p style="font-size: 1.2em;font-weight: bold;margin: 1em 0px;">Unauthorized</p>
<p>The request requires user authentication</p>
<p>You can get technical details <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">here</a>.<br>
Please continue your visit at our <a href="/">home page</a>.
</p>
</body>
</html>

尝试一下，如果您遇到任何问题，请告诉我们。

添加于 2017-01-24 1524:

既然提问者问“..这是通过创建单独的应用程序来执行此类操作的通用规则吗..？”

以下是该问题的最简单答案:

Application.createInboundRoot() 应该返回 ReSTLet 并且这里是从这里获得的 ReSTLet 类的子类:https://restlet.com/technical-resources/restlet-framework/javadocs/2.3/jee/api/

org.restlet.Restlet
^
|
|--org.restlet.Application
|
|--org.restlet.Component
|
|--org.restlet.Connector
|  ^
|  |--org.restlet.Client
|  |
|  |--org.restlet.Server
|
|--org.restlet.routing.Filter
|  ^
|  |
|  |--org.restlet.security.Authenticator
|  |  ^
|  |  |
|  |  |--org.restlet.security.CertificateAuthenticator
|  |  |
|  |  |--org.restlet.security.ChallengeAuthenticator
|  |
|  |--org.restlet.security.Authorizer
|  |  ^
|  |  |
|  |  |--org.restlet.security.ConfidentialAuthorizer
|  |  |
|  |  |--org.restlet.security.MethodAuthorizer
|  |  |
|  |  |--org.restlet.security.RoleAuthorizer
|  |
|  |--org.restlet.routing.Extractor
|  |
|  |--org.restlet.routing.Route
|  |  ^
|  |  |
|  |  |--org.restlet.routing.TemplateRoute
|  |
|  |--org.restlet.routing.Validator
|
|--org.restlet.resource.Finder
|  ^
|  |
|  |--org.restlet.resource.Directory
|
|--org.restlet.routing.Redirector
|
|--org.restlet.routing.Router
|
|--org.restlet.util.WrapperRestlet

如果您浏览每个类的文档和示例(每个类都会使这个答案太长)，您会发现还有其他方法可以做到这一点，但是为每个类创建单独的 Application是所有方法中最简单的。