码头、印前飞行和阿贾克斯

2022-09-03 16:16:36

以编程方式设置一个Jetty服务器,我尝试通过ajax和xmlHttpRequest访问。未经授权,呼叫工作正常,但与,我得到401未经授权。任何建议。

Javascript 调用如下所示(缩短):

var auth = base64encode('name','pwd');
try{
    var xmlhttp = new XMLHttpRequest();
    xmlhttp.open("POST", "http://127.0.0.1:5563/ajax/index.html", true);
    xmlhttp.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
    xmlhttp.setRequestHeader('Authorization', auth);
    xmlhttp.withCredentials = 'true';
    xmlhttp.send();
    xmlDoc = xmlhttp.responseXML; 
    $('#textResult').val(xmlDoc);
}
catch(e){
    $('#textResult').val('CATCH: ' + e);
}

服务器代码看起来像这样(甚至更短)

class CallObject extends HttpServlet {
    //...
    @Override
    public void doOptions(HttpServletRequest request, HttpServletResponse response)
    throws IOException
    {
    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods",
                       "GET, POST, HEAD, OPTIONS");
    response.setHeader("Access-Control-Allow-Credentials", "true");
    response.setHeader("Access-Control-Allow-Headers",
                       "X-Requested-With, authorization");
    }
//...
}

class WebServer{
//...
    SecurityHandler sh = null;
    if (logins != null && logins.length > 0){
        String role = "user";
        sh = new SecurityHandler();
        Constraint constraint = new Constraint();
        constraint.setName(Constraint.__BASIC_AUTH);
        constraint.setRoles(new String[]{role});
        constraint.setAuthenticate(true);
        ConstraintMapping cm = new ConstraintMapping();
        cm.setConstraint(constraint);
        cm.setPathSpec("/*");
        HashUserRealm hur = new HashUserRealm();
        hur.setName("eMark Web Server");
        for (int i = 0; i < logins.length; i++) {
            String user_name = logins[i][0];
            String password = logins[i][1];
            hur.put(user_name, password);
            hur.addUserToRole(user_name, role);
        }
        sh.setUserRealm(hur);
        sh.setConstraintMappings(new ConstraintMapping[]{cm});
        _server.setHandlers(
            new Handler[]{sh, _contexts, new DefaultHandler()});
    }
//...
}

答案 1

您的函数如何处理这两个参数?标头的值必须是字符串 的 base64 编码值。(请注意冒号。base64encodeAuthorizationusername:password

注意:对于同源 XMLHttpRequests,您可以将用户名和密码作为参数提供给 open 方法。


答案 2

授权标头应类似于以下示例:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

其中,出现在“基本”之后的文本是以下的 base64 编码:

查看此链接了解更多信息:http://en.wikipedia.org/wiki/Basic_access_authentication