浏览器不使用基本身份验证提示输入凭据

Question

我的目标是为服务器上的单个资源提供身份验证，为此我使用自定义过滤器。由于使用 JAVA 1.6 的限制，我没有使用@NameBinding。使用Response.header(HttpHeaders.WWW_AUTHENTICATE,"Basic") 不会提示输入凭据。

使用 ContainerRequestFilter 对我的事业没有帮助，因为它会对服务器的每个资源进行过滤。

过滤器

@Provider
public class AuthenticationFilter implements Filter {

    @Override
    public void doFilter(ServletRequest req, ServletResponse resp,
            FilterChain chain) throws IOException, ServletException {

        HttpServletRequest request = (HttpServletRequest) req;

        System.out.println("Entered authentication filter");

        throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED)
                .header(HttpHeaders.AUTHORIZATION,"Basic")
                .entity("Credentials are required to access this resource.")
                .build());

//      chain.doFilter(req, resp);

    }

    @Override
    public void init(FilterConfig arg0) throws ServletException {}

    @Override
    public void destroy() {}
}

web.xml 映射

<filter>
    <filter-name>AuthenticationFilter</filter-name>
    <filter-class>Utils.LDAPAuthentication.AuthenticationFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>AuthenticationFilter</filter-name>
    <url-pattern>/download</url-pattern>
  </filter-mapping>

我在访问网络服务时得到的响应是

Answer 1

所以按照 Paul 的建议，我使用了 HttpServletResponse。

HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
if(request.getHeader("Authorization")==null){
    response.setHeader(HttpHeaders.WWW_AUTHENTICATE,"Basic");
    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
else{
    String credentials = request.getHeader("Authorization");
}