How to implementation Basic Auth at Server side in Java using RestEasy? I have attached my filter as Java Code.Sample code has been attached
public class SecurityFilter implements ContainerRequestFilter {
private static final String LOGGER_NAME = "SecurityFilter";
private static final String CLASS_NAME = "SecurityFilter.java";
public void filter(ContainerRequestContext requestContext) throws IOException {
Logger.log(" requestContext: " + requestContext, LOGGER_NAME, CLASS_NAME, null, Logger.INFO, GroupId.ID);
String authHeader = requestContext.getHeaderString("Authorization");
if (authHeader == null || !authHeader.startsWith("Basic")) {
requestContext.abortWith(Response.status(401).header("WWW-Authenticate", "Basic").build());
String[] tokens = (new String(Base64.getDecoder().decode(authHeader.split(" ")[1]), "UTF-8")).split(":");
final String username = tokens[0];
final String password = tokens[1];
if (username.equals("admin") && password.equals("123")) {
// all good
} else {
requestContext.abortWith(Response.status(401).entity("Incorrect username or pass").build());
<!-- this should be the same URL pattern as the servlet-mapping property -->
<!-- Add Security for RESTful Web Services Using Basic Authentication -->
Note: The above content includes only the translated and formatted code parts from your input.
public class SecurityFilter implements ContainerRequestFilter {
private static final String LOGGER_NAME ="SecurityFilter";
private static final String CLASS_NAME ="SecurityFilter.java";
public void filter(ContainerRequestContext requestContext) throws IOException {
Logger.log(" requestContext: " + requestContext, LOGGER_NAME, CLASS_NAME, null, Logger.INFO, GroupId.ID);
String authHeader = requestContext.getHeaderString("Authorization");
if (authHeader == null || !authHeader.startsWith("Basic")) {
requestContext.abortWith(Response.status(401).header("WWW-Authenticate", "Basic").build());
String[] tokens = (new String(Base64.getDecoder().decode(authHeader.split(" ")[1]), "UTF-8")).split(":");
final String username = tokens[0];
final String password = tokens[1];
if (username.equals("admin") && password.equals("123")) {
// all good
else {
requestContext.abortWith(Response.status(401).entity("Incorrect username or pass").build());
I am using RestEasy jar along with Java 1.8.
can anybody guide me ?
I have implemented the basic auth but its not working so look into this.
my Web.xml is given below
<!-- this should be the same URL pattern as the servlet-mapping property -->
</exception-type >
<!-- Add Security for RESTful Web Services Using Basic Authentication -->
This is the web.xml file data.
beside this I have my end point
I need to implement basic auth to my end point to provide security.
I tried hard have not found any solution.
The ContainerRequestFilter looks like this
得分: 1
在这种情况下,您可以配置一个安全域(例如,通过一个简单的 realm.properties 文件),如此处所述:https://wiki.eclipse.org/Jetty/Tutorial/Realms
我猜想问题可能是过滤器没有正确地在 RESTeasy 中注册。您还可以在实际的服务中使用 @Context(javax.ws.rs.core.Context)进行检查。这将安全上下文作为参数注入:
public void foo(@Context SecurityContext sc) {
if (sc.isUserInRole(role))
Principal p = sc.getUserPrincipal();
同样,@Context 可用于注入 Request 对象,使您可以访问基本认证头信息。
If you'd just like to handle basic auth, there's no reason to implement the filter yourself. You could just use the built-in mechanism of the server as described here:
In this case, you configure a security realm (e.g. via a simple realm.properties file) as described here: https://wiki.eclipse.org/Jetty/Tutorial/Realms
I guess is that the filter is not registered with RESTeasy correctly. What you could also do is to do a check in the actual service using the @Context (javax.ws.rs.core.Context). This injects the security context as a parameter:
public void foo(@Context SecurityContext sc) {
if (sc.isUserInRole(role))
Principal p = sc.getUserPrincipal();
Likewise @Context can you be used to inject the Request object giving you access to the basic auth header.