保护REST Jersey

Question

我正在尝试保护Tomcat上的Jersey服务，但从浏览器访问它时遇到了问题。我已经尝试了几个教程，但是没有人有一个正确的解决方案，所以如果你已经使用过REST，请告诉我问题在哪里。下面是我正在使用的配置文件：

web.xml

<security-constraint>
    <display-name>Security for Your Enterprise</display-name>
    <web-resource-collection>
        <web-resource-name>Your Enterprise web Security</web-resource-name>
        <description>Redirect all to SSL</description>
        <url-pattern>/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        <http-method>HEAD</http-method>
        <http-method>PUT</http-method>
        <http-method>OPTIONS</http-method>
        <http-method>TRACE</http-method>
        <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
        <description />
        <role-name>role1</role-name>
    </auth-constraint>
    <user-data-constraint>
        <description>Protection should be CONFIDENTIAL</description>
        <transport-guarantee>INTEGRAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
</login-config>
<security-role>
    <role-name>role1</role-name>
</security-role>

tomcat的sever.xml

<Connector
    clientAuth="false"
    minSpareThreads="5" maxSpareThreads="75"
    enableLookups="true" disableUploadTimeout="true"
    acceptCount="100"  maxThreads="200"
    port="8443"
    scheme="https"
    secure="true"
    SSLEnabled="true"
    keystoreFile="serverkey.keystore"
    keystorePass="pwd"
    protocol="HTTP/1.1"
    sslProtocol="TLS"
/>

tomcat用户：

<tomcat-users>
    <role rolename="role1"/>
    <user
        username="CN=10.0.25.21,OU=, O=, L=, ST=, C="
        password="pwd" roles="role1"
    />

Answer 1

将值更改为机密。