[英]How do I hide worklight adapter procedures from client, but visible to the server?
I have a SQL Worklight Adapter with procedures that should not be exposed to anything except my http Worklight Adapter. 我有一个SQL Worklight Adapter,其过程除我的http Worklight Adapter外,不应暴露于其他任何程序。 I cannot have the procedures as private functions in the http adapter since you cannot mix SQL calls and HTTP calls in the same adapter. 我无法在http适配器中将这些过程作为私有功能使用,因为您无法在同一适配器中混合使用SQL调用和HTTP调用。
I have considered defining a security test to only let invocations coming from the server use it, is there a secure way to do this? 我考虑过将安全测试定义为仅允许来自服务器的调用使用它,是否有安全的方法来执行此操作? Is there any other approach I should use? 我还应该使用其他方法吗?
I use Worklight 6.2.0 CLI version. 我使用Worklight 6.2.0 CLI版本。
You could use a "poor-man's" security approach, code all your DB adapters to take an extra parameter, require that parameter to take some value that only the server can supply. 您可以使用“穷人”的安全性方法,对所有数据库适配器进行编码以采用一个额外的参数,要求该参数采用某些仅服务器可以提供的值。
Using a security-test can surely be made to work, I'm just not sure how much work it will be. 使用安全测试肯定可以正常工作,但我不确定它会进行多少工作。 So far as I know you don't have the ability on the server to install a ChallengeHandler, and hence use the simple authentication patterns in the tutorials. 据我所知,您无法在服务器上安装ChallengeHandler,因此无法使用本教程中的简单身份验证模式。 So I think you'd be into writing your own Realm. 所以我认为您会写自己的Realm。
My question would be whether there is real value in doing this. 我的问题是这样做是否有真正的价值。 Suppose instead you just protected all your adapter procedures with the same security test (and that's much easier because the standard ChallengeHandler patterns work because the procedure client is in the WL.CLient space). 假设您只是使用相同的安全性测试来保护所有适配器过程(这要容易得多,因为标准的ChallengeHandler模式可以工作,因为过程客户端位于WL.CLient空间中)。 Now only clients authorised to use the HTTP adapters can use the SQL adapters. 现在,只有被授权使用HTTP适配器的客户端才能使用SQL适配器。 What extra privilege have they gained by going direct to the SQL adapter? 通过直接进入SQL适配器,他们获得了哪些额外的特权? If you are doing some additional security checks in the HTTP adapter perhaps this needs refactoring into the security layer or some common functions. 如果要在HTTP适配器中进行其他一些安全检查,则可能需要将其重构为安全层或某些常用功能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.