堆栈内存溢出
  简体   繁体   English

在实时Web应用程序中实现基于事件的授权的最佳方法是什么?

[英]What ist the best way to implement event based authorization in realtime web applications?

 原文  2014-07-21 18:47:01       javascript/ node.js/ websocket/ socket.io/ real-time

问题描述

I'm currently doing some research about the best way to implement event based authorization in a realtime web application. 我目前正在研究有关在实时Web应用程序中实现基于事件的授权的最佳方法的一些研究。 In comparison with a normal REST call based application, published events are some kind of API-calls that need to be authorized on the server as there are different types of authorization levels. 与基于普通REST调用的应用程序相比,已发布的事件是需要在服务器上进行授权的某种API调用,因为存在不同类型的授权级别。 In the current REST application authorization is handled in general in the first step (Token Validation) and then call based by checking the user rights against the required ones for the call. 在当前的REST应用程序中,通常在第一步(令牌验证)中处理授权,然后通过针对调用所需的权限检查用户权限来进行基于调用的调用。 Should this also be done that way in a realtime web application? 是否还应该在实时Web应用程序中以这种方式完成? Or is there some kind of mind-shift required in terms of application architecture? 还是在应用程序体系结构方面需要某种思维转变?

Code sample from the current application (maybe bad sample for realtime requirement, but it shows the kind of authorization that is required very well): 当前应用程序中的代码示例(对于实时性要求可能是不好的示例,但是它很好地显示了所需的授权类型): 

app.get('/api/profile/email', passport.authenticate('bearer', {
    session: false
}), authorize('user.profile.email.read'), function (req, res) {
    // Do something and respond
});

I'm looking forward for some great input from you guys! 我期待着你们的宝贵意见!

1 个解决方案

解决方案1
 0  2014-07-21 20:39:00

One of the ways I have done it (if using sockets lets say) is to use a token stored in redis after the initial login or a refreshed token. 我完成此操作的一种方法(如果说使用套接字)是在初始登录后使用存储在redis中的令牌或刷新的令牌。 It does a check on the token with authentication middleware to make sure it can continue or it sends an error. 它使用身份验证中间件对令牌进行检查,以确保它可以继续或发送错误。 If you code it right, you can pass the token, pull it out and check it using your middleware. 如果编码正确,则可以传递令牌,将其拉出并使用中间件进行检查。 

   io.use(function(socket,next){
       var token = socket.request._query.tokenOfImmortality;
       tokenHandler.verify(token,next); //Function handles checking redis for access
   }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Web应用程序中存储大型会话数据的最佳方法是什么? - What is the best way to store large session data in web applications? 缩放实时白板内容的最佳方法是什么 - What is the best way to scale contents of a realtime whiteboard 部署基于 javascript 的 Web 应用程序的最佳方法是什么? - What the best way to deploy javascript based web app? 实现窗口关闭事件的最佳方法 - The best way to implement window close event 实施Web 2.0导航系统的最佳方法 - Best way to implement a Web 2.0 navigation system 在Polymer Web应用程序中实现WebSocket的最佳方法 - Best way to implement websockets in Polymer web app 在Web应用程序中实施Greybox - Implement greybox in web applications 为Web应用程序实现空闲超时的最佳方法是什么(自动注销) - What is the best way to implement idle time out for web application (auto log off) OR和AND条件未按预期返回-实施它的最佳方法是什么? - OR and AND conditions not returning as expected - What is best way to implement it? 实现多个过滤器AngularJS的最佳方法是什么? - What is the best way to implement multiple filters AngularJS?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM