允许sdk支持多种身份验证方案的Java设计模式
[英]Java design pattern to allow sdk to support multiple authentication schemes
问题描述
I am designing an sdk/client library for a http api. 
我正在为http api设计一个sdk / client库。 The api support multiple authentication mechanisms: basic auth, oauth, digest etc. api支持多种身份验证机制:基本身份验证,oauth,摘要等。
My client library is simple at the moment like this: 我的客户端库目前很简单,如下所示:
public MyAPIRestClient implements MyAPIClient {
public MyAPIRestClient(String endpoint, String user, String pass){
login(user, pass)
}
public void login(String user, String pass){
//http code to login and get a cookie etc.
}
public Book getBook(String name){
// http code to get a book
}
}
What is the best design pattern to enable me to have multiple authentication mechanisms, without having to code all possible auth methods in the same client class? 什么是使我能够具有多种身份验证机制,而不必在同一客户端类中编写所有可能的身份验证方法的最佳设计模式是什么? And to enable future auth mechanisms to easily be injected? 为了使将来的身份验证机制易于注入?
3 个解决方案
解决方案1
2 2014-07-24 14:02:42
It is an odd thing to do you by yourself when this matter is very complex, difficult and has very good mature solutions including Apache Shiro and Spring Security. 当这个问题非常复杂,困难并且具有非常好的成熟解决方案(包括Apache Shiro和Spring Security)时,一个人做是一件奇怪的事。 But I assume it's just an exercise in design patterns. 但是我认为这只是设计模式中的一种练习。
I would probably go for the chain of responsibility pattern. 我可能会选择责任链模式。 Have a generic interface like: 具有如下通用接口:
interface Authenticator {
/**
* Analyze the request and return an Authentication object
* upon success, or null otherwise
*/
Authentication authenticate(HttpServletRequest request);
}
Implement it for each authentication mechanism, checking cookies, POST data or what have you. 为每种身份验证机制实施它,检查Cookie,POST数据或您拥有的内容。
Then, call them like: 然后,像这样称呼他们:
public Authentication authenticateRequest(HttpServletRequest request) {
for (Authenticator ator : supportedAuthenticators) {
Authentication a = ator.authenticate(request);
if (a != null) {
// Logged in successfully!
return a;
}
}
throw new LoginFailed();
}
解决方案2
1 已采纳 2014-07-24 14:17:29
The first thing that came to my mind is the strategy pattern: 我想到的第一件事是策略模式:
public abstract class Authenticator{ //or interface
public abstract boolean login(String user, String password);
}
The Authenticator is the pattern. Authenticator是模式。 You can extend/implement it with various authentication methods. 您可以使用各种身份验证方法来扩展/实现它。 In your main class you hold a specific pattern in a member, which you then call directly: 在您的主类中,您拥有一个成员中的特定模式,然后您可以直接调用该模式:
public class Main{
private Authenticator auth;
//choose auth in constructor or by choosing it in a List in some GUI
//and create an Object that extends/implements Authenticator
public void login(String user, String password){
if(auth.login(user, password)){
//do whatever is needed to complete login
}
}
}
This way you have minute control over which authentification method(s) are used. 这样,您就可以控制使用哪种身份验证方法。
If you change auth to an array or ArrayList, it is essentially the same as @Konrad Garus answer. 如果将auth更改为数组或ArrayList,则其本质上与@Konrad Garus答案相同。
解决方案3
0 2014-07-24 14:05:25
我建议使用一个具有基本身份验证方法签名的接口,并且实现类可以对这些身份验证方法进行不同的定义。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.