保护宁静的Web服务
[英]Protect rest ful web services
问题描述
I'm developing an application to search events. 
我正在开发一个用于搜索事件的应用程序。 I'm using backbone.js to build this application. 我正在使用bone.js来构建此应用程序。 I have some web services to get the information about the events. 我有一些Web服务来获取有关事件的信息。 For example, I have a web service to get all the events in database, another web service to get information about an event given an id, etc... I would to know if it is possible protect my web services, for that people can not access. 例如,我有一个Web服务可获取数据库中的所有事件,另一个Web服务可获取有关给定ID的事件的信息,等等...我想知道是否有可能保护我的Web服务,因为人们可以无法访问。
In my code I have a collection that have a url that corresponds a web service: 在我的代码中,我有一个具有与Web服务相对应的URL的集合:
ev.models.ImagemCollection = Backbone.Collection.extend({
url: 'http:/.../.../webservices/services/events/',
initialize: function(){
console.log("Collection Home Inicializado");
}
});
If I access the DevTools in web browser, with some search I can find url with web service, but I would like hide this information somehow. 如果我在Web浏览器中访问DevTools,则可以通过一些搜索找到带有Web服务的URL,但是我想以某种方式隐藏此信息。
Any idea? 任何想法?
1 个解决方案
解决方案1
0 2015-02-05 23:25:17
The RESTful routes are configured in your backend, and if you want to disallow users to access them, you need to create a filter on your backend route that is executed before the route is hit. RESTful路由是在后端配置的,如果要禁止用户访问它们,则需要在后端路由上创建一个过滤器,该过滤器在命中该路由之前执行。
This is the case when you (for example) want to only give access when the user authenticates. 例如,当您(例如)只希望在用户进行身份验证时才授予访问权限时就是这种情况。 The filter you apply on the route is custom, you can define it whichever way you want; 您在路线上应用的过滤器是自定义的,您可以根据需要定义它; in this case the filter checks the "authenticated" status. 在这种情况下,筛选器将检查“已认证”状态。
Whenever the user did not authenticate, your filter can then return a message from the backend, saying something like eg. 每当用户未通过身份验证时,您的过滤器就可以从后端返回一条消息,例如。 "You need to authenticate first." “您需要先进行身份验证。”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.