[英]Authenticate all API Endpoints in Google App Engine
I have the following Google Cloud Endpoints API, and I want it accesible only for authenticated users with certain role. 我具有以下Google Cloud Endpoints API,并且我希望它仅对具有特定角色的经过身份验证的用户可用。
Few lines of code says much more than a thousand words: 很少有几行代码说出一千多个单词:
import com.google.appengine.api.users.User;
@Api(
name = "heroesApi",
version = "v1",
clientIds = {...},
scopes = {...},
audiences = {...},
namespace = @ApiNamespace(
ownerDomain = "my.domain.com",
ownerName = "my.domain.com",
packagePath=""
)
)
public class HeroesApi {
// THIS IS THE FUNCTION THAT I DON´T KNOW WHERE TO PUT
/**
* Validates that the user is logged in with a specific role
* @param user
* @throws UnauthorizedException
* @throws ForbiddenException
*/
private void validateUser(User user) throws UnauthorizedException, ForbiddenException {
IUserController userController = ControllerFactory.get.userController();
if (user == null) {
throw new ForbiddenException("You must be logged in, my friend.");
} else if (!userController.isLoggedAsSuperHero(user)) {
throw new UnauthorizedException("You must be logged in as a Superhero.");
}
}
// API METHODS
@ApiMethod(path = "something", httpMethod = ApiMethod.HttpMethod.PUT)
public DoneTask doSomething(Some thing, User superhero) throws UnauthorizedException, ForbiddenException {
// this is what I want to avoid on each function
this.validateUser(superhero);
// Now I'll do something special
IUserController userController = ControllerFactory.get.userController();
return userController.doSome(thing);
}
// MORE GORGEOUS METHODS JUST FOR SUPERHEROES, SO I HAVE TO PERFORM THE VALIDATION...
}
I have though about adding a filter through the web.xml file for all request to /api/heroesApi/*, but the problem there is how to catch the Google Appengine Api User. 我虽然要通过web.xml文件为/ api / heroesApi / *添加所有请求的过滤器,但是问题是如何捕获Google Appengine Api用户。
Isn´t there something provided by Google to do this? Google是否没有提供某些服务来做到这一点?
Any suggestion to avoid the repeated call to validateUser(User)
is welcome 欢迎提供任何避免重复调用
validateUser(User)
的建议
Google Cloud Endpoints doesn't supper roles by default , so your application have to build role concept, and you have to write filter and get current user and check against the roles maintained in your end Google Cloud Endpoints默认情况下不提供角色,因此您的应用程序必须构建角色概念,并且您必须编写过滤器并获取当前用户并对照最终维护的角色进行检查
To get current user in the filter, try this https://cloud.google.com/appengine/docs/java/oauth/ 要在过滤器中获取当前用户,请尝试使用此https://cloud.google.com/appengine/docs/java/oauth/
I haven't tested this , but am sure you can get the current user using the UserService Api in appengine as long as your system uses google account as authentication. 我尚未对此进行测试,但是只要您的系统使用google帐户进行身份验证,就可以确保您可以使用appengine中的UserService Api获取当前用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.