Jhipster网关用户如何才能仅从登录用户的服务中获取实体
[英]How Jhipster Gateway user can get the entities from a Service for the logged-in user ONLY
问题描述
I'm using jhipster microservices to build my project called Sport Stat application. 
我正在使用jhipster微服务来构建名为Sport Stat应用程序的项目。 I have used jhipster to generate the following spring boot backend only microservices: 我已经使用jhipster生成了以下仅Spring Boot后端微服务:
- PlayerStatService PlayerStatService
- LeagueService LeagueService
The PlayerStatService has several entities such as Sport, Skill, Player and so on. PlayerStatService具有多个实体,例如Sport,Skill,Player等。 Each player can have a list of Sessions, Targets and etc. 每个玩家都可以拥有会话,目标等列表。
Sports and Skills are all predefined. 运动和技能都是预先定义的。
I also have generated a gateway client that communicates with the above services securely. 我还生成了一个网关客户端,可以与上述服务安全地通信。 You can sign up and register yourself as a User on the Gateway (client). 您可以在网关(客户端)上注册并注册为用户。 A user can a be Coach who is monitoring his players. 用户可以是正在监视其玩家的Coach。 A coach can add a new player(s) and start monitoring and tracking their stats. 教练可以添加新球员,并开始监视和跟踪他们的状态。 A coach can have many players (one-to-many). 一个教练可以有很多球员(一对多)。
Logged-in users (Coaches) should view their players and their stats only, NOT everybody else's. 登录的用户(教练)应仅查看其球员及其统计信息,而不能查看其他人的统计信息。 I assume I can have entity relationship between Player and User so that I can use findByUserIsCurrentUser to get the current user players and stats. 我假设我可以在播放器和用户之间具有实体关系,以便可以使用findByUserIsCurrentUser来获取当前的用户播放器和统计信息。
I know this can be used easily if it a monolithic application. 我知道,如果它是整体应用程序,则可以轻松使用。
Problem: Because the User is generated by jhipster on gateway and Player is on PlayerStatService, I cannot create any relationship between them. 问题:因为用户是由网关上的jhipster生成的,而Player是在PlayerStatService上的,所以我无法在它们之间创建任何关系。 I get this error. 我得到这个错误。
Your entity cannot have a relationship with User because it's a gateway entity 您的实体与网关没有关系,因为它是网关实体
My Question: Is it possible to achieve such a thing by using the generated classes and objects (Service, Repository)? 我的问题:是否可以通过使用生成的类和对象(服务,存储库)来实现这一目标?
If not, how would you suggest, for example: to restrict Users to be able to get their own players ONLY? 如果不是,您将如何提出建议,例如:限制用户只能拥有自己的玩家? When calling the PlayerStatService RestAPI to get players how do you suggest I should incorporate the logged-in user in my query at the repository level? 在调用PlayerStatService RestAPI来获取玩家时,您如何建议我在存储库级别的查询中合并登录的用户?
EDITED: I am using JWT as Authentication 编辑:我正在使用JWT作为身份验证
1 个解决方案
解决方案1
0 2018-09-21 16:10:51
This cannot be done in gateway, it must be done in services and ideally only based on the data contained in the token: subject, roles or other claims so that your services don't need to query your gateway or auth provider. 这不能在网关中完成,必须在服务中完成,理想情况下只能基于令牌中包含的数据:主题,角色或其他声明,这样您的服务就无需查询网关或身份验证提供程序。
As you have seen this can't be done using relationships with User, however you can add a user_id simple field to your entities and match it against token's subject. 如您所见,使用与用户的关系无法做到这一点,但是您可以向您的实体添加一个user_id简单字段,并将其与令牌的主题进行匹配。
Roles are useful also to restrict access but if they are not enough to model that user is belonging to a team, you can add team_id as a claim to your token. 角色对于限制访问也很有用,但是如果它们不足以建模用户所属的团队,则可以将team_id添加为令牌的声明。 This way you can easily identify a coach because she/he has ROLE_COACH and for which team she/he is in this role. 这样,您就可以轻松确定教练,因为他/他拥有ROLE_COACH,并且她/他在哪个团队中担任该角色。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.