堆栈内存溢出
  简体   繁体   English

只允许管理员用户进入playframework admin crud区域

[英]letting only admin user to enter playframework admin crud area

 原文  2011-08-29 05:00:58       security/ authentication/ playframework/ admin

问题描述

I am trying out authentication using playframework's secure module.I have two users -one an admin,the other with normal previleges.They are defined as 我正在尝试使用playframework的安全模块进行身份验证。我有两个用户 - 一个是admin,另一个是普通的previleges。他们被定义为 

User(adminuser):
    email:   siteadmin@mysite.com
    password: secret
    isAdmin:  true
User(normaluser):
    email:   normaluser@gmail.com
    password: normalpass

I want only admin user to be able to login to the admin area and create entities using the crud interface.How should I go about this? 我只希望管理员用户能够使用crud界面登录管理区域并创建实体。我该怎么办呢? 

*       /admin          module:crud

brings up a login screen which adfter login from above two users ,take them to the admin area.How can I restrict entry to the admin area to only the admin user, and tell the normal user that he doesn't have enough rights to access the admin area? 打开登录屏幕,从以上两个用户登录后,将他们带到管理区域。如何限制管理区域只能输入管理员用户,并告诉普通用户他没有足够的权限访问管理区域?

2 个解决方案

解决方案1
 2  2011-08-29 08:04:28

I'm not yet familiar with the CRUD module, but in your controller you could use the annotation @Check("admin") . 我还不熟悉CRUD模块,但在你的控制器中你可以使用注释@Check(“admin”) This will ensure that before every call on the annotated method the security module will call the static boolean check(String) method in your own Security implementation class. 这将确保在每次调用带注释的方法之前,安全模块将在您自己的Security实现类中调用静态布尔检查(String)方法。 There you can simply check if the current user is admin and allow access or not. 在那里,您只需检查当前用户是否为管理员,是否允许访问。 See example below. 见下面的例子。 

public class MySecurity extends Secure.Security
{

.... other methods you should/could override ....

static boolean check(String profile)
{
   boolean result = false;
   if("admin".equalsIgnoreCase(profile))
   {
      User currentUser = User.find("byUsername", Security.connected()).first();
      result = currentUser.isAdmin;
   }

   return result;

}

Hope this helps. 希望这可以帮助。 /Richard /理查德

解决方案2
 2 已采纳  2011-08-29 11:27:36

Using CRUD, you can declare one controller per entity. 使用CRUD,您可以为每个实体声明一个控制器。 Then you can add the annotations needed for security. 然后,您可以添加安全性所需的注释。

For example, for User entity you will have this controller: 例如,对于用户实体,您将拥有此控制器: 

@Check("admin")
@With(Security.class)
@For(models.User.class)
public class Users extends controllers.CRUD {
}

In @With you have to point to the class extending Secure.Security. 在@With中,您必须指向扩展Secure.Security的类。 For example: 例如: 

public class Security extends Secure.Security {

    static boolean authenticate(String username, String password) {
        return User.connect(email, password) != null;
    }

    static boolean check(String profile) {
        if("admin".equals(profile)) {
            return User.all().filter("email", connected()).get().isAdmin;
        }
        return false;
    }

    static void onDisconnected() {
        Application.index();
    }

    static void onAuthenticated() {
        Admin.index();
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP 5 - 保护站点的管理区域 - PHP 5 - Securing an admin area of a site OSGi:条件权限管理员或用户管理员 - OSGi: Conditional Permission Admin OR User Admin Laravel:管理员和用户的安全 - Laravel: Security For ADMIN and USER 提供管理区域的公共链接 - 坏主意? - Providing a public link to an admin area - bad idea? 公共区域中的Symfony2管理令牌 - Symfony2 admin token in public area NGINX 限制 wordpress 上的管理区域,但允许 wp-admin/admin-ajax.php? - NGINX restrict admin area on wordpress but allow wp-admin/admin-ajax.php? 当CRUD方法受@Check('admin')保护时,实现“注册/注册”吗? - Implementing “Sign Up/Register,” when CRUD methods are protected with @Check('admin')? Spring 安全性 - 仅适用于管理员的端点 - Spring security - endpoint only for admin 将用户和管理员帐户分开更安全吗? - Separating user and admin accounts safer? 如何检查用户是否为admin SECURE - How to check if an user is an admin SECURE
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM