Deadbolt - Play Framework - 如何使用控制器中的参数检查@RestrictedResource?
[英]Deadbolt - Play Framework - How to check a @RestrictedResource with parameters in a controller?
问题描述
With Deadbolt's module we can check the restrictedResource with a ressource name and parameters in the view. 
使用Deadbolt的模块,我们可以在视图中使用资源名称和参数检查restrictedResource。
For example in my view, I have it, and it works well: 例如,在我看来,我有它,它运作良好:
#{deadbolt.restrictedResource resourceKeys:['Domain'] , resourceParameters:['domainid':domain.id]}
<li><a href="@{Admin.showDomain(domain.id)}">${domain.title}</a></li>
#{/deadbolt.restrictedResource}
But in my controller, I just can check the ressource name but I don't find a way to check it in my RestrictedResourcesHandler passing the domainid with. 但是在我的控制器中,我只能检查资源名称,但是我找不到在我的RestrictedResourcesHandler中检查它的方法,并通过了domainid。
I am looking for a solution to do something like that: 我正在寻找一个类似的解决方案:
@RestrictedResource(name = {"Domain"}, params = {domainid})
public static void showDomain(String domainid)
{
}
Thanks in advance 提前致谢
2 个解决方案
解决方案1
4 已采纳 2012-07-25 07:55:45
It's not possible to have dynamic information in an annotation, but you can use params to define the name of an incoming value in the request. 在注释中不可能有动态信息,但您可以使用params在请求中定义传入值的名称。 However, this information isn't passed into the handler at the moment because it expects a map. 但是,此信息目前未传递到处理程序中,因为它需要映射。 While you can pass in a map of parameters from the restrictedResource tag, you can't do this from an annotation so an empty map is passed into the handler. 虽然您可以从restrictedResource标记传递参数映射,但您无法从注释中执行此操作,因此将空映射传递到处理程序中。
Your best approach here is to pull a well-known parameter name from the request object. 这里最好的方法是从请求对象中提取一个众所周知的参数名称。 I need to have a rethink about the best way to do this without breaking backwards compatibility. 我需要重新考虑在不破坏向后兼容性的情况下执行此操作的最佳方法。
Steve (author of Deadbolt) 史蒂夫(Deadbolt的作者)
解决方案2
1 2012-08-17 12:38:48
I've found a way the solved the problem, not the best I think, but it is the Steve Chaloner's solution (Deadbolt's creator), and it works. 我找到了解决问题的方法,而不是我想的最好的方法,但它是Steve Chaloner的解决方案(Deadbolt的创建者),并且它有效。
For example, if your Controller's method argument is named "id", and you want to check this id inside your checkAccess method : 例如,如果Controller的方法参数名为“id”,并且您想在checkAccess方法中检查此id:
// Controller's method :
@RestrictedResource(name = {"Domain"})
public static void showDomain(String id){}
Just check at the beginning of your checkAccess method the Map "resourceParameters" is empty, and use the request object to get the parameters: 只需检查checkAccess方法的开头,Map“resourceParameters”为空,并使用请求对象获取参数:
public AccessResult checkAccess(List<String> resourceNames,
Map<String, String> resourceParameters)
{
Map<String, String> hashm = new HashMap<String,String>();
if(resourceParameters != null && !resourceParameters.isEmpty()){
hashm = resourceParameters;
}else if(Http.Request.current().routeArgs!= null && !Http.Request.current().routeArgs.isEmpty()){
hashm = Http.Request.current().routeArgs;
}
}
Then just have to foreach your hashmap inside your checkAccess method to get your Controller's method argument and check the Access as you wish. 然后只需要在checkAccess方法中预览您的hashmap以获取Controller的方法参数并根据需要检查Access。
for (Map.Entry<String,String> mp : hashm.entrySet())
{
// Get the id argument
if(mp.getKey().equals("id"))
{
// Do something with the value..
mp.getValue()
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.