stackoom
  简体   繁体   中英

How Jhipster Gateway user can get the entities from a Service for the logged-in user ONLY

 原文  2018-09-21 13:45:59       java/ spring-boot/ microservices/ jhipster

Question

I'm using jhipster microservices to build my project called Sport Stat application. I have used jhipster to generate the following spring boot backend only microservices:

  • PlayerStatService
  • LeagueService

The PlayerStatService has several entities such as Sport, Skill, Player and so on. Each player can have a list of Sessions, Targets and etc.

Sports and Skills are all predefined.

I also have generated a gateway client that communicates with the above services securely. You can sign up and register yourself as a User on the Gateway (client). A user can a be Coach who is monitoring his players. A coach can add a new player(s) and start monitoring and tracking their stats. A coach can have many players (one-to-many).

Logged-in users (Coaches) should view their players and their stats only, NOT everybody else's. I assume I can have entity relationship between Player and User so that I can use findByUserIsCurrentUser to get the current user players and stats.

I know this can be used easily if it a monolithic application.

Problem: Because the User is generated by jhipster on gateway and Player is on PlayerStatService, I cannot create any relationship between them. I get this error.

Your entity cannot have a relationship with User because it's a gateway entity

My Question: Is it possible to achieve such a thing by using the generated classes and objects (Service, Repository)?

If not, how would you suggest, for example: to restrict Users to be able to get their own players ONLY? When calling the PlayerStatService RestAPI to get players how do you suggest I should incorporate the logged-in user in my query at the repository level?

EDITED: I am using JWT as Authentication

1 answers

solution1
 0  2018-09-21 16:10:51

This cannot be done in gateway, it must be done in services and ideally only based on the data contained in the token: subject, roles or other claims so that your services don't need to query your gateway or auth provider.

As you have seen this can't be done using relationships with User, however you can add a user_id simple field to your entities and match it against token's subject.

Roles are useful also to restrict access but if they are not enough to model that user is belonging to a team, you can add team_id as a claim to your token. This way you can easily identify a coach because she/he has ROLE_COACH and for which team she/he is in this role.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I get logged user ID in JHipster : Not the Username How can I get the logged-in user's username using JDBCRealm? Accessing currently logged-in Drupal user from Java application In a Java thread running as root, how can we apply Unix rights specific to a logged-in user? CQ5: How can I propagate a logged-in user's security context to an integrated web application? In a Spring 3 controller, how can I check the permissions of the logged-in user and do certain actions conditionally? Android/MySQL: how can I display data based on the department associated with the logged-in user? How to find out the currently logged-in user in Spring Boot? How to get data from current logged user How to get the email from already logged user
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM