[英]Authenticate all API Endpoints in Google App Engine
我具有以下Google Cloud Endpoints API,並且我希望它僅對具有特定角色的經過身份驗證的用戶可用。
很少有幾行代碼說出一千多個單詞:
import com.google.appengine.api.users.User;
@Api(
name = "heroesApi",
version = "v1",
clientIds = {...},
scopes = {...},
audiences = {...},
namespace = @ApiNamespace(
ownerDomain = "my.domain.com",
ownerName = "my.domain.com",
packagePath=""
)
)
public class HeroesApi {
// THIS IS THE FUNCTION THAT I DON´T KNOW WHERE TO PUT
/**
* Validates that the user is logged in with a specific role
* @param user
* @throws UnauthorizedException
* @throws ForbiddenException
*/
private void validateUser(User user) throws UnauthorizedException, ForbiddenException {
IUserController userController = ControllerFactory.get.userController();
if (user == null) {
throw new ForbiddenException("You must be logged in, my friend.");
} else if (!userController.isLoggedAsSuperHero(user)) {
throw new UnauthorizedException("You must be logged in as a Superhero.");
}
}
// API METHODS
@ApiMethod(path = "something", httpMethod = ApiMethod.HttpMethod.PUT)
public DoneTask doSomething(Some thing, User superhero) throws UnauthorizedException, ForbiddenException {
// this is what I want to avoid on each function
this.validateUser(superhero);
// Now I'll do something special
IUserController userController = ControllerFactory.get.userController();
return userController.doSome(thing);
}
// MORE GORGEOUS METHODS JUST FOR SUPERHEROES, SO I HAVE TO PERFORM THE VALIDATION...
}
我雖然要通過web.xml文件為/ api / heroesApi / *添加所有請求的過濾器,但是問題是如何捕獲Google Appengine Api用戶。
Google是否沒有提供某些服務來做到這一點?
歡迎提供任何避免重復調用validateUser(User)
的建議
Google Cloud Endpoints默認情況下不提供角色,因此您的應用程序必須構建角色概念,並且您必須編寫過濾器並獲取當前用戶並對照最終維護的角色進行檢查
要在過濾器中獲取當前用戶,請嘗試使用此https://cloud.google.com/appengine/docs/java/oauth/
我尚未對此進行測試,但是只要您的系統使用google帳戶進行身份驗證,就可以確保您可以使用appengine中的UserService Api獲取當前用戶。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.