[英]Passing authorities and user principal from rest client to server spring boot
我必須從 rest 客戶端調用一個安全端點,在 controller 端,它需要從客戶端發送權限和用戶主體信息。
String endpoint="http://localhost:8096/polygons/34";
// endpoint="https://dop-int.edosdp.ericsson.se/polygon-manager/polygons/34";
HttpHeaders headers = new HttpHeaders();
headers.setBasicAuth("mahi", "ChangeM6");
headers.setConnection("keep-alive");
HttpEntity<String> httpEntity = new HttpEntity<String>(headers);
ResponseEntity<Long> exchange = restTemplate.exchange(endpoint,HttpMethod.GET, httpEntity, Long.class);
如何從客戶端發送至少一個角色(ADMIN 或 GUEST_USER)信息。 有什么辦法可以將所有用戶信息包裝在虛擬 session 中並將其發送給服務器。
謝謝,麻希
不可以。客戶端修改任何類型的 session 信息(包括 cookies)都是一個壞主意。只應允許服務器這樣做。
由於您的要求是檢查特定 url 上的用戶角色,您可以設置自定義請求 header 並在 controller 方法本身中檢查它:
示例代碼:
@GetMapping("/polygons")
public String getPolygons(HttpServletRequest request) {
String userRole = request.getHeader("user-role");
if(userRole != null && userRole.toLowerCase().equals("admin")) {
System.out.print("Role provided: " + userRole);
// ...
return "some-data";
}
System.out.print("Role not provided!");
return "error";
}
您還可以在請求正文中為發布請求設置用戶角色。
public class RequestParams {
private String userRole;
// ...
}
@PostMapping("/polygons")
public String getPolygons(@RequestBody RequestParams requestParams) {
String userRole = requestParams.getUserRole();
if(userRole != null && userRole.toLowerCase().equals("admin")) {
System.out.print("Role provided: " + userRole);
// ...
return "some-data";
}
System.out.print("Role not provided!");
return "error";
}
如果您的要求是檢查多個 url 上的用戶角色,那么您應該考慮編寫一個 servlet 過濾器。
編輯:
我想我過去也遇到過類似的情況。 我最終使用了 apache 的 httpclient 庫而不是 resttemplate。
這是一些示例代碼:
private List<OrganizationDTO> getUserOrgUnits(String loggedInUserId, String token) {
List<OrganizationDTO> userList = new ArrayList<OrganizationDTO>();
CloseableHttpClient httpClient = HttpClients.createDefault();
HttpGet httpGet = new HttpGet(getUserOrgUnitsApiURL());
try {
// Setting header
httpGet.setHeader("Authorization", "Bearer " + token);
httpGet.setHeader("Content-type", "application/json");
// Setting custom header
httpGet.setHeader(USERID_HEADER_NAME, loggedInUserId);
CloseableHttpResponse response = httpClient.execute(httpGet);
String result = EntityUtils.toString(response.getEntity());
JsonNode node = null;
ObjectMapper mapper = new ObjectMapper();
node = mapper.readTree(result);
Iterable<JsonNode> list = node.path("data");
for (JsonNode jsonNode : list) {
OrganizationDTO dto = mapper.treeToValue(jsonNode, OrganizationDTO.class);
userList.add(dto);
}
} catch (Exception e) {
log.error("getUserOrgUnits: Exception.");
e.printStackTrace();
}
return userList;
}
將主要用戶從一個 spring boot 微服務傳遞到另一個 springboot 微服務
[英]Passing principal user from one spring boot microservice to other springboot microservice
在Spring Boot OAuth 2中無法從主體對象獲取用戶詳細信息
[英]Not able to get user details from principal object in Spring boot OAuth 2
Spring Boot在Rest Client中授權用戶,但未在瀏覽器中授權用戶(Rest授權)
[英]Spring Boot Authorizes User In Rest Client, But Not In Browser (Rest Authorization)
Spring 啟動 Oauth 安全性 - 客戶端憑據授予類型中主體中的用戶(自定義信息)信息
[英]Spring boot Oauth security - User(custom info) info in the principal in Client Credentials grant type
Spring 啟動 - rest 客戶端來自 rest Z594C103F2C6E04C3D8AB059F0310E 接口C
[英]Spring boot - rest client from rest controller interface
Spring Boot-具有自簽名證書的客戶端服務器REST API
[英]Spring Boot - client server REST API with self-signed certificate
Spring 啟動 oauth2:無 userInfo 端點 - 如何直接在客戶端從 JWT 訪問令牌加載身份驗證(主體)
[英]Spring boot oauth2: No userInfo endpoint - How to load the authentication (Principal) from the JWT access token directly in the client
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.