我有以下Google Cloud Endpoints API,我希望它仅对具有特定角色的经过身份验证的用户可访问。
几行代码说的不止一千个字:
mail我有关于通过web.xml文件为/ api / heroesApi / *的所有请求添加过滤器,但问题是如何捕获Google Appengine Api用户。
谷歌没有提供这样做的东西吗?
欢迎任何避免重复拨打import com.google.appengine.api.users.User;
@Api(
name = "heroesApi",
version = "v1",
clientIds = {...},
scopes = {...},
audiences = {...},
namespace = @ApiNamespace(
ownerDomain = "my.domain.com",
ownerName = "my.domain.com",
packagePath=""
)
)
public class HeroesApi {
// THIS IS THE FUNCTION THAT I DON´T KNOW WHERE TO PUT
/**
* Validates that the user is logged in with a specific role
* @param user
* @throws UnauthorizedException
* @throws ForbiddenException
*/
private void validateUser(User user) throws UnauthorizedException, ForbiddenException {
IUserController userController = ControllerFactory.get.userController();
if (user == null) {
throw new ForbiddenException("You must be logged in, my friend.");
} else if (!userController.isLoggedAsSuperHero(user)) {
throw new UnauthorizedException("You must be logged in as a Superhero.");
}
}
// API METHODS
@ApiMethod(path = "something", httpMethod = ApiMethod.HttpMethod.PUT)
public DoneTask doSomething(Some thing, User superhero) throws UnauthorizedException, ForbiddenException {
// this is what I want to avoid on each function
this.validateUser(superhero);
// Now I'll do something special
IUserController userController = ControllerFactory.get.userController();
return userController.doSome(thing);
}
// MORE GORGEOUS METHODS JUST FOR SUPERHEROES, SO I HAVE TO PERFORM THE VALIDATION...
}
的建议
答案 0 :(得分:0)
默认情况下,Google Cloud Endpoints不会超级角色,因此您的应用程序必须构建角色概念,您必须编写过滤器并获取当前用户并检查最终维护的角色
要获取过滤器中的当前用户,请尝试此操作 https://cloud.google.com/appengine/docs/java/oauth/
我没有对此进行过测试,但只要您的系统使用Google帐户作为身份验证,我相信您可以使用Appengine中的UserService Api来获取当前用户。