Question

我已经定义了一个名为retrieve

的远程方法

以及以下角色admin，barkeeper。

模型acl是

"acls": [
{
  "accessType": "*",
  "principalType": "ROLE",
  "principalId": "$everyone",
  "permission": "DENY"
},
{
  "accessType": "*",
  "principalType": "ROLE",
  "principalId": "admin",
  "permission": "ALLOW"
},
{
  "accessType": "EXECUTE",
  "principalType": "ROLE",
  "principalId": "barkeeper",
  "permission": "ALLOW",
  "property": "retrieve"
}
],

问题在于，当我以admin用户或barkeeper用户身份登录并致电/retrieve时，我获得了401

有什么想法吗？

编辑：

环回日志显示：

loopback:security:access-context ---AccessContext---
loopback:security:access-context principals:
loopback:security:access-context principal: {"type":"USER","id":"583adfd78753a610006c586b"}
loopback:security:access-context modelName Order
loopback:security:access-context modelId undefined
loopback:security:access-context property retrieve
loopback:security:access-context method retrieve
loopback:security:access-context accessType READ
loopback:security:access-context accessToken:
loopback:security:access-context   id "wm54iPCZuOYWBYujAHFKloo4GWHq3ceDvDaRui1YjOlDLxeQWznQ3cRdolWHu0sc"
loopback:security:access-context   ttl 1209600
loopback:security:access-context getUserId() 583adfd78753a610006c586b
loopback:security:access-context isAuthenticated() true
loopback:security:role Custom resolver found for role $everyone
loopback:security:role isInRole(): admin
loopback:security:access-context ---AccessContext---
loopback:security:access-context principals:
loopback:security:access-context principal: {"type":"USER","id":"583adfd78753a610006c586b"}
loopback:security:access-context modelName Order
loopback:security:access-context modelId undefined
loopback:security:access-context property retrieve
loopback:security:access-context method retrieve
loopback:security:access-context accessType READ
loopback:security:access-context accessToken:
loopback:security:access-context   id "wm54iPCZuOYWBYujAHFKloo4GWHq3ceDvDaRui1YjOlDLxeQWznQ3cRdolWHu0sc"
loopback:security:access-context   ttl 1209600
loopback:security:access-context getUserId() 583adfd78753a610006c586b
loopback:security:access-context isAuthenticated() true
loopback:security:role isInRole(): admin
loopback:security:access-context ---AccessContext---
loopback:security:access-context principals:
loopback:security:access-context principal: {"type":"USER","id":"583adfd78753a610006c586b"}
loopback:security:access-context modelName Order
loopback:security:access-context modelId undefined
loopback:security:access-context property retrieve
loopback:security:access-context method retrieve
loopback:security:access-context accessType READ
loopback:security:access-context accessToken:
loopback:security:access-context   id "wm54iPCZuOYWBYujAHFKloo4GWHq3ceDvDaRui1YjOlDLxeQWznQ3cRdolWHu0sc"
loopback:security:access-context   ttl 1209600
loopback:security:access-context getUserId() 583adfd78753a610006c586b
loopback:security:access-context isAuthenticated() true
loopback:security:role isInRole(): barkeeper
loopback:security:access-context ---AccessContext---
loopback:security:access-context principals:
loopback:security:access-context principal: {"type":"USER","id":"583adfd78753a610006c586b"}
loopback:security:access-context modelName Order
loopback:security:access-context modelId undefined
loopback:security:access-context property retrieve
loopback:security:access-context method retrieve
loopback:security:access-context accessType READ
loopback:security:access-context accessToken:
loopback:security:access-context   id "wm54iPCZuOYWBYujAHFKloo4GWHq3ceDvDaRui1YjOlDLxeQWznQ3cRdolWHu0sc"
loopback:security:access-context   ttl 1209600
loopback:security:access-context getUserId() 583adfd78753a610006c586b
loopback:security:access-context isAuthenticated() true
loopback:security:role Role found: {"id":"583adfd78753a610006c586a","name":"admin","created":"2016-11-27T13:29:58.664Z","modified":"2016-11-27T13:29:58.664Z"}
loopback:security:role Role found: {"id":"583adfd78753a610006c586a","name":"admin","created":"2016-11-27T13:29:58.664Z","modified":"2016-11-27T13:29:58.664Z"}
loopback:security:role Role found: {"id":"583adfd78753a610006c586d","name":"barkeeper","created":"2016-11-27T13:29:58.665Z","modified":"2016-11-27T13:29:58.665Z"}
loopback:security:role Role mapping found: null
loopback:security:role isInRole() returns: null
loopback:security:role Role mapping found: null
loopback:security:role isInRole() returns: null
loopback:security:role Role mapping found: null
loopback:security:role isInRole() returns: null
loopback:security:acl The following ACLs were searched: 
loopback:security:acl ---ACL---
loopback:security:acl model Order
loopback:security:acl property *
loopback:security:acl principalType ROLE
loopback:security:acl principalId $everyone
loopback:security:acl accessType *
loopback:security:acl permission DENY
loopback:security:acl with score: 7495
loopback:security:acl ---Resolved---
loopback:security:access-context ---AccessRequest---
loopback:security:access-context  model Order
loopback:security:access-context  property retrieve
loopback:security:access-context  accessType READ
loopback:security:access-context  permission DENY
loopback:security:access-context  isWildcard() false
loopback:security:access-context  isAllowed() false
Unhandled error for request GET /Orders/retrieve?access_token=wm54iPCZuOYWBYujAHFKloo4GWHq3ceDvDaRui1YjOlDLxeQWznQ3cRdolWHu0sc: Error: Authorization Required

如果用户具有管理员角色，为什么要使用该ACL进行解析？

Answer 1

您在哪里为用户及其角色创建管理员和管理员角色以及RoleMappings？

即，In the documentation example用户被创建为一次性操作，然后创建角色和 RoleMappings。

在您的日志中，您可以看到您的用户似乎没有任何RoleMapping（箭头），即使角色显然在那里：

loopback:security:role Role found: {"id":"583adfd78753a610006c586a","name":"admin","created":"2016-11-27T13:29:58.664Z","modified":"2016-11-27T13:29:58.664Z"}
loopback:security:role Role found: {"id":"583adfd78753a610006c586a","name":"admin","created":"2016-11-27T13:29:58.664Z","modified":"2016-11-27T13:29:58.664Z"}
loopback:security:role Role found: {"id":"583adfd78753a610006c586d","name":"barkeeper","created":"2016-11-27T13:29:58.665Z","modified":"2016-11-27T13:29:58.665Z"}
loopback:security:role Role mapping found: null   <------- 
loopback:security:role isInRole() returns: null   <------- 
loopback:security:role Role mapping found: null   <------- 
loopback:security:role isInRole() returns: null   <------- 
loopback:security:role Role mapping found: null   <------- 
loopback:security:role isInRole() returns: null   <-------

将这些RoleMappings分配给用户的代码可能存在错误。

远程方法上的Loopback.io 401？

1 个答案: